Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-32366 |
Description: In ConnMan through 1.44, parse_rr in dnsproxy.c has a memcpy length that depends on an RR RDLENGTH value, i.e., *rdlen=ntohs(rr->rdlen) and memcpy(response+offset,*end,*rdlen).
CVSS: LOW (3.7) EPSS Score: 0.06%
April 6th, 2025 (13 days ago)
|
|
CVE-2024-45337 |
Description:
Nessus Plugin ID 233885 with Critical Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1142-1 advisory. - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563). Other fixes: - Updated to version 20250327.01 (bsc#1239763, bsc#1239866) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) - from version 20250327.00 * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert 'oslogin: Correctly handle newlines at the end of modified files (#520)' (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce metadata scrip...
CVSS: LOW (0.0)
April 5th, 2025 (14 days ago)
|
|
CVE-2024-45337 |
Description:
Nessus Plugin ID 233886 with Critical Severity
Synopsis
The remote SUSE host is missing a security update.
Description
The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:1143-1 advisory. - CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563). Other fixes: - Updated to version 20250327.01 (bsc#1239763, bsc#1239866) * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527) - from version 20250327.00 * Update guest-logging-go dependency (#526) * Add 'created-by' metadata, and pass it as option to logging library (#508) * Revert 'oslogin: Correctly handle newlines at the end of modified files (#520)' (#523) * Re-enable disabled services if the core plugin was enabled (#522) * Enable guest services on package upgrade (#519) * oslogin: Correctly handle newlines at the end of modified files (#520) * Fix core plugin path (#518) * Fix package build issues (#517) * Fix dependencies ran go mod tidy -v (#515) * Fix debian build path (#514) * Bundle compat metadata script runner binary in package (#513) * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512) * Update startup/shutdown services to launch compat manager (#503) * Bundle new gce ...
CVSS: LOW (0.0)
April 5th, 2025 (14 days ago)
|
|
CVE-2024-42208 |
Description: HCL Connections is vulnerable to an information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data.
CVSS: LOW (3.5) EPSS Score: 0.03%
April 4th, 2025 (15 days ago)
|
|
CVE-2025-3177 |
Description: A vulnerability was found in FastCMS 0.1.5. It has been declared as critical. This vulnerability affects unknown code of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key
. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. In FastCMS 0.1.5 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalität der Komponente JWT Handler. Durch das Beeinflussen mit unbekannten Daten kann eine use of hard-coded cryptographic key
-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Die Komplexität eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.3) EPSS Score: 0.04%
April 3rd, 2025 (15 days ago)
|
|
CVE-2025-32054 |
Description: In JetBrains IntelliJ IDEA before 2024.3, 2024.2.4 source code could be logged in the idea.log file
CVSS: LOW (3.3) EPSS Score: 0.0%
April 3rd, 2025 (16 days ago)
|
|
CVE-2025-3169 |
Description: A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that "this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web." Eine kritische Schwachstelle wurde in Projeqtor bis 12.0.2 ausgemacht. Betroffen davon ist ein unbekannter Prozess der Datei /tool/saveAttachment.php. Dank Manipulation des Arguments attachmentFiles mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 12.0.3 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS: LOW (2.3) EPSS Score: 0.04%
April 3rd, 2025 (16 days ago)
|
|
CVE-2025-3136 |
Description: A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0. This issue affects the function torch.cuda.memory.caching_allocator_delete of the file c10/cuda/CUDACachingAllocator.cpp. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PyTorch 2.6.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion torch.cuda.memory.caching_allocator_delete der Datei c10/cuda/CUDACachingAllocator.cpp. Mit der Manipulation mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (3.3) EPSS Score: 0.02%
April 3rd, 2025 (16 days ago)
|
|
CVE-2025-29991 |
Description: Yubico YubiKey 5.4.1 through 5.7.3 before 5.7.4 has an incorrect FIDO CTAP PIN/UV Auth Protocol Two implementation. It uses the signature length from CTAP PIN/UV Auth Protocol One, even when CTAP PIN/UV Auth Protocol Two was chosen, resulting in a partial signature verification.
CVSS: LOW (2.2) EPSS Score: 0.01%
April 3rd, 2025 (16 days ago)
|
|
CVE-2025-3154 |
Description: Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.
CVSS: LOW (2.1) EPSS Score: 0.02%
April 3rd, 2025 (16 days ago)
|