Lucene search
K

604 matches found

NVD
NVD
added 2024/06/25 1:15 p.m.27 views

CVE-2024-6303

Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...

9.9CVSS0.00433EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/25 1:2 p.m.21 views

CVE-2024-6303 Missing Authorization in Conduit

Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...

9.9CVSS7.6AI score0.00433EPSS
Exploits0References2
CVE
CVE
added 2024/06/25 1:2 p.m.87 views

CVE-2024-6303

CVE-2024-6303 describes a missing authorization flaw in Conduit before or equal to version 0.7.0 in the Client-Server API. The vulnerability allows an attacker to remove and add any alias to a room, enabling privilege escalation by moving the #admins alias to a room under attacker control. This c...

9.9CVSS9.5AI score0.00433EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/06/25 1:2 p.m.18 views

CVE-2024-6303 Missing Authorization in Conduit

Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...

9.9CVSS7.1AI score0.00433EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/25 12:0 a.m.3 views

PT-2024-37525 · Conduit · Conduit

Name of the Vulnerable Software and Affected Versions: Conduit versions prior to 0.7.0 Description: The issue concerns missing authorization in the Client-Server API, allowing for unauthorized removal and addition of aliases to different rooms. This can be exploited for privilege escalation by...

9.9CVSS7.7AI score0.00433EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/22 12:0 a.m.34 views

Debian dla-3834 : libnetty-java - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3834 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3834-1 [email protected] https://www.debian.org/lts/security/...

5.3CVSS6.4AI score0.0138EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/06/20 12:39 p.m.5 views

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

5.9CVSS7.3AI score0.00667EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/06/18 12:0 a.m.4 views

AXIS OS Security Vulnerability

AXIS Os is an edge device operating system from Axis Sweden AXIS. A security vulnerability exists in AXIS OS versions 5.51 through 11.9, which stems from an O3C feature that could expose sensitive traffic between the client and the server...

5.3CVSS6.8AI score0.00205EPSS
Exploits0References2
NVD
NVD
added 2024/06/11 1:15 p.m.17 views

CVE-2024-2462

Allow attackers to intercept or falsify data exchanges between the client and the server...

6.8CVSS0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/11 12:48 p.m.8 views

CVE-2024-2462

Allow attackers to intercept or falsify data exchanges between the client and the server...

6.8CVSS6.9AI score0.00219EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.3 views

Hitachi FOXMAN-UN Security Vulnerability

Hitachi FOXMAN-UN is a powerful toolset for a comprehensive NMS suite from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi FOXMAN-UN that originates from a vulnerability that allows an attacker to intercept or forge data exchanges between a client and a server...

6.8CVSS6.8AI score0.00219EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.28 views

Fedora: Security Advisory (FEDORA-2024-b8e474fbd3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.7AI score0.01018EPSS
Exploits1References6
Fedora
Fedora
added 2024/06/02 3:39 a.m.36 views

[SECURITY] Fedora 39 Update: glances-4.0.5-2.fc39

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...

5.3CVSS5.6AI score0.01018EPSS
Exploits1
Fedora
Fedora
added 2024/06/02 1:23 a.m.33 views

[SECURITY] Fedora 40 Update: glances-4.0.5-2.fc40

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...

5.3CVSS5.6AI score0.01018EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.3 views

PT-2024-40376 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.0.x Description: The issue concerns the XMLEncoder component's failure to disable external entities when parsing XML, allowing for the inclusion of arbitrary files from the file system. This can be exploited in the Symfony2...

9.8CVSS7.3AI score
Exploits0References5
Fedora
Fedora
added 2024/04/20 2:14 a.m.37 views

[SECURITY] Fedora 38 Update: nghttp2-1.52.0-3.fc38

This package contains the HTTP/2 client, server and proxy programs...

5.3CVSS5.4AI score0.8496EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2024/04/18 3:15 p.m.35 views

CVE-2024-27306

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

6.1CVSS6.8AI score0.00666EPSS
Exploits0References6
Fedora
Fedora
added 2024/02/09 1:52 a.m.35 views

[SECURITY] Fedora 38 Update: python-aiohttp-3.9.3-1.fc38

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

7.5CVSS6.8AI score0.76875EPSS
Exploits16
Gentoo Linux
Gentoo Linux
added 2024/01/31 12:0 a.m.37 views

X.Org X Server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X Server and XWayland. Please review the CVE identifiers referenced below for details. Impact The X server can be crashed by a maliciou...

9.8CVSS8.5AI score0.02106EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/01/10 6:38 p.m.2 views

dotnet: Information Disclosure: MD.SqlClient(MDS) & System.data.SQLClient (SDS)

A vulnerability was found in the .NET Framework. This vulnerability exists in the Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data provider where an attackercan perform an AiTM adversary-in-the-middle attack between the SQL client and the SQL server. This may allow the attacker to stea...

8.7CVSS5.8AI score0.0118EPSS
Exploits0References5
Rows per page
Query Builder