Lucene search
K

191 matches found

OSV
OSV
added 2024/10/21 6:15 p.m.5 views

AZL-51998 CVE-2024-49998 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: improve shutdown sequence Alexander Sverdlin presents 2 problems during shutdown with the lan9303 driver. One is specific to lan9303 and the other just happens to reproduce there. The first problem is that lan9303 is...

4.7CVSS6.7AI score0.00173EPSS
Exploits0References1
OSV
OSV
added 2024/10/21 6:15 p.m.1 views

UBUNTU-CVE-2024-49998

In the Linux kernel, the following vulnerability has been resolved: net: dsa: improve shutdown sequence Alexander Sverdlin presents 2 problems during shutdown with the lan9303 driver. One is specific to lan9303 and the other just happens to reproduce there. The first problem is that lan9303 is...

4.7CVSS6.2AI score0.00173EPSS
Exploits0References32
CVE
CVE
added 2024/10/21 6:2 p.m.132 views

CVE-2024-49998

CVE-2024-49998 affects the Linux kernel net: dsa shutdown sequence, specifically lan9303. Two shutdown-time races are described: (1) a driver data pointer (dev_get_drvdata) may be accessed after shutdown, risking an NPD if the remove path runs; (2) concurrent zeroization of conduit->dsa_ptr ca...

4.7CVSS4.6AI score0.00173EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/26 12:0 a.m.26 views

Apache CXF 3.6.x < 3.6.4, 4.0.x < 4.0.5 DoS

In versions of Apache CXF before 3.6.4 and 4.0.5 3.5.x and lower versions are not impacted, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out o...

7.5CVSS6.2AI score0.01197EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2024/07/23 9:17 a.m.36 views

CVE-2024-41172

A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory...

3.7CVSS6.3AI score0.01197EPSS
Exploits0References6
OSV
OSV
added 2024/07/19 9:32 a.m.2 views

GHSA-4MGG-FQFQ-64HG Apache CXF allows unrestricted memory consumption in CXF HTTP clients

In versions of Apache CXF before 3.6.4 and 4.0.5 3.5.x and lower versions are not impacted, a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out o...

6.3CVSS5.9AI score0.01197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.5 views

PT-2024-5101 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions 3.6.3 and earlier, 4.0.4 and earlier Description: The issue is related to a memory leak in the Apache CXF HTTP client conduit, which can prevent HTTPClient instances from being garbage collected. This can cause memory...

7.5CVSS6.8AI score0.01197EPSS
Exploits0References12
NVD
NVD
added 2024/06/25 1:15 p.m.23 views

CVE-2024-6301

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

7.5CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 2024/06/25 1:15 p.m.41 views

CVE-2024-6303

Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...

9.9CVSS0.00433EPSS
Exploits0References2
NVD
NVD
added 2024/06/25 1:15 p.m.16 views

CVE-2024-6300

Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction...

5.3CVSS0.00289EPSS
Exploits0References2
NVD
NVD
added 2024/06/25 1:15 p.m.24 views

CVE-2024-6299

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date...

4.8CVSS0.00161EPSS
Exploits0References2
OSV
OSV
added 2024/06/25 1:2 p.m.16 views

CVE-2024-6299 Use of a Key Past its Expiration Date in Conduit

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date...

4.8CVSS6.9AI score0.00161EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/25 1:2 p.m.29 views

CVE-2024-6299 Use of a Key Past its Expiration Date in Conduit

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date...

4.8CVSS0.00161EPSS
Exploits0References2
CVE
CVE
added 2024/06/25 1:2 p.m.54 views

CVE-2024-6299

Conduit versions prior to v0.8.0 are affected by CVE-2024-6299 due to improper handling of key expiry during signature validation. An attacker who has compromised an expired key can forge requests to the remote server and craft PDUs with timestamps past expiry. The root cause is lack of considera...

4.8CVSS4.7AI score0.00161EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/25 1:2 p.m.15 views

CVE-2024-6299 Use of a Key Past its Expiration Date in Conduit

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date...

4.8CVSS7.2AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2024/06/25 1:2 p.m.15 views

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

5.3CVSS6.8AI score0.00168EPSS
Exploits0References4
CVE
CVE
added 2024/06/25 1:2 p.m.77 views

CVE-2024-6301

Conduit (federation API) is affected by CVE-2024-6301: lack of origin validation in the federation API allows any remote server to impersonate any user from any server in most EDUs. The vulnerability affects Conduit versions prior to 0.8.0. Root cause: insufficient validation of origin in federat...

7.5CVSS6AI score0.00168EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/25 1:2 p.m.23 views

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

5.3CVSS7AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/25 1:2 p.m.39 views

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

5.3CVSS0.00168EPSS
Exploits0References2
OSV
OSV
added 2024/06/25 1:2 p.m.20 views

CVE-2024-6302 Improper Handling of Insufficient Permissions or Privileges in Conduit

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events...

8.1CVSS6.7AI score0.00284EPSS
Exploits0References4
Rows per page
Query Builder