Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-1243
Field in api-go proxy not transformed before version 1.44.1
Description: The Temporal api-go library prior to version 1.44.1 did not send `update response` information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the `update response` field not having Data Converter transformations (e.g. encryption) applied. This is an issue only when using the UpdateWorkflowExecution APIs (released on 13th January 2025) with a proxy leveraging the api-go library before version 1.44.1. Other data fields were correctly sent to Data Converter. This issue does not impact the Data Converter server. Data was encrypted in transit. Temporal Cloud services are not impacted.

CVSS: LOW (2.0)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2025-1215
vim main.c memory corruption
Description: A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component. In vim bis 9.1.1096 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei src/main.c. Dank der Manipulation des Arguments --log mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Aktualisieren auf die Version 9.1.1097 vermag dieses Problem zu lösen. Der Patch wird als c5654b84480822817bb7b69ebc97c174c91185e9 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

CVSS: LOW (2.4)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2025-1207
phjounin TFTPD64 DNS denial of service
Description: A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. In phjounin TFTPD64 4.64 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Komponente DNS Handler. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.

CVSS: LOW (2.3)

EPSS Score: 0.05%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2024-39286
Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may...
Description: Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS: LOW (2.0)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2024-39271
Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before...
Description: Improper restriction of communication channel to intended endpoints in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software before version 23.80 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

CVSS: LOW (2.0)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2024-28766
IBM Security Directory Integrator information disclosure
Description: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system.

CVSS: LOW (2.4)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2024-23563
HCL Connections Docs is vulnerable to a sensitive information disclosure
Description: HCL Connections Docs is vulnerable to a sensitive information disclosure which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.

CVSS: LOW (3.9)

EPSS Score: 0.04%

Source: CVE
February 13th, 2025 (2 months ago)

CVE-2025-1243
[go.temporal.io/api] Unencrypted transmission in Temporal api-go library
Description: The Temporal api-go library prior to version 1.44.1 did not send update response information to Data Converter when the proxy package within the api-go module was used in a gRPC proxy prior to transmission. This resulted in information contained within the update response field not having Data Converter transformations (e.g. encryption) applied. This is an issue only when using the UpdateWorkflowExecution APIs (released on 13th January 2025) with a proxy leveraging the api-go library before version 1.44.1. Other data fields were correctly sent to Data Converter. This issue does not impact the Data Converter server. Data was encrypted in transit. Temporal Cloud services are not impacted. References https://nvd.nist.gov/vuln/detail/CVE-2025-1243 https://github.com/temporalio/api-go/releases/tag/v1.44.1 https://temporal.io/blog/announcing-a-new-operation-workflow-update https://github.com/temporalio/api-go/commit/dad8b169ada911d3778e070484d1ae78a58bd22b https://github.com/advisories/GHSA-q9w6-cwj4-gf4p

CVSS: LOW (2.0)

EPSS Score: 0.04%

Source: Github Advisory Database (Go)
February 12th, 2025 (2 months ago)

CVE-2025-24432
Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing security mechanisms. Exploitation of this issue requires user interaction.

CVSS: LOW (3.7)

EPSS Score: 0.06%

Source: CVE
February 12th, 2025 (2 months ago)

CVE-2025-24430
Adobe Commerce | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
Description: Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could result in a security feature bypass. An attacker could exploit this race condition to alter a condition after it has been checked but before it is used, potentially bypassing security mechanisms. Exploitation of this issue requires user interaction.

CVSS: LOW (3.7)

EPSS Score: 0.06%

Source: CVE
February 12th, 2025 (2 months ago)