Lucene search
K

661 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-28713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which...

6.5CVSS6.7AI score0.00332EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-28712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rogue backends can cause DoS of guests via high frequency events This CNA information record relates to multiple CVEs; the text explains which...

6.5CVSS6.7AI score0.00332EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2020-12862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important informatio...

4.3CVSS6.1AI score0.01077EPSS
Exploits1References2
OSV
OSV
added 2025/02/21 9:43 p.m.5 views

GHSA-J7JW-28JM-WHR6 lakeFS allows an authenticated user to cause a crash by exhausting server memory

Impact An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. Patches This problem has been patched and exists in versions 1.49.1 and below Workarounds On S3 backends, configure yaml ... blockstore: s3: disablepresignedmultipart: true...

6.5CVSS6.5AI score0.00412EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/02/21 9:43 p.m.26 views

lakeFS allows an authenticated user to cause a crash by exhausting server memory

Impact An authenticated user can crash lakeFS by exhausting server memory. This is an authenticated denial-of-service issue. Patches This problem has been patched and exists in versions 1.49.1 and below Workarounds On S3 backends, configure yaml ... blockstore: s3: disablepresignedmultipart: true...

6.5CVSS6.8AI score0.00412EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/02/03 8:29 p.m.23 views

CVE-2025-24961 Insecure path traversal in filesystem and filesystem-nio2 storage backends in org.gaul S3Proxy

org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been addressed in version 2.6.0. Users are advised to upgrade. There are no known workarounds for this...

6CVSS0.00506EPSS
Exploits0References3
PyPA
PyPA
added 2024/12/13 5:15 a.m.6 views

PYSEC-2024-158

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

7.1CVSS7.1AI score0.00547EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/12/13 5:15 a.m.12 views

CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

7.1CVSS0.00547EPSS
Exploits0References6
OSV
OSV
added 2024/12/13 5:15 a.m.2 views

DEBIAN-CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

7.1CVSS7AI score0.00547EPSS
Exploits0References1
OSV
OSV
added 2024/12/13 5:15 a.m.1 views

UBUNTU-CVE-2024-21543

Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks...

7.1CVSS5.8AI score0.00547EPSS
Exploits0References8
Snyk
Snyk
added 2024/11/09 2:32 p.m.1 views

Authentication Bypass

Overview djoser is a REST implementation of Django authentication system. Affected versions of this package are vulnerable to Authentication Bypass when the authenticate function fails. This is because the system falls back to querying the database directly, granting access to users with valid...

7.1CVSS7.1AI score0.00547EPSS
Exploits0References2
NVD
NVD
added 2024/10/11 3:15 p.m.13 views

CVE-2024-45402

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls specifically, bindings within picotls that call the crypto libraries may attempt to free the same memory twice. This double free occu...

9.8CVSS0.00461EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/11 2:38 p.m.26 views

CVE-2024-45402 Picotls double free

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls specifically, bindings within picotls that call the crypto libraries may attempt to free the same memory twice. This double free occu...

8.6CVSS0.00461EPSS
Exploits0References2
CVE
CVE
added 2024/10/11 2:38 p.m.66 views

CVE-2024-45402

CVE-2024-45402 describes a double free in Picotls when parsing a spoofed TLS handshake, specifically in bindings that call crypto libraries. The issue causes the same memory to be freed twice during disposal of multiple objects with no intervening malloc, potentially triggering malloc abort and, ...

9.8CVSS8.8AI score0.00461EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/09/16 4:46 a.m.11 views

RHSA-2021:1744 Red Hat Security Advisory: sane-backends security update

Bulletin has no description...

5.7CVSS5.7AI score0.00497EPSS
Exploits1References9
OSV
OSV
added 2024/09/16 4:35 a.m.15 views

RHSA-2020:3045 Red Hat Security Advisory: sane-backends security update

Bulletin has no description...

8CVSS8.1AI score0.03044EPSS
Exploits2References13
OSV
OSV
added 2024/09/16 4:35 a.m.11 views

RHSA-2020:2967 Red Hat Security Advisory: sane-backends security update

Bulletin has no description...

8CVSS8.1AI score0.03044EPSS
Exploits2References13
OSV
OSV
added 2024/09/16 4:35 a.m.11 views

RHSA-2020:2902 Red Hat Security Advisory: sane-backends security update

Bulletin has no description...

8CVSS8.1AI score0.03044EPSS
Exploits2References13
OSV
OSV
added 2024/08/26 9:14 p.m.4 views

CLSA-2024-1724706840 httpd: Fix of 8 CVEs

CVE-2024-38474: modrewrite: server weakness with encoded question marks in backreferences - CVE-2024-38475: modrewrite: server weakness in modrewrite when first segment of substitution matches filesystem path - CVE-2024-38477: modproxy: crash resulting in Denial of Service in modproxy via a...

9.8CVSS7.1AI score0.99957EPSS
Exploits5References1
CNNVD
CNNVD
added 2024/07/25 12:0 a.m.3 views

Open edX Platform 安全漏洞

Open edX Platform is an open source course management system CMS from Open edX Open Source. The system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. A security vulnerability exists in Open edX Platform that stems from the fact that for certain...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References3
Rows per page
Query Builder