352 matches found
CVE-2025-1243 Field in api-go proxy not transformed before version 1.44.1
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
CVE-2025-1243 Field in api-go proxy not transformed before version 1.44.1
The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...
The vulnerability of the software for deploying and managing cloud-based corporate systems based on IBM Cloud Pak System allows a hacker to expose protected information.
The vulnerability related to deploying and managing the IBM Cloud Pak System based on containers involves the disclosure of information during data transmission. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
Session Fixation
Overview Affected versions of this package are vulnerable to Session Fixation where an attacker can copy the session cookie before a user logs out. Note: This is only exploitable if the attacker manages to capture the session cookie before the log out process. Workaround Self-hosting users are...
The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE involves information disclosure during data transmission, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the disclosure of information during data transmission. Exploiting this vulnerability can allow unauthorized individuals to gain unauthorized access to protected information by...
PT-2024-38563 · Unknown · Ewon Flexy 202
Name of the Vulnerable Software and Affected Versions: EWON FLEXY 202 affected versions not specified Description: The issue concerns the transmission of credentials using a weak encoding method, specifically base64. An attacker present in the network can intercept the traffic and decode the...
CVE-2024-47489
An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...
CVE-2024-47489
An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...
CVE-2024-47490 Junos OS Evolved: ACX 7000 Series: Receipt of specific transit MPLS packets causes resources to be exhausted
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a...
CVE-2024-47489 Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE
An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...
CVE-2024-47489
CVE-2024-47489 (Junos OS Evolved, ACX Series) is a vulnerability in the Packet Forwarding Engine (pfe) where the Routing Engine’s handling of specific transit protocol packets can fill the shared DDoS protection queue, causing protocol flaps and partial DoS of downstream devices. It affects IPv4 ...
CVE-2024-47489 Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE
An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...
PT-2024-7137
Name of the Vulnerable Software and Affected Versions Junos OS Evolved versions prior to 21.4R3-S8-EVO Junos OS Evolved versions from 22.2 before 22.2R3-S4-EVO Junos OS Evolved versions from 22.3 before 22.3R3-S4-EVO Junos OS Evolved versions from 22.4 before 22.4R3-S3-EVO Junos OS Evolved versio...
A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions
Plus: New evidence emerges about who may have helped 9/11 hijackers, UK police arrest a teen in connection with an attack on London’s transit system, and Poland’s spyware scandal enters a new phase...
CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...
CVE-2023-4680
A flaw was found in HashiCorp Vault and Vault Enterprise, where the transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and...
The vulnerability of the batman-adv component in the Linux operating system, which allows a hacker to cause a service failure.
The vulnerability of the batman-adv component in the Linux operating system is related to errors in infinite loops when attempting to change the size of the local TT. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-40620
CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the...
kernel: TIPC message reassembly use-after-free remote code execution vulnerability
A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...
PT-2024-29610 · Opentext · Opentext Documentum Server
Name of the Vulnerable Software and Affected Versions: OpenText Documentum Server versions 16.7 through 23.4 Description: The issue is related to an Unprotected Transport of Credentials vulnerability in OpenText Documentum Server, which could allow Credential Stuffing. Recommendations: For versio...