K000140029: libcurl vulnerability CVE-2024-2398
Security Advisory Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously...
6.6AI Score
0.0004EPSS
Linux kernel (HWE) vulnerabilities
Releases Ubuntu 22.04 LTS Packages linux-hwe-6.5 - Linux hardware enablement (HWE) kernel Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use...
7.8CVSS
7.5AI Score
0.001EPSS
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Impact This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled (please see the RKE documentation). When...
6.2AI Score
EPSS
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Impact This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled (please see the RKE documentation). When...
6.1AI Score
EPSS
Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic.....
5.7CVSS
6.9AI Score
0.0004EPSS
Summary If an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. Details The attack process is described above. PoC Frontend: 1. Pass basic.....
5.7CVSS
6.9AI Score
0.0004EPSS
STRIMZI incorrect access control
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially...
7AI Score
0.0004EPSS
STRIMZI incorrect access control
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially...
6.8AI Score
0.0004EPSS
LNbits improperly handles potential network and payment failures when using Eclair backend
Summary Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. Details Using blocking: true on the API call will lead to a timeout error if a payment does not get settled in the 30s....
8.1CVSS
6.7AI Score
0.0004EPSS
LNbits improperly handles potential network and payment failures when using Eclair backend
Summary Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. Details Using blocking: true on the API call will lead to a timeout error if a payment does not get settled in the 30s....
8.1CVSS
6.7AI Score
0.0004EPSS
DeepJavaLibrary API absolute path traversal
Summary DeepJavaLibrary(DJL) versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions:...
10CVSS
6.7AI Score
0.0004EPSS
DeepJavaLibrary API absolute path traversal
Summary DeepJavaLibrary(DJL) versions 0.1.0 through 0.27.0 do not prevent absolute path archived artifacts from inserting archived files directly into the system, overwriting system files. This is fixed in DJL 0.28.0 and patched in DJL Large Model Inference containers 0.27.0. Impacted versions:...
10CVSS
6.7AI Score
0.0004EPSS
Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT...
7.9AI Score
Malvertising Campaign Leads to Execution of Oyster Backdoor
The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....
7.3AI Score
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
7.4AI Score
0.0004EPSS
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
7.4AI Score
0.0004EPSS
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
0.0004EPSS
Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue....
5.7CVSS
5.5AI Score
0.0004EPSS
Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue....
5.7CVSS
0.0004EPSS
CVE-2024-37895 API Key Leak in lobe-chat
Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue....
5.7CVSS
7AI Score
0.0004EPSS
CVE-2024-37895 API Key Leak in lobe-chat
Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue....
5.7CVSS
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may...
2.4CVSS
3.3AI Score
0.0004EPSS
A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may...
2.4CVSS
0.0004EPSS
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially...
6.9AI Score
0.0004EPSS
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially...
0.0004EPSS
ws affected by a DoS when handling a request with many HTTP headers
Impact A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server. Proof of concept ```js const http = require('http'); const WebSocket = require('ws'); const wss = new WebSocket.Server({ port: 0 }, function () { const chars =...
7.5CVSS
6.7AI Score
0.0004EPSS
ws affected by a DoS when handling a request with many HTTP headers
Impact A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server. Proof of concept ```js const http = require('http'); const WebSocket = require('ws'); const wss = new WebSocket.Server({ port: 0 }, function () { const chars =...
7.5CVSS
6.5AI Score
0.0004EPSS
CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
0.0004EPSS
CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
7AI Score
0.0004EPSS
CVE-2024-6059 Ingenico Estate Manager News Feed messages cross site scripting
A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may...
2.4CVSS
0.0004EPSS
A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next...
5.5CVSS
5.1AI Score
0.0004EPSS
h3. Issue Summary When pagination(start, limit parameter) is used in a GET /rest/api/user/list REST API call, duplicate users are observed. This is reproducible on Data Center: yes h3. Steps to Reproduce # On a Confluence instance with multiple users from external and internal directories, run...
7.3AI Score
Fujian Kelixin Communication - Command Injection
A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file...
6.3CVSS
6.8AI Score
0.001EPSS
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex...
4.3CVSS
4.5AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...
7.9CVSS
7.6AI Score
0.0004EPSS
It was identified that if a cross-cluster API key https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body restricts search for a given index using the query or the field_security parameter,...
6.5CVSS
6.9AI Score
0.0004EPSS
A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run continuously, potentially affecting the system availability if the alerting rule is running complex...
4.3CVSS
4.5AI Score
0.0004EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...
7.9CVSS
7.6AI Score
0.0004EPSS
BIT-cilium-operator-2024-37307
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium...
7.9CVSS
7.6AI Score
0.0004EPSS
Improper Check For Unusual Or Exceptional Conditions
lnbits is vulnerable to Improper Check For Unusual Or Exceptional Conditions. The vulnerability is due to the blocking API call which leads to a timeout if a payment is not settled within 30...
8.1CVSS
6.7AI Score
0.0004EPSS
snipe/snipe-it is vulnerable to Missing Authorization. The vulnerability is due to the lack of authorization checks in the API endpoint, allowing users with "User" and "Self" permissions to modify group memberships without verifying if they are...
7.6CVSS
6.7AI Score
0.0004EPSS
object-deep-assign Prototype Pollution
alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign...
6.7AI Score
0.0004EPSS
7.8CVSS
8.8AI Score
0.001EPSS
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially...
7.1AI Score
0.0004EPSS
Badger Database Prototype Pollution
A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via...
8AI Score
0.0004EPSS
almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269)...
7.6AI Score
0.0004EPSS
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
6.8AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
flatten-json Prototype Pollution
A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON...
7.6AI Score
0.0004EPSS
8CVSS
8AI Score
0.0004EPSS