Lucene search
+L

215 matches found

NVD
NVD
added 2025/03/07 5:15 p.m.27 views

CVE-2025-0162

IBM Aspera Shares 1.9.9 through 1.10.0 PL7 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

7.1CVSS0.00465EPSS
Exploits0References1
OSV
OSV
added 2025/02/26 1:55 a.m.12 views

CVE-2022-49190 kernel/resource: fix kfree() of bootmem memory again

In the Linux kernel, the following vulnerability has been resolved: kernel/resource: fix kfree of bootmem memory again Since commit ebff7d8f270d "mem hotunplug: fix kfree of bootmem memory", we could get a resource allocated during boot via allocresource. And it's required to release the resource...

5.5CVSS5.9AI score0.0025EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2025/02/18 6:27 p.m.21 views

CVE-2025-26465 Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS6.6AI score0.06997EPSS
Exploits4References8
AlpineLinux
AlpineLinux
added 2025/02/18 6:27 p.m.28 views

CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS6.7AI score0.06997EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/02/18 11:22 a.m.14 views

CVE-2025-26465

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. Fo...

6.8CVSS6.4AI score0.06997EPSS
Exploits4References3
CNVD
CNVD
added 2025/02/18 12:0 a.m.8 views

Unspecified Vulnerability in F5 BIG-IP PEM

F5 BIG-IP PEM is a policy enforcer used in BIG-IP from F5 USA. A security vulnerability exists in the F5 BIG-IP PEM due to a Diameter Endpoint profile that can be exploited by an attacker to cause the virtual server to stop processing new client connections and cause an increase in memory resourc...

8.7CVSS6.6AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/07 6:3 p.m.10 views

CVE-2025-21091

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.8AI score0.00436EPSS
Exploits0References3
NVD
NVD
added 2025/02/05 6:15 p.m.15 views

CVE-2025-24326

When BIG-IP Advanced WAF/ASM Behavioral DoS BADoS TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.9CVSS0.00393EPSS
Exploits0References1
NVD
NVD
added 2025/02/05 6:15 p.m.14 views

CVE-2025-22891

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

8.7CVSS0.00396EPSS
Exploits0References1
NVD
NVD
added 2025/02/05 6:15 p.m.14 views

CVE-2025-21091

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/05 5:31 p.m.11 views

CVE-2025-24326 BIG-IP Advanced WAF/ASM BADoS vulnerability

When BIG-IP Advanced WAF/ASM Behavioral DoS BADoS TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.9CVSS6.9AI score0.00393EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/05 5:31 p.m.21 views

CVE-2025-24326 BIG-IP Advanced WAF/ASM BADoS vulnerability

When BIG-IP Advanced WAF/ASM Behavioral DoS BADoS TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.9CVSS0.00393EPSS
Exploits0References1
CVE
CVE
added 2025/02/05 5:31 p.m.78 views

CVE-2025-24326

The CVE-2025-24326 issue affects BIG-IP ASM with BADoS (Behavioral DoS) TLS Signatures. When this feature is enabled, undisclosed traffic can cause memory resource utilization to increase, degrading system performance and potentially leading to DoS if processes are restarted. Affected BIG-IP ASM ...

8.9CVSS7.6AI score0.00393EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/05 5:31 p.m.12 views

CVE-2025-22891 BIG-IP PEM Vulnerability

When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an increase in memory resource utilization. Note: Software versions which have reached End of Technica...

8.7CVSS6.8AI score0.00396EPSS
Exploits0References1
CVE
CVE
added 2025/02/05 5:31 p.m.77 views

CVE-2025-22891

CVE-2025-22891 affects BIG-IP PEM: when the PEM Control Plane Listener virtual server is configured with a Diameter Endpoint profile, undisclosed traffic can cause the virtual server to stop processing new client connections and increase memory usage, potentially disrupting traffic. Remediation i...

8.7CVSS7.5AI score0.00396EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/05 5:31 p.m.9 views

CVE-2025-21091 BIG-IP SNMP vulnerability

When SNMP v1 or v2c are disabled on the BIG-IP, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.9AI score0.00436EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2025/02/05 1:45 p.m.12 views

K000139778: BIG-IP PEM vulnerability CVE-2025-22891

Security Advisory Description When a BIG-IP PEM Control Plane Listener virtual server is configured with a Diameter Endpoint profile, undisclosed traffic can cause the virtual server to stop processing new client connections and cause an increase in memory resource utilization. CVE-2025-22891...

8.7CVSS6.4AI score0.00396EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/02/05 10:58 a.m.29 views

CVE-2024-49352 IBM Cognos Anaytics XML external entity injection

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory...

7.1CVSS0.00464EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.6 views

F5 Networks BIG-IP : BIG-IP PEM vulnerability (K000139778)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.5 / 17.1.2 / Hotfix- BIGIP-15.1.10.6.0.11.6-ENG.iso. It is, therefore, affected by a vulnerability as referenced in the K000139778 advisory. When a BIG-IP PEMControl Plane Listenervirtual server is configured with...

8.7CVSS6AI score0.00396EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.5 views

F5 Networks BIG-IP : BIG-IP message routing vulnerability (K000140947)

The version of F5 Networks BIG-IP installed on the remote host is prior to 16.1.6 / 17.1.2 / Hotfix- BIGIP-15.1.10.6.0.11.6-ENG.iso / Hotfix-BIGIP-16.1.5.2.0.7.5-ENG.iso. It is, therefore, affected by a vulnerability as referenced in the K000140947 advisory. When a BIG-IP message routing profile ...

8.9CVSS6AI score0.00393EPSS
Exploits0References2
Rows per page
Query Builder