CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5831 matches found

Rapid7 Blog•added 2024/09/23 1:0 p.m.•11 views

Expanding the Security Horizon: Introducing Rapid7 MDR for the Extended Ecosystem

As the cybersecurity landscape gets more complex, the stakes for keeping organizations safe have never been higher. Security teams are tasked with keeping ahead of new ransomware groups, rapidly evolving adversary tactics, and their dynamic attack surface as their business grows. Security...

7.1AI score

Exploits0

OSV•added 2024/09/21 7:10 a.m.•8 views

BIT-ENVOY-2024-45807 oghttp2 crash on OnBeginHeadersForStream in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using oghttp as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To resolve this Envoy will switch off the oghttp2 by default. The impact of this issue is that envoy wi...

7.5CVSS7.5AI score0.00471EPSS

Exploits0References2

OSV•added 2024/09/21 7:10 a.m.•14 views

BIT-ENVOY-2024-45809 Jwt filter crash in the clear route cache with remote JWKs in envoy

Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, which requires async header processing; 2. clearroutecache is enabled on the provider; 3. header...

7.5CVSS6.3AI score0.00372EPSS

Exploits0References2

OSV•added 2024/09/21 7:10 a.m.•12 views

BIT-ENVOY-2024-45810 Envoy crashes for LocalReply in http async client

Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling sendLocalReply under some circumstance, e.g., websocket upgrade, and requests mirroring. The http async client will crash during the sendLocalReply in http async client, one...

7.5CVSS6.8AI score0.00641EPSS

Exploits1References2

NVD•added 2024/09/20 12:15 a.m.•38 views

CVE-2024-45807

7.5CVSS0.00471EPSS

Exploits0References1

CVE•added 2024/09/19 11:34 p.m.•50 views

CVE-2024-45807

CVE-2024-45807 affects Envoy 1.31.x where the default HTTP/2 codec is the oghttp implementation. The issue stems from bugs in stream management within oghttp2, which can cause Envoy to crash. A fix is available: upgrade to 1.31.2 (addressed in multiple advisories). Workarounds include disabling o...

7.5CVSS7.5AI score0.00471EPSS

Exploits0References1Affected Software1

CVE•added 2024/09/19 10:54 p.m.•110 views

CVE-2023-27584

CVE-2023-27584 affects Dragonfly2, an open-source P2P file distribution system. The vulnerability is caused by a hard-coded JWT secret key, "Secret Key", which enables authentication bypass. An attacker can perform actions with admin privileges by crafting a valid JWT token, potentially accessing...

9.8CVSS9.5AI score0.29837EPSS

Exploits1References2Affected Software1

AlpineLinux•added 2024/09/19 10:51 p.m.•14 views

CVE-2024-45410

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

9.8CVSS8.6AI score0.015EPSS

Exploits0

OSV•added 2024/09/15 7:37 p.m.•13 views

RHSA-2012:0039 Red Hat Security Advisory: mod_cluster-native security update

Bulletin has no description...

7.5CVSS6.2AI score0.0317EPSS

Exploits1References8

OSV•added 2024/09/15 7:37 p.m.•12 views

RHSA-2012:0037 Red Hat Security Advisory: mod_cluster-native security update

Bulletin has no description...

7.5CVSS6.2AI score0.0317EPSS

Exploits1References8

OSV•added 2024/09/15 7:37 p.m.•20 views

RHSA-2012:0035 Red Hat Security Advisory: mod_cluster-native security update

Bulletin has no description...

7.5CVSS6.2AI score0.0317EPSS

Exploits1References7

CNVD•added 2024/09/13 12:0 a.m.•7 views

IBM Concert Information Disclosure Vulnerability

IBM Concert is a new tool from International Business Machines IBM Inc. that uses generative AI to help manage complex cloud-native applications. A security vulnerability exists in IBM Concert version 1.0 that stems from not setting a security attribute on an authorization token or session cookie...

4.3CVSS6.3AI score0.0022EPSS

Exploits0References1

Pen Test Partners Blog•added 2024/09/12 5:16 a.m.•12 views

Living off the land, GPO style

TL;DR The ability to edit Group Policy Object GPOs from non-domain joined computers using the native Group Policy editor has been on my list for a long time. This blog post takes a deep dive into what steps were taken to find out why domain joined machines are needed in the first place and what...

7.4AI score

Exploits0

OSV•added 2024/09/10 5:15 p.m.•1 views

CVE-2024-37966

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability...

7.1CVSS5.8AI score0.02193EPSS

Exploits0References1

OSV•added 2024/09/10 5:15 p.m.•2 views

CVE-2024-37342

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability...

4.3CVSS5.8AI score0.0166EPSS

Exploits0References1