Lucene search
K

70 matches found

OSV
OSV
added 2024/05/01 6:15 a.m.1 views

DEBIAN-CVE-2024-27013

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call backs to receive packets. If too many illegal packets arrives, tundoread will keep dumping packet contents. When console is enabled, ...

5.5CVSS5.7AI score0.00271EPSS
Exploits0References1
OSV
OSV
added 2024/05/01 6:15 a.m.7 views

AZL-42201 CVE-2024-27013 affecting package kernel for versions less than 5.15.158.1-1

In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhostworker will call tun call backs to receive packets. If too many illegal packets arrives, tundoread will keep dumping packet contents. When console is enabled, ...

5.5CVSS6.3AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2024/04/02 7:15 a.m.22 views

CVE-2024-26668

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this...

5.5CVSS7.4AI score0.00241EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/04/02 6:43 a.m.23 views

CVE-2024-26668 netfilter: nft_limit: reject configurations that cause integer overflow

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this...

7.6AI score0.00241EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/04/02 12:0 a.m.21 views

CVE-2024-26668

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftlimit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this...

5.5CVSS6.3AI score0.00241EPSS
Exploits0References30
OSV
OSV
added 2024/03/06 10:54 a.m.18 views

BIT-ENVOY-2023-27488 Envoy gRPC client produces invalid protobuf when an HTTP header with non-UTF8 value is received.

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failuremodeallow: true is configured for extauthz filter. For affected components that are used for loggin...

9.8CVSS7.4AI score0.00731EPSS
Exploits1References2
Wolfi
Wolfi
added 2024/03/06 12:31 a.m.420 views

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, crossplane-provider-gcp, slsa-verifier, falcoctl, restic, kube-fluentd-operator, argo-workflows, fuse-overlayfs-snapshotter, syft, capslock, pgpool2exporter, terraform-provider-google, kubernetes-event-exporter, ferretdb,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2024/03/06 12:31 a.m.121 views

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, aactl, kubernetes-csi-livenessprobe-fips, kyverno-policy-reporter-ui, falcosidekick-fips, hubble-ui-backend-fips, datadog-agent, k8ssandra-operator, certificate-transparency, dgraph, kube-bench, smarter-device-manager,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2024/03/05 11:15 p.m.570 views

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, cni-plugins, slsa-verifier, cue, argo-workflows, fuse-overlayfs-snapshotter, lazygit, nri-elasticsearch, capslock, kubernetes-event-exporter, ferretdb, dive, kustomize, up, kaf, go-md2man, scorecard, gh, thanos-operator,...

4.3CVSS6.7AI score0.0108EPSS
Exploits0
Wolfi
Wolfi
added 2023/11/10 7:15 p.m.87 views

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: metrics-server, kubernetes-csi-external-resizer, docker-compose, kubernetes, cri-tools, temporal, volume-modifier-for-k8s, buildkitd, kine, k3s, temporal-server, kubescape, kubevela, envoy-ratelimit...

7.5CVSS6.8AI score0.01592EPSS
Exploits0
Wolfi
Wolfi
added 2023/10/25 9:17 p.m.177 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: aactl, slsa-verifier, src, dgraph, up, buildkitd, falco, scorecard, terraform-provider-sendgrid, cortex, k3d, kubevela, kubescape, kubeflow, prometheus-blackbox-exporter, spark-operator...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2023/10/25 9:17 p.m.83 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: k3d, metrics-server-fips, aactl, kubernetes-csi-livenessprobe-fips, smarter-device-manager-fips, cluster-autoscaler-fips, kiam, falco, scorecard, slsa-verifier, volume-modifier-for-k8s-fips, kubescape, terraform-provider-sendgrid-fips, kubernetes-csi-livenessprobe,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2023/10/10 9:28 p.m.43 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, slsa-verifier, cue, fuse-overlayfs-snapshotter, kaf, scorecard, secrets-store-csi-driver-provider-gcp, kind, nri-prometheus, oauth2-proxy, buildkitd, metacontroller, gobuster, cosign, pulumi-language-dotnet, amass,...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2023/10/10 2:15 p.m.1577 views

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: newrelic-infrastructure-agent, slsa-verifier, cue, fuse-overlayfs-snapshotter, kaf, scorecard, secrets-store-csi-driver-provider-gcp, kind, nri-prometheus, oauth2-proxy, buildkitd, metacontroller, gobuster, cosign, pulumi-language-dotnet, amass,...

7.5CVSS7AI score0.99999EPSS
Exploits19
0day.today
0day.today
added 2022/09/20 12:0 a.m.282 views

Bookwyrm v0.4.3 - Authentication Bypass Vulnerability

Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3 Version: = 4.0.3 Tested on: MacOS Monterey CVE: CVE-2022-2651 Original...

9.8CVSS0.2AI score0.11382EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/09/20 12:0 a.m.333 views

Bookwyrm 0.4.3 Authentication Bypass

Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass Date: 2022-08-4 Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3 Version: = 4.0.3 Tested on: MacOS Monterey CVE:...

9.8CVSS0.5AI score0.11382EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/09/20 12:0 a.m.101 views

Bookwyrm v0.4.3 - Authentication Bypass

Exploit Title: Bookwyrm v0.4.3 - Authentication Bypass Date: 2022-08-4 Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/bookwyrm-social/bookwyrm Software Link: https://github.com/bookwyrm-social/bookwyrm/releases/tag/v0.4.3 Version: = 4.0.3 Tested on: MacOS Monterey CVE:...

9.8CVSS9.7AI score0.11382EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2022/05/20 11:47 p.m.34 views

CVE-2021-32678

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller OCSController using the @BruteForceProtection annotation. Risk depends on the installed...

5.3CVSS2.3AI score0.01374EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/07 8:25 p.m.26 views

CVE-2021-37629 Lack of ratelimit on Richdocuments OCS endpoint in nextcloud

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...

5.3CVSS5.4AI score0.0138EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/07/12 10:5 p.m.21 views

CVE-2021-32741 Lack of ratelimit on public share link mount endpoint

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...

5.3CVSS7.3AI score0.01322EPSS
Exploits0References3
Rows per page
Query Builder