Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-1148 |
Description: A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master." Eine Schwachstelle wurde in GNU Binutils 2.43 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft die Funktion link_order_scan der Datei ld/ldelfgen.c der Komponente ld. Durch Beeinflussen mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen.
CVSS: LOW (2.3) EPSS Score: 0.06%
February 11th, 2025 (2 months ago)
|
|
CVE-2025-1147 |
Description: A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. In GNU Binutils 2.43 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Das betrifft die Funktion __sanitizer::internal_strlen der Datei binutils/nm.c der Komponente nm. Durch das Beeinflussen des Arguments const mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.3) EPSS Score: 0.07%
February 11th, 2025 (2 months ago)
|
|
CVE-2024-21257 |
Description: Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Hyperion BI+ executes to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N).
CVSS: LOW (3.0) EPSS Score: 0.04%
February 11th, 2025 (2 months ago)
|
|
CVE-2024-21101 |
Description: Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
CVSS: LOW (2.2) EPSS Score: 0.04%
February 11th, 2025 (2 months ago)
|
|
CVE-2025-1115 |
Description: A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_thread_create of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information disclosure. An attack has to be approached locally. In RT-Thread bis 5.1.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion sys_thread_create der Datei rt-thread/components/lwp/lwp_syscall.c. Dank Manipulation des Arguments arg[0] mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden.
CVSS: LOW (3.3) EPSS Score: 0.05%
February 9th, 2025 (2 months ago)
|
|
CVE-2024-1722 |
Description: A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.
CVSS: LOW (3.7) EPSS Score: 0.07%
February 9th, 2025 (2 months ago)
|
|
CVE-2025-25183 |
Description: vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: LOW (2.6) EPSS Score: 0.05%
February 8th, 2025 (2 months ago)
|
|
CVE-2025-22402 |
Description: Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure.
CVSS: LOW (2.6) EPSS Score: 0.04%
February 8th, 2025 (2 months ago)
|
|
CVE-2024-55630 |
Description: Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `document` property (e.g. `querySelector`), that property is replaced with the element. This vulnerability's only known impact is denial of service. The note viewer fails to refresh until closed and re-opened with a different note. This issue has been addressed in version 3.2.8 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS: LOW (3.3) EPSS Score: 0.05%
February 8th, 2025 (2 months ago)
|
|
CVE-2025-1083 |
Description: A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. In Mindskip xzs-mysql 学之思开源考试系统 3.9.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente CORS Handler. Durch Manipulation mit unbekannten Daten kann eine permissive cross-domain policy with untrusted domains-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Die Komplexität eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.3) EPSS Score: 0.05%
February 7th, 2025 (2 months ago)
|