Lucene search
K

4756 matches found

Cvelist
Cvelist
added 2025/02/05 5:36 p.m.29 views

CVE-2024-7595 GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet

GRE and GRE6 Protocols RFC2784 do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered simil...

0.01552EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 3:52 p.m.15 views

CVE-2020-14871

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris...

10CVSS7.8AI score0.80291EPSS
Exploits13
RedhatCVE
RedhatCVE
added 2025/02/05 12:44 p.m.7 views

CVE-2024-43369

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

7.2CVSS6.4AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:36 a.m.8 views

CVE-2024-47130

The goTenna Pro App allows unauthenticated attackers to remotely update the local public keys used for P2P and group messages. It is advised to update your app to the current release for enhanced encryption protocols...

8.8CVSS6.9AI score0.00216EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 8:34 a.m.8 views

CVE-2024-47125

The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols...

8.1CVSS7AI score0.00142EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.32 views

Amazon Linux 2023 : java-17-amazon-corretto, java-17-amazon-corretto-devel, java-17-amazon-corretto-headless (ALAS2023-2025-828)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-828 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE:...

4.8CVSS6.5AI score0.00971EPSS
Exploits0References4
Amazon
Amazon
added 2025/02/05 12:0 a.m.11 views

Medium: java-21-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13,...

4.8CVSS4.8AI score0.00971EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/04 12:0 a.m.22 views

Amazon Linux 2 : python (ALAS-2025-2744)

The version of python installed on the remote host is prior to 2.7.18-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2744 advisory. CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the...

9.1CVSS7.3AI score0.05582EPSS
Exploits1References4
Amazon
Amazon
added 2025/02/04 12:0 a.m.22 views

Medium: java-11-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13,...

4.8CVSS5AI score0.00971EPSS
Exploits0
Amazon
Amazon
added 2025/02/04 12:0 a.m.5 views

Medium: python3

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

9.1CVSS7AI score0.05582EPSS
Exploits1
Amazon
Amazon
added 2025/02/04 12:0 a.m.37 views

Medium: python3

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

9.1CVSS7.8AI score0.05582EPSS
Exploits1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.3 views

PhpSpreadsheet 跨站脚本漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A cross-site scripting vulnerability exists in PhpSpreadsheet that stems from the use of javascript protocols and special characters to bypass cross-site scripting XSS cleaners...

4.8CVSS5.8AI score0.00403EPSS
Exploits0References2
OSV
OSV
added 2025/01/31 6:8 p.m.7 views

CGA-57RM-63CV-RG4P

Bulletin has no description...

6.1CVSS7AI score0.00458EPSS
Exploits0
OSV
OSV
added 2025/01/31 4:9 p.m.4 views

CGA-2HGP-458J-7V84

Bulletin has no description...

6.1CVSS7AI score0.00458EPSS
Exploits0
OSV
OSV
added 2025/01/30 9:10 a.m.11 views

CGA-9RGX-65HG-R95G

Bulletin has no description...

5CVSS9.5AI score0.04552EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/01/24 12:25 p.m.14 views

CVE-2025-21518

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

6.5CVSS6.5AI score0.01034EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/01/24 12:24 p.m.26 views

CVE-2025-21490

A flaw was found in the MySQL Server component: InnoDB. This vulnerability allows a high-privileged attacker to cause a denial of service, which causes frequent crashes or hangs, via multiple network protocols...

4.9CVSS6.8AI score0.01236EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/01/22 11:24 a.m.4 views

openjdk: Enhance array handling (Oracle CPU 2025-01)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be...

4.8CVSS7.4AI score0.00971EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/01/22 11:24 a.m.7 views

openjdk: Enhance array handling (Oracle CPU 2025-01)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to Oracle Java SE accessible. This vulnerability can be...

4.8CVSS7.4AI score0.00971EPSS
Exploits0References5
OSV
OSV
added 2025/01/21 9:15 p.m.3 views

DEBIAN-CVE-2025-21502

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; Oracle GraalVM for JDK: 17.0.13, 21.0.5, 23.0.1; Orac...

4.8CVSS5.3AI score0.00971EPSS
Exploits0References1
Rows per page
Query Builder