CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/02/08 7:13 a.m.•12 views

BIT-GOLANG-2025-22866 Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private...

4CVSS5AI score0.00272EPSS

Exploits0References6

RedhatCVE•added 2025/02/08 4:56 a.m.•18 views

CVE-2025-22866

A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leaka...

5.3CVSS4.9AI score0.00272EPSS

Exploits0References7

F5 Networks•added 2025/02/06 8:2 p.m.•9 views

K000149683: Python asyncio vulnerability CVE-2024-12254

Security Advisory Description Starting in Python 3.12.0, the asyncio.SelectorSocketTransport.writelines method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodicall...

8.7CVSS7.9AI score0.01844EPSS

vulnersOsv•added 2025/02/06 12:31 p.m.•6 views

org.apache.james.examples:custom-imap (>=3.8.0 <=3.8.1), org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1) +15 more potentially affected by CVE-2024-37358 via org.apache.james.protocols:protocols-imap (>=3.8.0 <=3.8.1)

org.apache.james.protocols:protocols-imap MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-37358 Source advisory: OSV:GHSA-56JP-W6VW-J3JW...

8.6CVSS5.8AI score0.00802EPSS

vulnersOsv•added 2025/02/06 12:31 p.m.•14 views

org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-antlib (>=3.0.0 <=3.0.1) +31 more potentially affected by CVE-2024-37358 via org.apache.james.protocols:protocols-imap (>=3.0.0-RC1 <=3.7.5)

org.apache.james.protocols:protocols-imap MAVEN version =3.0.0-RC1, =3.7.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.4.0, =3.0.0, =3.0.0, =3.7.0, =3.0.0, =3.0.0, =3.6.2 and more Source cves: CVE-2024-37358 Source advisory: OSV:GHSA-56JP-W6VW-J3JW...

8.6CVSS5.8AI score0.00802EPSS

RedhatCVE•added 2025/02/06 4:51 a.m.•6 views

CVE-2021-37583

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write...

9.3CVSS7AI score0.01352EPSS

RedhatCVE•added 2025/02/06 4:50 a.m.•13 views

CVE-2021-37565

RedhatCVE•added 2025/02/06 4:50 a.m.•8 views

CVE-2021-37570

RedhatCVE•added 2025/02/06 4:49 a.m.•8 views

CVE-2021-37569

9.3CVSS7AI score0.01197EPSS

RedhatCVE•added 2025/02/06 4:49 a.m.•7 views

CVE-2021-37572

8.2CVSS7AI score0.01038EPSS

RedhatCVE•added 2025/02/06 4:48 a.m.•8 views

CVE-2021-37567

RedhatCVE•added 2025/02/06 4:47 a.m.•7 views

CVE-2021-37564

RedhatCVE•added 2025/02/06 4:45 a.m.•15 views

CVE-2021-37568

9.3CVSS7AI score0.01197EPSS

RedhatCVE•added 2025/02/06 4:45 a.m.•15 views

CVE-2021-37571

9.3CVSS7AI score0.01197EPSS

RedhatCVE•added 2025/02/06 4:43 a.m.•8 views

CVE-2021-37566

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. Affected Chipsets MT7603E, MT7610, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write...

9.3CVSS7AI score0.0127EPSS

CVE•added 2025/02/05 5:36 p.m.•102 views

CVE-2024-7595

CVE-2024-7595 is documented with concrete details in connected sources: Junos OS exposes a GRE/GRE6 vulnerability where the protocol stack does not verify the source of tunneled packets. The issue arises when GRE/GRE6 is configured without authentication or filtering, enabling a remote attacker t...

6.5CVSS6.5AI score0.01488EPSS

Exploits0References3Affected Software2

Cvelist•added 2025/02/05 5:36 p.m.•28 views

CVE-2024-7595 GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet

GRE and GRE6 Protocols RFC2784 do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered simil...

0.01488EPSS

Exploits0References2

RedhatCVE•added 2025/02/05 3:52 p.m.•13 views

CVE-2020-14871

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris...

10CVSS7.8AI score0.80291EPSS

Exploits13

RedhatCVE•added 2025/02/05 12:44 p.m.•6 views

CVE-2024-43369

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

7.2CVSS6.4AI score0.00367EPSS