Lucene search
K

352 matches found

OSV
OSV
added 2025/02/12 12:9 a.m.9 views

CVE-2025-1243 Field in api-go proxy not transformed before version 1.44.1

The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...

2CVSS6AI score0.00093EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/02/12 12:9 a.m.15 views

CVE-2025-1243 Field in api-go proxy not transformed before version 1.44.1

The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data...

2CVSS6.2AI score0.00093EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/06 12:0 a.m.10 views

The vulnerability of the software for deploying and managing cloud-based corporate systems based on IBM Cloud Pak System allows a hacker to expose protected information.

The vulnerability related to deploying and managing the IBM Cloud Pak System based on containers involves the disclosure of information during data transmission. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2024/12/30 4:46 p.m.2 views

Session Fixation

Overview Affected versions of this package are vulnerable to Session Fixation where an attacker can copy the session cookie before a user logs out. Note: This is only exploitable if the attacker manages to capture the session cookie before the log out process. Workaround Self-hosting users are...

7CVSS6.8AI score0.00209EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/12/19 12:0 a.m.10 views

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE involves information disclosure during data transmission, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the disclosure of information during data transmission. Exploiting this vulnerability can allow unauthorized individuals to gain unauthorized access to protected information by...

7.8CVSS5.5AI score0.00472EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.9 views

PT-2024-38563 · Unknown · Ewon Flexy 202

Name of the Vulnerable Software and Affected Versions: EWON FLEXY 202 affected versions not specified Description: The issue concerns the transmission of credentials using a weak encoding method, specifically base64. An attacker present in the network can intercept the traffic and decode the...

8.2CVSS6.6AI score0.00278EPSS
Exploits0References5
NVD
NVD
added 2024/10/11 4:15 p.m.11 views

CVE-2024-47489

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...

6.9CVSS0.00631EPSS
Exploits0References1
OSV
OSV
added 2024/10/11 4:15 p.m.4 views

CVE-2024-47489

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...

6.9CVSS5.8AI score0.00631EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/11 3:22 p.m.15 views

CVE-2024-47490 Junos OS Evolved: ACX 7000 Series: Receipt of specific transit MPLS packets causes resources to be exhausted

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS Evolved on ACX 7000 Series allows an unauthenticated, network based attacker to cause increased consumption of resources, ultimately resulting in a...

8.2CVSS0.0056EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/11 3:22 p.m.20 views

CVE-2024-47489 Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...

6.9CVSS7AI score0.00631EPSS
Exploits0References1
CVE
CVE
added 2024/10/11 3:22 p.m.54 views

CVE-2024-47489

CVE-2024-47489 (Junos OS Evolved, ACX Series) is a vulnerability in the Packet Forwarding Engine (pfe) where the Routing Engine’s handling of specific transit protocol packets can fill the shared DDoS protection queue, causing protocol flaps and partial DoS of downstream devices. It affects IPv4 ...

6.9CVSS5.7AI score0.00631EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/11 3:22 p.m.21 views

CVE-2024-47489 Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE

An Improper Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine pfe of the Juniper Networks Junos OS Evolved on ACX Series devices allows an unauthenticated, network based attacker sending specific transit protocol traffic to cause a partial Denial of Service DoS to...

6.9CVSS0.00631EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/25 12:0 a.m.6 views

PT-2024-7137

Name of the Vulnerable Software and Affected Versions Junos OS Evolved versions prior to 21.4R3-S8-EVO Junos OS Evolved versions from 22.2 before 22.2R3-S4-EVO Junos OS Evolved versions from 22.3 before 22.3R3-S4-EVO Junos OS Evolved versions from 22.4 before 22.4R3-S3-EVO Junos OS Evolved versio...

6.9CVSS5.9AI score0.00631EPSS
Exploits0References13
Wired Threat Level
Wired Threat Level
added 2024/09/14 9:30 a.m.12 views

A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions

Plus: New evidence emerges about who may have helped 9/11 hijackers, UK police arrest a teen in connection with an attack on London’s transit system, and Poland’s spyware scandal enters a new phase...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2024/09/04 7:54 p.m.36 views

CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...

0.00239EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2024/08/27 7:39 a.m.23 views

CVE-2023-4680

A flaw was found in HashiCorp Vault and Vault Enterprise, where the transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and...

6.8CVSS6.8AI score0.00368EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/08/27 12:0 a.m.6 views

The vulnerability of the batman-adv component in the Linux operating system, which allows a hacker to cause a service failure.

The vulnerability of the batman-adv component in the Linux operating system is related to errors in infinite loops when attempting to change the size of the local TT. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00259EPSS
Exploits0References47Affected Software4
OSV
OSV
added 2024/08/14 8:15 p.m.3 views

CVE-2024-40620

CVE-2024-40620 IMPACT A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the...

7.5CVSS5.8AI score0.00186EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/08/13 10:53 a.m.6 views

kernel: TIPC message reassembly use-after-free remote code execution vulnerability

A use-after-free UAF flaw exists in the Linux Kernel within the reassembly of fragmented TIPC messages, specifically in the tipcbufappend function. The issue results due to a lack of checks in the error handling cleanup and can trigger a UAF on "struct skbuff", which may lead to remote code...

8.1CVSS7.7AI score0.01305EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.5 views

PT-2024-29610 · Opentext · Opentext Documentum Server

Name of the Vulnerable Software and Affected Versions: OpenText Documentum Server versions 16.7 through 23.4 Description: The issue is related to an Unprotected Transport of Credentials vulnerability in OpenText Documentum Server, which could allow Credential Stuffing. Recommendations: For versio...

7.1CVSS7.1AI score0.00154EPSS
Exploits0References5
Rows per page
Query Builder