2025-07-24 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2021-39077 | IBM - Security Guardium | IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. | CVSS3.1: 4.4 - MEDIUM | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: partial | IBM Security Guardium information disclosure | github |
| CVE-2025-35966 | Bloomberg - Comdb2 | A null pointer dereference vulnerability exists in the CDB2SQLQUERY protocol buffer message handling of Bloomberg Comdb2 8.1. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability. | CVSS3.1: 7.5 - HIGH | 0 | Exploitation: pocAutomatable: yesTechnical Impact: partial | undefined | github |
| CVE-2016-15045 | Wuhan Deepin Technology Co., Ltd. - Deepin Linux | A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root. | CVSS4.0: 8.5 - HIGH | 0 1 2 3 4 5 | Exploitation: pocAutomatable: noTechnical Impact: total | Deepin lastore-daemon Privilege Escalation via Unsigned .deb Installation | github |
| CVE-2010-10012 | Japheth - httpdasm | A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory. | CVSS4.0: 8.7 - HIGH | 0 1 2 3 | Exploitation: pocAutomatable: yesTechnical Impact: partial | httpdASM 0.92 Path Traversal | github |
| CVE-2024-40682 | IBM - SmartCloud Analytics Log Analysis | IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local user to cause a denial of service due to improper validation of specified type of input. | CVSS3.1: 6.2 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | IBM SmartCloud Analytics - Log Analysis denial of service | github |
This post is licensed under CC BY 4.0 by the author.