Lucene search
K

13686 matches found

Positive Technologies
Positive Technologies
added 2024/10/21 12:0 a.m.11 views

PT-2024-33854

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.10.0+ Description: A problem was fixed in the Linux kernel involving a bug in the ext4 fast-commit replay path. This issue can be triggered with fstest generic/629 on a filesystem with the fast-commit feature...

5.5CVSS5.5AI score0.00221EPSS
Exploits0
NVD
NVD
added 2024/10/17 6:15 p.m.27 views

CVE-2024-49400

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That...

9.8CVSS0.00442EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.3 views

PT-2024-33270 · Putongoj · Putongoj

Name of the Vulnerable Software and Affected Versions: PutongOJ versions prior to 2.1.0-beta.1 Description: PutongOJ is online judging software. Unprivileged users can escalate privileges by constructing requests, leading to unauthorized access and enabling users to perform admin-level operations...

9.1CVSS7.3AI score0.00453EPSS
Exploits0References11
OSV
OSV
added 2024/10/15 8:15 p.m.4 views

AZL-50618 CVE-2024-44337 affecting package cri-o for versions less than 1.22.3-12

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

5.1CVSS7AI score0.00501EPSS
Exploits1References1
OSV
OSV
added 2024/10/15 8:15 p.m.1 views

DEBIAN-CVE-2024-44337

The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion v0.0.0-20240729232818-a2a9c4f, which corresponds with commit a2a9c4f76ef5a5c32108e36f7c47f8d310322252, there was a logical problem in the paragraph function of the...

5.1CVSS5.8AI score0.00501EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/10/15 1:44 p.m.555 views

Exploit for CVE-2024-44337

CVE-2024-44337 CVE-2024-44337 POC The package github.com/gom...

5.1CVSS6.8AI score0.00501EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/10/13 12:0 a.m.17 views

CBL Mariner 2.0 Security Update: kernel (CVE-2024-46679)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46679 advisory. - In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when...

4.7CVSS5.9AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2024/10/11 3:15 p.m.3 views

DEBIAN-CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

7.5CVSS5.6AI score0.00438EPSS
Exploits0References1
OSV
OSV
added 2024/10/11 3:15 p.m.3 views

UBUNTU-CVE-2024-45403

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...

7.5CVSS5.8AI score0.00632EPSS
Exploits0References6
CVE
CVE
added 2024/10/11 2:38 p.m.66 views

CVE-2024-45402

CVE-2024-45402 describes a double free in Picotls when parsing a spoofed TLS handshake, specifically in bindings that call crypto libraries. The issue causes the same memory to be freed twice during disposal of multiple objects with no intervening malloc, potentially triggering malloc abort and, ...

9.8CVSS8.8AI score0.00461EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/11 2:36 p.m.14 views

CVE-2024-45396 Quicly assertion failures

Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using quicly. The vulnerability is addressed with commit...

7.5CVSS7AI score0.00561EPSS
Exploits0References2
OSV
OSV
added 2024/10/11 2:28 p.m.12 views

CVE-2024-45403 H2O assertion failure when HTTP/3 requests are cancelled

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...

3.7CVSS6.6AI score0.00632EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/10/11 2:28 p.m.17 views

CVE-2024-45403

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion failure. The crash can be exploited by an attacker to mount a Denial-of-Service attack. By default, th...

7.5CVSS5.4AI score0.00632EPSS
Exploits0
CVE
CVE
added 2024/10/11 2:28 p.m.64 views

CVE-2024-45403

CVE-2024-45403 affects the H2O HTTP server when configured as a reverse proxy. The issue is an assertion failure caused by cancelled HTTP/3 requests, enabling a denial-of-service attack. By default, the standalone H2O server restarts automatically, which mitigates impact, but concurrent requests ...

7.5CVSS4.4AI score0.00632EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/11 2:24 p.m.15 views

CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

5.9CVSS7.2AI score0.00438EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/11 2:24 p.m.24 views

CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

5.9CVSS0.00438EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/10/11 2:24 p.m.15 views

CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

7.5CVSS5.6AI score0.00438EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/10/11 2:20 p.m.13 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS6.7AI score0.00428EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/10/11 2:20 p.m.21 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS0.00428EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.3 views

PT-2024-31600 · Quicly · Quicly

Name of the Vulnerable Software and Affected Versions: Quicly versions up to commtit d720707 Description: Quicly is an IETF QUIC protocol implementation. It is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes the...

7.5CVSS7.5AI score0.00561EPSS
Exploits0References8
Rows per page
Query Builder