Lucene search
K

2294 matches found

NVD
NVD
added 2024/06/25 1:15 p.m.23 views

CVE-2024-6301

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

7.5CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 2024/06/25 1:2 p.m.53 views

CVE-2024-6299

Conduit versions prior to v0.8.0 are affected by CVE-2024-6299 due to improper handling of key expiry during signature validation. An attacker who has compromised an expired key can forge requests to the remote server and craft PDUs with timestamps past expiry. The root cause is lack of considera...

4.8CVSS4.7AI score0.00161EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/25 1:2 p.m.23 views

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

5.3CVSS7AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/25 1:2 p.m.38 views

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...

5.3CVSS0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/06/25 12:0 a.m.5 views

Conduit Security Vulnerabilities

Conduit is a simple, fast and reliable chat server from the individual developer Timo Kösters. A security vulnerability exists in Conduit versions prior to v0.8.0, which stems from a key expiration that is not taken into account when verifying signatures, which could lead to an attacker using the...

4.8CVSS6.8AI score0.00161EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/18 8:3 p.m.54 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...

9.8CVSS7.6AI score0.02918EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2024/06/17 12:0 a.m.22 views

CVE-2024-37664

Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router...

0.00374EPSS
Exploits1References1
OSV
OSV
added 2024/06/14 1:59 p.m.36 views

RLSA-2024:3346 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288...

7.5CVSS8.1AI score0.91969EPSS
Exploits1References5
NVD
NVD
added 2024/06/11 3:15 a.m.18 views

CVE-2024-34684

On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...

6CVSS0.00143EPSS
Exploits0References2
OSV
OSV
added 2024/06/11 3:15 a.m.3 views

CVE-2024-34684

On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...

6CVSS5.8AI score0.00143EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/11 2:20 a.m.15 views

CVE-2024-34684 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)

On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...

3.7CVSS6.8AI score0.00143EPSS
Exploits0References2
CVE
CVE
added 2024/06/11 2:20 a.m.58 views

CVE-2024-34684

CVE-2024-34684 affects SAP BusinessObjects Business Intelligence Platform (Scheduling) on Unix. An authenticated attacker with local administrator access can access the password of a local account, enabling retrieval of non-administrative credentials and allowing read/modify of remote server file...

6CVSS4.4AI score0.00143EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/06/11 2:20 a.m.26 views

CVE-2024-34684 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)

On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...

3.7CVSS0.00143EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.28 views

OpenSSL 0.9.8 < 0.9.8d Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.8d. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8d advisory. - The getserverhello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions...

10CVSS7.3AI score0.48575EPSS
Exploits10References9
NVD
NVD
added 2024/06/06 6:15 p.m.36 views

CVE-2024-4889

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...

7.2CVSS0.00859EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/06/06 5:53 p.m.32 views

CVE-2024-4889 Code Injection in berriai/litellm

A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...

7.2CVSS0.00859EPSS
Exploits1References1
CVE
CVE
added 2024/06/06 5:53 p.m.62 views

CVE-2024-4889

CVE-2024-4889 affects berriai/litellm 1.34.6. The issue stems from unvalidated input in the secret management system’s eval function. When Google KMS is configured, an attacker can set UI_LOGO_PATH to a remote server in get_image, allowing writes to a malicious Google KMS configuration file at ca...

7.2CVSS7.2AI score0.00859EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/05/27 3:32 a.m.104 views

CVE-2024-5399

Openfind Mail2000 is affected by an OS command injection vulnerability (CVE-2024-5399) stemming from improper filtering of parameters in a specific API. The flaw allows remote attackers with administrative privileges to execute arbitrary system commands on the remote server. The issue is reported...

7.2CVSS7.4AI score0.00562EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/27 3:32 a.m.40 views

CVE-2024-5399 Openfind Mail2000 - OS Command Injection

Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...

7.2CVSS7.4AI score0.00562EPSS
Exploits0References1
OSV
OSV
added 2024/05/23 12:0 a.m.40 views

ALSA-2024:3346 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288...

7.5CVSS7.8AI score0.91969EPSS
Exploits1References10
Rows per page
Query Builder