24h | 7d | 30d

CVE-2023-41346

Overview

  • ASUS
  • RT-AX55
03 Nov 2023
Published
06 Sep 2024
Updated
CVSS v3.1
HIGH (8.8)
EPSS
1.45%
KEV

Description

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 15 hours ago

Fediverse

Profile picture
:cascadia: cR0w :gayint: @cR0w

More new EITW CVEs:

CVE-2023-41345, CVE-2023-41346, CVE-2023-41347, CVE-2023-41348, CVE-2024-12912, CVE-2025-2492

securityscorecard.com/blog/ope

WrtHug is a widespread operation that appears to exclusively target ASUS WRT routers. The attackers exploit β€œNth day vulnerabilities,” which are security flaws that have been publicly known for some time, to gain high-level privileges on the devices. The campaign mainly affects End-of-Life (EoL) devices.

  • 0
  • 2
  • 0
  • 15h ago

CVE-2025-0986

Overview

  • IBM
  • PowerVM Hypervisor
28 Mar 2025
Published
01 Sep 2025
Updated
CVSS v3.1
MEDIUM (4.5)
EPSS
0.03%
KEV

Description

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture
Puppet Community Team :fedi: @puppet

The release of Puppet Core 8.16.0 is now available! This release provides several security/library updates made to address known vulnerabilities.

πŸ” Thor 1.4.0 (CVE-2025-54314)
πŸ” Curl 8.16.0 (CVE-2025-0986, CVE 2025-10148)
πŸ” REXML 3.4.2 (CVE-2025-58767)
πŸ” OpenSSL 3.0.18 (CVE-2025-9230, CVE-2025-9232)
πŸ” Patched URI gem in the Puppet agent (CVE-2025-61594)

Check full release notes: help.puppet.com/core/current/C

#DevOps #Puppet #IaC

  • 0
  • 1
  • 0
  • 22h ago

CVE-2025-54314

Overview

  • rubyonrails
  • Thor
20 Jul 2025
Published
10 Aug 2025
Updated
CVSS v3.1
LOW (2.8)
EPSS
0.03%
KEV

Description

Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture
Puppet Community Team :fedi: @puppet

The release of Puppet Core 8.16.0 is now available! This release provides several security/library updates made to address known vulnerabilities.

πŸ” Thor 1.4.0 (CVE-2025-54314)
πŸ” Curl 8.16.0 (CVE-2025-0986, CVE 2025-10148)
πŸ” REXML 3.4.2 (CVE-2025-58767)
πŸ” OpenSSL 3.0.18 (CVE-2025-9230, CVE-2025-9232)
πŸ” Patched URI gem in the Puppet agent (CVE-2025-61594)

Check full release notes: help.puppet.com/core/current/C

#DevOps #Puppet #IaC

  • 0
  • 1
  • 0
  • 22h ago

CVE-2025-58767

Overview

  • ruby
  • rexml
17 Sep 2025
Published
17 Sep 2025
Updated
CVSS v4.0
LOW (1.2)
EPSS
0.04%
KEV

Description

REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches to fix these vulnerabilities.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture
Puppet Community Team :fedi: @puppet

The release of Puppet Core 8.16.0 is now available! This release provides several security/library updates made to address known vulnerabilities.

πŸ” Thor 1.4.0 (CVE-2025-54314)
πŸ” Curl 8.16.0 (CVE-2025-0986, CVE 2025-10148)
πŸ” REXML 3.4.2 (CVE-2025-58767)
πŸ” OpenSSL 3.0.18 (CVE-2025-9230, CVE-2025-9232)
πŸ” Patched URI gem in the Puppet agent (CVE-2025-61594)

Check full release notes: help.puppet.com/core/current/C

#DevOps #Puppet #IaC

  • 0
  • 1
  • 0
  • 22h ago

CVE-2025-9232

Overview

  • OpenSSL
  • OpenSSL
30 Sep 2025
Published
04 Nov 2025
Updated
CVSS
Pending
EPSS
0.13%
KEV

Description

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture
Puppet Community Team :fedi: @puppet

The release of Puppet Core 8.16.0 is now available! This release provides several security/library updates made to address known vulnerabilities.

πŸ” Thor 1.4.0 (CVE-2025-54314)
πŸ” Curl 8.16.0 (CVE-2025-0986, CVE 2025-10148)
πŸ” REXML 3.4.2 (CVE-2025-58767)
πŸ” OpenSSL 3.0.18 (CVE-2025-9230, CVE-2025-9232)
πŸ” Patched URI gem in the Puppet agent (CVE-2025-61594)

Check full release notes: help.puppet.com/core/current/C

#DevOps #Puppet #IaC

  • 0
  • 1
  • 0
  • 22h ago

CVE-2025-9230

Overview

  • OpenSSL
  • OpenSSL
30 Sep 2025
Published
04 Nov 2025
Updated
CVSS
Pending
EPSS
0.02%
KEV

Description

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture
Puppet Community Team :fedi: @puppet

The release of Puppet Core 8.16.0 is now available! This release provides several security/library updates made to address known vulnerabilities.

πŸ” Thor 1.4.0 (CVE-2025-54314)
πŸ” Curl 8.16.0 (CVE-2025-0986, CVE 2025-10148)
πŸ” REXML 3.4.2 (CVE-2025-58767)
πŸ” OpenSSL 3.0.18 (CVE-2025-9230, CVE-2025-9232)
πŸ” Patched URI gem in the Puppet agent (CVE-2025-61594)

Check full release notes: help.puppet.com/core/current/C

#DevOps #Puppet #IaC

  • 0
  • 1
  • 0
  • 22h ago

CVE-2025-61594

Overview

  • Pending
Pending
Published
Pending
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

  • 1 Post
  • 1 Interaction
Last activity: 22 hours ago

Fediverse

Profile picture
Puppet Community Team :fedi: @puppet

The release of Puppet Core 8.16.0 is now available! This release provides several security/library updates made to address known vulnerabilities.

πŸ” Thor 1.4.0 (CVE-2025-54314)
πŸ” Curl 8.16.0 (CVE-2025-0986, CVE 2025-10148)
πŸ” REXML 3.4.2 (CVE-2025-58767)
πŸ” OpenSSL 3.0.18 (CVE-2025-9230, CVE-2025-9232)
πŸ” Patched URI gem in the Puppet agent (CVE-2025-61594)

Check full release notes: help.puppet.com/core/current/C

#DevOps #Puppet #IaC

  • 0
  • 1
  • 0
  • 22h ago
Showing 51 to 57 of 57 CVEs