CyberAlerts

CVE-2025-1330

Description: IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE

May 8th, 2025 (about 1 month ago)

CVE-2025-1329

IBM CICS TX code execution

Description: IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function.

CVSS: HIGH (7.8)

EPSS Score: 0.01%

Source: CVE

May 8th, 2025 (about 1 month ago)

CVE-2024-9448

On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic...

Description: On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations.

CVSS: HIGH (7.5)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

May 8th, 2025 (about 1 month ago)

CVE-2024-22515

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.

Description: Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.

CVSS: HIGH (8.8)

EPSS Score: 9.83%

SSVC Exploitation: poc

Source: CVE

May 8th, 2025 (about 1 month ago)

[org.eclipse.jetty:jetty-server] **UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate req...

Description: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests. References https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5 https://nvd.nist.gov/vuln/detail/CVE-2024-13009 https://gitlab.eclipse.org/security/cve-assignement/-/issues/48 https://github.com/advisories/GHSA-q4rv-gq96-w7c5

CVSS: HIGH (7.2)

EPSS Score: 0.04%

Source: Github Advisory Database (Maven)

May 8th, 2025 (about 1 month ago)

[org.eclipse.jetty.http2:jetty-http2-common] Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to ...

Description: Original Report In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting. Impact Remote peers can cause the JVM to crash or continuously report OOM. Patches 12.0.17 Workarounds No workarounds. References https://github.com/jetty/jetty.project/issues/12690 References https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8 https://nvd.nist.gov/vuln/detail/CVE-2025-1948 https://github.com/jetty/jetty.project/issues/12690 https://github.com/jetty/jetty.project/commit/c8c2515936ef968dc8a3cecd9e79d1e69291e4bb https://gitlab.eclipse.org/security/cve-assignement/-/issues/56 https://github.com/advisories/GHSA-889j-63jv-qhr8

CVSS: HIGH (7.5)

EPSS Score: 0.05%

Source: Github Advisory Database (Maven)

May 8th, 2025 (about 1 month ago)

CVE-2024-8100

On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on...

Description: On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.

CVSS: HIGH (8.7)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

May 8th, 2025 (about 1 month ago)

CVE-2024-25407

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers...

Description: SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.

CVSS: HIGH (7.5)

EPSS Score: 0.17%

SSVC Exploitation: poc

Source: CVE

May 8th, 2025 (about 1 month ago)

CVE-2024-25003

KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and...

Description: KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution.

CVSS: HIGH (7.8)

EPSS Score: 0.55%

SSVC Exploitation: poc

Source: CVE

May 8th, 2025 (about 1 month ago)

CVE-2024-24921

A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption...

Description: A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712)

CVSS: HIGH (7.8)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

May 8th, 2025 (about 1 month ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-1330	IBM CICS TX code execution Description: IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyname function. CVSS: HIGH (7.8) EPSS Score: 0.01% Source: CVE May 8th, 2025 (about 1 month ago)
CVE-2025-1329	IBM CICS TX code execution Description: IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function. CVSS: HIGH (7.8) EPSS Score: 0.01% Source: CVE May 8th, 2025 (about 1 month ago)
CVE-2024-9448	On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic... Description: On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations. CVSS: HIGH (7.5) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE May 8th, 2025 (about 1 month ago)
CVE-2024-22515	Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. Description: Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. CVSS: HIGH (8.8) EPSS Score: 9.83% SSVC Exploitation: poc Source: CVE May 8th, 2025 (about 1 month ago)
	[org.eclipse.jetty:jetty-server] UNSUPPORTED WHEN ASSIGNED GzipHandler causes part of request body to be seen as request body of a separate req... Description: In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in corrupted and/or inadvertent sharing of data between requests. References https://github.com/jetty/jetty.project/security/advisories/GHSA-q4rv-gq96-w7c5 https://nvd.nist.gov/vuln/detail/CVE-2024-13009 https://gitlab.eclipse.org/security/cve-assignement/-/issues/48 https://github.com/advisories/GHSA-q4rv-gq96-w7c5 CVSS: HIGH (7.2) EPSS Score: 0.04% Source: Github Advisory Database (Maven) May 8th, 2025 (about 1 month ago)
	[org.eclipse.jetty.http2:jetty-http2-common] Eclipse Jetty HTTP/2 client can force the server to allocate a humongous byte buffer that may lead to ... Description: Original Report In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to encode HTTP responses, likely resulting in OutOfMemoryError being thrown, or even the JVM process exiting. Impact Remote peers can cause the JVM to crash or continuously report OOM. Patches 12.0.17 Workarounds No workarounds. References https://github.com/jetty/jetty.project/issues/12690 References https://github.com/jetty/jetty.project/security/advisories/GHSA-889j-63jv-qhr8 https://nvd.nist.gov/vuln/detail/CVE-2025-1948 https://github.com/jetty/jetty.project/issues/12690 https://github.com/jetty/jetty.project/commit/c8c2515936ef968dc8a3cecd9e79d1e69291e4bb https://gitlab.eclipse.org/security/cve-assignement/-/issues/56 https://github.com/advisories/GHSA-889j-63jv-qhr8 CVSS: HIGH (7.5) EPSS Score: 0.05% Source: Github Advisory Database (Maven) May 8th, 2025 (about 1 month ago)
CVE-2024-8100	On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on... Description: On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. CVSS: HIGH (8.7) EPSS Score: 0.03% SSVC Exploitation: none Source: CVE May 8th, 2025 (about 1 month ago)
CVE-2024-25407	SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers... Description: SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions. CVSS: HIGH (7.5) EPSS Score: 0.17% SSVC Exploitation: poc Source: CVE May 8th, 2025 (about 1 month ago)
CVE-2024-25003	KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and... Description: KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. CVSS: HIGH (7.8) EPSS Score: 0.55% SSVC Exploitation: poc Source: CVE May 8th, 2025 (about 1 month ago)
CVE-2024-24921	A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption... Description: A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712) CVSS: HIGH (7.8) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE May 8th, 2025 (about 1 month ago)