Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-05 | CVE-2024-38318 | Cross-site Scripting vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. | 6.1 |
| 2025-02-05 | CVE-2024-56472 | Unspecified vulnerability in IBM Aspera Shares 1.10.0/1.9.14/1.9.15 IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. | 5.4 |
| 2025-02-05 | CVE-2024-7595 | Unspecified vulnerability in Ietf products GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136. | 6.5 |
| 2025-02-05 | CVE-2024-7596 | Unspecified vulnerability in Ietf Generic UDP Encapsulation Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136. | 6.5 |
| 2025-02-05 | CVE-2025-20124 | Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. | 7.2 |
| 2025-02-05 | CVE-2025-20125 | Improper Authorization vulnerability in Cisco Identity Services Engine A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. | 7.2 |
| 2025-02-05 | CVE-2025-20169 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. | 7.7 |
| 2025-02-05 | CVE-2025-20170 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. network low complexity | 7.7 |
| 2025-02-05 | CVE-2025-20174 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. network low complexity | 7.7 |
| 2025-02-05 | CVE-2025-20175 | A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. network low complexity | 7.7 |