2294 matches found
CVE-2024-6301
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...
CVE-2024-6299
Conduit versions prior to v0.8.0 are affected by CVE-2024-6299 due to improper handling of key expiry during signature validation. An attacker who has compromised an expired key can forge requests to the remote server and craft PDUs with timestamps past expiry. The root cause is lack of considera...
CVE-2024-6301 Origin Validation Error in Conduit
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...
CVE-2024-6301 Origin Validation Error in Conduit
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs...
Conduit Security Vulnerabilities
Conduit is a simple, fast and reliable chat server from the individual developer Timo Kösters. A security vulnerability exists in Conduit versions prior to v0.8.0, which stems from a key expiration that is not taken into account when verifying signatures, which could lead to an attacker using the...
Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server
Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in a security bulletin CVE-2023-45853, CVE-2023-29267, CVE-2024-25710, CVE-2024-26308, CVE-2023-45178, CVE-2024-28762, CVE-2024-28757, CVE-2024-29025,...
CVE-2024-37664
Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router...
RLSA-2024:3346 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288...
CVE-2024-34684
On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...
CVE-2024-34684
On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...
CVE-2024-34684 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)
On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...
CVE-2024-34684
CVE-2024-34684 affects SAP BusinessObjects Business Intelligence Platform (Scheduling) on Unix. An authenticated attacker with local administrator access can access the password of a local account, enabling retrieval of non-administrative credentials and allowing read/modify of remote server file...
CVE-2024-34684 Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling)
On Unix, SAP BusinessObjects Business Intelligence Platform Scheduling allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read o...
OpenSSL 0.9.8 < 0.9.8d Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.8d. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8d advisory. - The getserverhello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions...
CVE-2024-4889
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...
CVE-2024-4889 Code Injection in berriai/litellm
A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the...
CVE-2024-4889
CVE-2024-4889 affects berriai/litellm 1.34.6. The issue stems from unvalidated input in the secret management system’s eval function. When Google KMS is configured, an attacker can set UI_LOGO_PATH to a remote server in get_image, allowing writes to a malicious Google KMS configuration file at ca...
CVE-2024-5399
Openfind Mail2000 is affected by an OS command injection vulnerability (CVE-2024-5399) stemming from improper filtering of parameters in a specific API. The flaw allows remote attackers with administrative privileges to execute arbitrary system commands on the remote server. The issue is reported...
CVE-2024-5399 Openfind Mail2000 - OS Command Injection
Openfind Mail2000 does not properly filter parameters of specific API. Remote attackers with administrative privileges can exploit this vulnerability to execute arbitrary system commands on the remote server...
ALSA-2024:3346 Important: git-lfs security update
Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288...