CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 7:32 a.m.•5 views

CVE-2024-22170

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Western Digital My Cloud ddns-start on Linux allows Overflow Buffers.This issue affects My Cloud: before 5.29.102...

9.2CVSS6.9AI score0.00193EPSS

RedhatCVE•added 2025/05/22 10:51 p.m.•4 views

CVE-2022-30984

A buffer overflow vulnerability in the Rubrik Backup Service RBS Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent...

7.8CVSS7.2AI score0.00046EPSS

RedhatCVE•added 2025/05/22 5:37 p.m.•20 views

CVE-2020-36695

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux Device Manager Server component, Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID,...

7.8CVSS7AI score0.00049EPSS

RedhatCVE•added 2025/05/22 12:9 a.m.•4 views

CVE-2009-3090

Unspecified vulnerability in IBM Tivoli Directory Server TDS 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However...

5CVSS6.9AI score0.00572EPSS

RedhatCVE•added 2025/05/21 6:23 p.m.•3 views

CVE-1999-0390

Buffer overflow in Dosemu Slang library in Linux...

7.2CVSS7.3AI score0.00071EPSS

RedhatCVE•added 2025/05/21 6:8 p.m.•2 views

CVE-1999-0398

In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login...

4.6CVSS6.9AI score0.00082EPSS

OpenVAS•added 2025/05/19 12:0 a.m.•16 views

VMware Spring Framework < 5.3.43, 6.0.x < 6.0.28, 6.1.x < 6.1.20, 6.2.x < 6.2.7 Authorization Bypass Vulnerability - Linux

The VMware Spring Framework is prone to an authorization bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

3.1CVSS7.7AI score0.00083EPSS

OpenVAS•added 2025/05/16 12:0 a.m.•9 views

Python Use After Free Vulnerability (May 2025) - Linux

Python is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...

5.9CVSS5.5AI score0.00209EPSS

Exploits0References5

Broadcom•added 2025/05/14 12:0 a.m.•50 views

Branch Predictor Race Conditions (CVE-2024-45332)

Brocade is aware of Branch Privilege Injection: Exploiting Branch Predictor Race Conditions vulnerability CVE-2024-45332. Detail Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some...

5.7CVSS6.3AI score0.00207EPSS

IBM Security Bulletins•added 2025/05/12 12:16 p.m.•14 views

Security Bulletin: On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file, affects watsonx.data

Summary Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDB...

7.8CVSS6.9AI score0.00154EPSS

Exploits0Affected Software1

Cvelist•added 2025/05/06 4:57 p.m.•15 views

CVE-2025-32022 Finit has heap based buffer overwrite in urandom.so plugin

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects...

4.6CVSS0.00071EPSS

Debian CVE•added 2025/05/06 4:57 p.m.•5 views

CVE-2025-32022

4.6CVSS5.7AI score0.00071EPSS

CVE•added 2025/05/06 4:57 p.m.•62 views

CVE-2025-32022

CVE-2025-32022 concerns Finit’s urandom plugin, a heap-buffer overwrite at boot in the urandom.so module. The vulnerability affects Finit 4.2 and later unless the plugin is disabled at build time, with the plugin enabled by default. The overwrite can overwrite other heap regions, potentially caus...

4.6CVSS4.9AI score0.00071EPSS

RedhatCVE•added 2025/05/01 11:12 p.m.•9 views

CVE-2025-29906

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the tty configuration directive that can bypass /bin/login, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.1...

8.6CVSS6.8AI score0.00016EPSS

Debian CVE•added 2025/04/29 10:17 p.m.•3 views

CVE-2025-29906

8.6CVSS5.3AI score0.00016EPSS

Cvelist•added 2025/04/29 10:17 p.m.•21 views

CVE-2025-29906 Finit bundled getty can bypass /bin/login

8.6CVSS0.00016EPSS

Vulnrichment•added 2025/04/29 10:17 p.m.•4 views

CVE-2025-29906 Finit bundled getty can bypass /bin/login

8.6CVSS6.9AI score0.00016EPSS

Securelist•added 2025/04/29 10:0 a.m.•17 views

Outlaw cybergang attacking targets worldwide

Introduction In a recent incident response case in Brazil, we dealt with a relatively simple, yet very effective threat focused on Linux environments. Outlaw also known as "Dota" is a Perl-based crypto mining botnet that typically takes advantage of weak or default SSH credentials for its...

8.1AI score