CVE-2025-1104
published 2025-02-07CVE-2025-1104: A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.68%
83.9th percentile
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| d-link | dhp-w310av | — | — |
| dlink | dhp-w310av_firmware | — | — |
| github.com | argoproj_argo-cd_v2 | >= 2.1.0 < 2.14.20 | 2.14.20 |
| github.com | argoproj_argo-cd_v3 | >= 3.0.0-rc1 < 3.0.19 | 3.0.19 |
| github.com | argoproj_argo-cd_v3 | >= 3.1.0-rc1 < 3.1.8 | 3.1.8 |
| github.com | argoproj_argo-cd_v3 | >= 3.2.0-rc1 < 3.2.0-rc2 | 3.2.0-rc2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Repository Credentials Race Condition Crashes Argo CD Server
ghsa·2025-09-30
CVE-2025-55191 [MEDIUM] CWE-362 Repository Credentials Race Condition Crashes Argo CD Server
Repository Credentials Race Condition Crashes Argo CD Server
### Summary
A race condition in the repository credentials handler can cause the Argo CD server to panic and crash when concurrent operations are performed on the same repository URL.
### Details
The vulnerability is located in numerous repository related handlers in the `util/db/repository_secrets.go` file. For example, in the `secretToRepoCred` function. The issue manifests as a concurrent map access panic:
```
concurrent map read and map write
...
goroutine 1104 [running]:
github.com/argoproj/argo-cd/v2/util/db.(*secretsRepositoryBackend).secretToRepoCred(0xc000e50ea8?, 0xc000c65540)
/go/src/github.com/argoproj/argo-cd/util/db/repository_secrets.go:404 +0x31e
```
The race condition occurs due to:
1. Concurrent repository
GHSA
GHSA-cg43-3q5j-mwp7: A vulnerability has been found in D-Link DHP-W310AV 1
ghsa_unreviewed·2025-02-07
CVE-2025-1104 [MEDIUM] CWE-287 GHSA-cg43-3q5j-mwp7: A vulnerability has been found in D-Link DHP-W310AV 1
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Red Hat
node.js: End-of-Life Node.js Versions Pose Security Risks 17.x or prior
vendor_redhat·2025-01-22
CVE-2025-23087 CWE-1104 node.js: End-of-Life Node.js Versions Pose Security Risks 17.x or prior
node.js: End-of-Life Node.js Versions Pose Security Risks 17.x or prior
A flaw was found in Node.js. This vulnerability allows potential exposure to unaddressed software vulnerabilities via the continued use of End-of-Life (EOL) versions that no longer receive security updates or patches.
Statement: This CVE has been marked as Rejected by the assigning CNA.
Package: nodejs:18/nodejs (Red Hat Enterprise Linux 8) - Not affected
Package: nodejs:20/nodejs (Red Hat Enterprise Linux 8) - Not affected
Red Hat
nodejs: End-of-Life Node.js Versions Pose Security Risks 21.x
vendor_redhat·2025-01-22
CVE-2025-23089 CWE-1104 nodejs: End-of-Life Node.js Versions Pose Security Risks 21.x
nodejs: End-of-Life Node.js Versions Pose Security Risks 21.x
A flaw was found in Node.js. This vulnerability allows potential exposure to unaddressed software vulnerabilities via the continued use of End-of-Life (EOL) versions that no longer receive security updates or patches.
Statement: This CVE has been marked as Rejected by the assigning CNA.
Red Hat Enterprise Linux is not impacted by this CVE, as it does not include or ship any End-of-Life (EOL) versions of Node.js in its supported repositories. Red Hat ensures that all components provided in its distributions are actively maintained and receive necessary updates, including security patches, to mitigate vulnerabilities and maintain system security.
Package: nodejs:18/nodejs (Red Hat Enterprise Linux 8) - Not affected
Package: no
Red Hat
nodejs: End-of-Life Node.js Versions Pose Security Risks 19.x
vendor_redhat·2025-01-22
CVE-2025-23088 CWE-1104 nodejs: End-of-Life Node.js Versions Pose Security Risks 19.x
nodejs: End-of-Life Node.js Versions Pose Security Risks 19.x
A flaw was found in Node.js. This vulnerability allows potential exposure to unaddressed software vulnerabilities via the continued use of End-of-Life (EOL) versions that no longer receive security updates or patches.
Statement: This CVE has been marked as Rejected by the assigning CNA.
Red Hat Enterprise Linux is not impacted by this CVE, as it does not include or ship any End-of-Life (EOL) versions of Node.js in its supported repositories. Red Hat ensures that all components provided in its distributions are actively maintained and receive necessary updates, including security patches, to mitigate vulnerabilities and maintain system security.
Package: nodejs:18/nodejs (Red Hat Enterprise Linux 8) - Not affected
Package: no
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-23089 nodejs: End-of-Life Node.js Versions Pose Security Risks 21.x
bugzilla·2025-01-22
CVE-2025-23089 CVE-2025-23089 nodejs: End-of-Life Node.js Versions Pose Security Risks 21.x
CVE-2025-23089 nodejs: End-of-Life Node.js Versions Pose Security Risks 21.x
This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components).
Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.
Bugzilla
CVE-2025-23088 nodejs: End-of-Life Node.js Versions Pose Security Risks 19.x
bugzilla·2025-01-22
CVE-2025-23088 CVE-2025-23088 nodejs: End-of-Life Node.js Versions Pose Security Risks 19.x
CVE-2025-23088 nodejs: End-of-Life Node.js Versions Pose Security Risks 19.x
This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components).
Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.
Bugzilla
CVE-2025-23087 node.js: End-of-Life Node.js Versions Pose Security Risks 17.x or prior
bugzilla·2025-01-22
CVE-2025-23087 CVE-2025-23087 node.js: End-of-Life Node.js Versions Pose Security Risks 17.x or prior
CVE-2025-23087 node.js: End-of-Life Node.js Versions Pose Security Risks 17.x or prior
This CVE has been issued to inform users that they are using End-of-Life (EOL) versions of Node.js. These versions are no longer supported and do not receive updates, including security patches. The continued use of EOL versions may expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies (CWE-1104: Use of Unmaintained Third-Party Components).
Users are advised to upgrade to actively supported versions of Node.js to ensure continued security updates and support.
2025-02-07
Published