Lucene search
K

2562 matches found

AlpineLinux
AlpineLinux
added 2020/10/16 5:5 p.m.37 views

CVE-2020-15254

Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that Vec::fromiter has allocated capacity that same as the number of iterator elements. Vec::fromiter does not actually guarantee that and may allocate extra...

9.8CVSS9AI score0.02743EPSS
Exploits1
Debian
Debian
added 2020/10/14 12:5 p.m.47 views

[SECURITY] [DLA 2407-1] tomcat8 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2407-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 14, 2020 https://wiki.debian.org/LTS -...

4.3CVSS5.1AI score0.57286EPSS
Exploits0
Veracode
Veracode
added 2020/10/13 4:49 a.m.38 views

Information Disclosure

apache tomcat is vulnerable to information disclosure. The HTTP headers within a request can potentially be included in a subsequent request and reveal confidential information, when the agreed maximum number of concurrent streams for a connection is exceeded...

4.3CVSS0.8AI score0.57286EPSS
Exploits0References10Affected Software2
Veracode
Veracode
added 2020/10/13 1:45 a.m.28 views

HTTP/2 Request Mix-up

tomcat-coyote is vulnerable to authorization bypass. The vulnerability exists as requests could contain HTTP headers of a previous request rather than the intended headers, if a HTTP/2 client has exceeded the agreed maximum number of concurrent streams for a connection...

4.3CVSS1.4AI score0.57286EPSS
Exploits0References14Affected Software6
OSV
OSV
added 2020/10/12 2:15 p.m.33 views

CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

4.3CVSS4.5AI score
Exploits0References7
NVD
NVD
added 2020/10/12 2:15 p.m.20 views

CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

4.3CVSS0.57286EPSS
Exploits0References7
OSV
OSV
added 2020/10/12 2:15 p.m.2 views

DEBIAN-CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

4.3CVSS6.8AI score0.57286EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/10/12 1:46 p.m.45 views

CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

4.8AI score0.57286EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2020/10/12 1:46 p.m.38 views

CVE-2020-13943

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection in violation of the HTTP/2 protocol, it was possible that a subsequent request made on that connection could...

4.3CVSS7.4AI score0.57286EPSS
Exploits0
NVD
NVD
added 2020/09/27 9:15 p.m.14 views

CVE-2020-25827

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...

7.5CVSS0.01752EPSS
Exploits1References4
OSV
OSV
added 2020/09/27 9:15 p.m.17 views

CVE-2020-25827

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...

7.5CVSS6.5AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/09/27 9:15 p.m.18 views

CVE-2020-25827

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...

7.5CVSS7AI score0.01752EPSS
Exploits1References5
Fedora
Fedora
added 2020/09/25 5:18 p.m.38 views

[SECURITY] Fedora 33 Update: rubygem-puma-4.3.6-1.fc33

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementati ons such as Rubinius and JRuby as well as as providing process worker...

7.5CVSS0.1AI score0.03977EPSS
Exploits0
Fedora
Fedora
added 2020/09/25 5:16 p.m.52 views

[SECURITY] Fedora 33 Update: jctools-3.1.0-1.fc33

This project aims to offer some concurrent data structures currently missing from the JDK: =EF=BF=BD=EF=BF=BD SPSC/MPSC/SPMC/MPMC Bounded lock free queues =EF=BF=BD=EF=BF=BD SPSC/MPSC Unbounded lock free queues =EF=BF=BD=EF=BF=BD Alternative interfaces for queues =EF=BF=BD=EF=BF=BD Offheap...

9.1CVSS3.8AI score0.13474EPSS
Exploits3
Kitploit
Kitploit
added 2020/09/20 11:30 a.m.35 views

CRLFuzz - A Fast Tool To Scan CRLF Vulnerability Written In Go

A fast tool to scan CRLF vulnerability written in Go Installation from Binary The installation is easy. You can download a prebuilt binary from releases page, unpack and run! or with $ curl -sSfL http://git.io/get-crlfuzz | sh -s -- -b /usr/local/bin from Source If you have go1.13+ compiler...

7.2AI score
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.3 views

GRUB2 contains a race condition leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing.

...

6.4CVSS7AI score0.00977EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2020/08/10 3:17 p.m.2 views

OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.3CVSS7.4AI score0.04029EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/10 3:17 p.m.5 views

OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.3CVSS7.4AI score0.04029EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/08/10 3:14 p.m.3 views

OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.3CVSS7.4AI score0.04029EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/08/06 12:0 a.m.241 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenJDK 8 vulnerabilities (USN-4453-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4453-1 advisory. Johannes Kuhn discovered that OpenJDK 8 incorrectly handled access control contexts. An attacker could possibly use this issue to...

8.3CVSS7AI score0.04315EPSS
Exploits0References9
Rows per page
Query Builder