Lucene search
K

9 matches found

NVD
NVD
added 2025/10/30 10:15 a.m.1 views

CVE-2025-54470

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

8.6CVSS0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:38 a.m.3 views

CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

8.6CVSS6.2AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 9:38 a.m.9 views

CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS

This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...

8.6CVSS0.00179EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 9:38 a.m.18 views

CVE-2025-54470

Summary: CVE-2025-54470 affects NeuVector telemetry sender when the “Report anonymous cluster data” option is enabled. The root cause is failure to verify the telemetry server’s TLS certificate and hostname, enabling MITM attacks, and unbounded in-memory loading of the server response, enabling p...

8.6CVSS6.2AI score0.00179EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/21 8:25 p.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in transmission of telemetry data. An attacker can perform a man-in-the-middle attack to intercept or modify data in transit. Additionally, they can exhaust system memory by returning oversized responses...

9.8CVSS6.9AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2025/10/21 8:25 p.m.4 views

GHSA-QQJ3-G7MX-5P4W NeuVector telemetry sender is vulnerable to MITM and DoS

Impact This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server at https://upgrades.neuvector-upgrade-responder.livestock.rancher.io. In affected...

8.6CVSS6.6AI score0.00179EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.1 views

PT-2024-40453 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue allows attackers to exploit session fixation. When a user authenticates while there is existing anonymous session data, the session id remains unchanged. This enables attackers to...

7.1CVSS6.7AI score
Exploits0References7
CNVD
CNVD
added 2016/03/08 12:0 a.m.3 views

Google Chrome Blink Denial of Service Vulnerability (CNVD-2016-01503)

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A security vulnerability exists in the WebKit/Source/core/layout/LayoutBlock.cpp file in Blink, used in versions of Google Chrome prior to...

9.3CVSS8.8AI score0.02121EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2009/03/27 12:7 a.m.12 views

Researchers can ID anonymous Twitterers

By Robert McMillan, IDG News Service Researchers at the University of Texas at Austin have taken a close look at the way anonymous data can be analyzed and have come to some troubling conclusions infoworld.com. In a paper 33bits.org set to be delivered at an upcoming security conference, they...

2.4AI score
Exploits0References4
Rows per page
Query Builder