13686 matches found
PT-2024-33854
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.10.0+ Description: A problem was fixed in the Linux kernel involving a bug in the ext4 fast-commit replay path. This issue can be triggered with fstest generic/629 on a filesystem with the fast-commit feature...
CVE-2024-49400
Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That...
PT-2024-33270 · Putongoj · Putongoj
Name of the Vulnerable Software and Affected Versions: PutongOJ versions prior to 2.1.0-beta.1 Description: PutongOJ is online judging software. Unprivileged users can escalate privileges by constructing requests, leading to unauthorized access and enabling users to perform admin-level operations...
AZL-50618 CVE-2024-44337 affecting package cri-o for versions less than 1.22.3-12
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...
DEBIAN-CVE-2024-44337
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...
Exploit for CVE-2024-44337
CVE-2024-44337 CVE-2024-44337 POC The package github.com/gom...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-46679)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46679 advisory. - In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when...
DEBIAN-CVE-2024-45397
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...
UBUNTU-CVE-2024-45403
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...
CVE-2024-45402
CVE-2024-45402 describes a double free in Picotls when parsing a spoofed TLS handshake, specifically in bindings that call crypto libraries. The issue causes the same memory to be freed twice during disposal of multiple objects with no intervening malloc, potentially triggering malloc abort and, ...
CVE-2024-45396 Quicly assertion failures
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...
CVE-2024-45403 H2O assertion failure when HTTP/3 requests are cancelled
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...
CVE-2024-45403
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...
CVE-2024-45403
CVE-2024-45403 affects the H2O HTTP server when configured as a reverse proxy. The issue is an assertion failure caused by cancelled HTTP/3 requests, enabling a denial-of-service attack. By default, the standalone H2O server restarts automatically, which mitigates impact, but concurrent requests ...
CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...
CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...
CVE-2024-45397
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...
CVE-2024-25622 H2O ignores headers configuration directives
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...
CVE-2024-25622 H2O ignores headers configuration directives
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...
PT-2024-31600 · Quicly · Quicly
Name of the Vulnerable Software and Affected Versions: Quicly versions up to commtit d720707 Description: Quicly is an IETF QUIC protocol implementation. It is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes the...