Lucene search
K

106 matches found

RedhatCVE
RedhatCVE
added 2024/12/02 10:50 a.m.16 views

CVE-2024-48916

A vulnerability in the Ceph Rados Gateway RadosGW OIDC provider allows attackers to bypass JWT signature verification by supplying a token with "none" as the algorithm alg. This occurs because the implementation fails to enforce strict signature validation, enabling attackers to forge valid token...

9.1CVSS6.6AI score0.00192EPSS
Exploits0References6
OSV
OSV
added 2024/05/30 12:23 p.m.27 views

SUSE-SU-2024:1868-1 Security update for apache2

This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code bsc1222330. - CVE-2024-24795: Fixed handling of malicious HTTP splitting response headers in multiple modules bsc1222332. - CVE-2024-27316: Fixed HTTP/2...

7.5CVSS7.5AI score0.91327EPSS
Exploits2References7
Palo Alto Networks
Palo Alto Networks
added 2024/05/16 4:0 p.m.101 views

Impact of TunnelVision Vulnerability

The Palo Alto Networks Product Security Assurance team has evaluated the TunnelVision vulnerability as it relates to our products. This issue allows an attacker with the ability to send DHCP messages on the same local area network, such as a rogue Wi-Fi network, to leak traffic outside of the...

7.6CVSS7AI score0.04063EPSS
Exploits1References1
ICS
ICS
added 2024/04/30 12:30 p.m.9 views

Hitachi Energy SDM600

SUMMARY Hitachi Energy is aware of multiple vulnerabilities that affect the SDM600 versions listed below. An attacker who managed to be authenticated to SDM600 and successfully exploit these vulnerabilities could elevate privileges and gain unauthorized access to the system. SDM600 version 1.3.4...

8AI score
Exploits0References9
Redos
Redos
added 2024/03/13 12:0 a.m.9 views

ROS-2-1694

2.1694 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...

8.1CVSS8.2AI score0.01607EPSS
Exploits0
OSV
OSV
added 2024/02/02 12:51 p.m.13 views

SUSE-SU-2024:0321-1 Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Updated to version 11.0.22 January 2024 CPU: - CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM due to a missing bounds check bsc1218907. - CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class file verifier...

7.4CVSS7AI score0.01026EPSS
Exploits0References13
Imperva Blog
Imperva Blog
added 2024/01/03 2:21 p.m.59 views

HTTP/2 Rapid Reset Mitigation With Imperva WAF

In the modern application landscape, where businesses are constantly under the threat of cyber attacks, one of the most recent to emerge is HTTP/2 Rapid Reset CVE-2023-44487, a type of Distributed Denial-of-Service DDoS attack. This attack is larger than any previously reported application layer...

5CVSS7.8AI score0.99999EPSS
Exploits19
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/21 1:24 p.m.30 views

Security Bulletin: There is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2023-26049)

Summary There is a vulnerability in jetty-http-9.4.48.v20220622.jar used by IBM Maximo Manage application in IBM Maximo Application Suite CVE-2023-26049 Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive informatio...

5.3CVSS5.4AI score0.013EPSS
Exploits0Affected Software1
CISA
CISA
added 2023/10/10 12:0 p.m.23 views

HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487

Researchers and vendors have disclosed a denial-of-service DoS vulnerability in HTTP/2 protocollink is external. The vulnerability CVE-2023-44487link is external, known as Rapid Reset, has been exploited in the wild in August 2023 through October 2023. CISA recommends organizations that provide...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References9
Prion
Prion
added 2023/09/27 3:19 p.m.21 views

Code injection

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with policy.cilium.io/proxy-visibility annotations in Cilium = v1.13 or io.cilium.proxy-visibility annotations in Cilium...

2.7CVSS4AI score0.00448EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/16 8:25 p.m.20 views

CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

5.3CVSS5.3AI score0.00646EPSS
Exploits1References4
OSV
OSV
added 2023/07/05 9:34 p.m.13 views

GHSA-W24W-WP77-QFFM CometBFT may duplicate transactions in the mempool's data structures

Impact The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index if any of the transaction in the list. Unfortunately, it is possible to have...

8.2CVSS8AI score0.00901EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/07/05 9:34 p.m.15 views

CometBFT may duplicate transactions in the mempool's data structures

Impact The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time in the sense that the map tracks the index if any of the transaction in the list. Unfortunately, it is possible to have...

8.2CVSS6.7AI score0.00901EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2023/07/03 5:15 p.m.19 views

Code injection

CometBFT is a Byzantine Fault Tolerant BFT middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map. These two data structures are supposed to be in sync all the time ...

6.4CVSS7.8AI score0.00901EPSS
Exploits1References3Affected Software1
Microsoft Secure
Microsoft Secure
added 2023/06/29 4:0 p.m.47 views

Patch me if you can: Cyberattack Series

Many organizations utilize third-party apps for identity security solutions to automate and unburden overtaxed IT admins from tedious tasks that employees can perform via self-service without IT assistance. But in September 2021, our researchers observed threat actors exploiting one such...

7.5CVSS7.3AI score0.9896EPSS
Exploits8
OSV
OSV
added 2023/06/09 7:32 p.m.47 views

GHSA-Q36X-R5X4-H4Q6 Denial of service via HTTP/2 HEADERS frames padding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...

7.5CVSS7.3AI score0.01279EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/06/09 7:32 p.m.16 views

Denial of service via HTTP/2 HEADERS frames padding

A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.2. It is fixed in 1.20.0 and later releases. This vulnerability is caused by a logica...

7.8CVSS6.7AI score0.01279EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/31 11:38 p.m.49 views

Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Asset Management (CVE-2022-42003, CVE-2022-42004, CVE-2020-36518)

Summary There are several vulnerabilities in jackson-databind used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a lack of a check in the primitive value deserializers when the...

7.5CVSS7.8AI score0.0486EPSS
Exploits4Affected Software11
Positive Technologies
Positive Technologies
added 2023/05/09 12:0 a.m.5 views

PT-2023-14656 · WordPress · Hide My Wp Ghost – Security Plugin

Name of the Vulnerable Software and Affected Versions: The Hide My WP Ghost – Security Plugin plugin for WordPress versions up to, and including, 5.0.18 Description: The issue is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login...

6.5CVSS6.9AI score0.0032EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/11/22 12:0 a.m.25 views

GLSA-202211-05 : Mozilla Thunderbird: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202211-05 Mozilla Thunderbird: Multiple Vulnerabilities - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests migh...

9.8CVSS7.7AI score0.01061EPSS
Exploits0References15
Rows per page
Query Builder