Lucene search
K

13692 matches found

Vulnrichment
Vulnrichment
added 2024/10/11 2:24 p.m.15 views

CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

5.9CVSS7.2AI score0.00438EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/11 2:24 p.m.24 views

CVE-2024-45397 H2O alllows bypassing address-based access control with 0-RTT

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

5.9CVSS0.00438EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/10/11 2:24 p.m.15 views

CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based access control is used, the access control does not detect and prohibit HTTP requests conveyed by...

7.5CVSS5.6AI score0.00438EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/10/11 2:20 p.m.13 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS6.7AI score0.00428EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/10/11 2:20 p.m.21 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS0.00428EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.3 views

PT-2024-31600 · Quicly · Quicly

Name of the Vulnerable Software and Affected Versions: Quicly versions up to commtit d720707 Description: Quicly is an IETF QUIC protocol implementation. It is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure that crashes the...

7.5CVSS7.5AI score0.00561EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.6 views

PT-2024-31229 · Mirotalk · Mirotalk

Name of the Vulnerable Software and Affected Versions: Mirotalk versions before commit 9de226 Description: The issue is a DOM-based cross-site scripting XSS vulnerability. This allows attackers to execute arbitrary code by sending crafted payloads in messages to other users over RTC connections...

4.7CVSS6.7AI score0.00403EPSS
Exploits0References7
CVE
CVE
added 2024/10/11 12:0 a.m.45 views

CVE-2024-44731

CVE-2024-44731 concerns Mirotalk prior to commit 9de226, where a DOM-based XSS vulnerability exists. The issue allows an attacker to execute arbitrary code by sending crafted payloads in messages to other users over RTC connections. The documented root cause is a DOM-based XSS in the messaging pa...

4.7CVSS6.6AI score0.00403EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/10/11 12:0 a.m.4 views

PT-2024-31607 · H2O · H2O

Name of the Vulnerable Software and Affected Versions: h2o versions prior to the version containing commit 1ed32b2 Description: The issue affects h2o, an HTTP server that supports HTTP/1.x, HTTP/2, and HTTP/3. When configured as a reverse proxy, h2o may crash due to an assertion failure if HTTP/3...

7.5CVSS6.9AI score0.00632EPSS
Exploits0References14
NVD
NVD
added 2024/10/09 7:15 p.m.11 views

CVE-2024-47812

ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...

6CVSS0.00395EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/09 6:21 p.m.14 views

CVE-2024-47815 Cross-site Scripting in IncidentReporting

IncidentReporting is a MediaWiki extension for moving incident reports from wikitext to database tables. There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. Some are available to anyone who has the editincidents right, some are available to those w...

6CVSS6.7AI score0.00402EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/09 6:12 p.m.12 views

CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump

ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...

6CVSS6.1AI score0.00395EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/09 6:12 p.m.17 views

CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump

ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...

6CVSS0.00395EPSS
Exploits0References3
OSV
OSV
added 2024/10/09 6:12 p.m.9 views

CVE-2024-47812 Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump

ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki typically administrators and interface admins can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This...

6CVSS6.1AI score0.00395EPSS
Exploits0References5
Apache Tomcat
Apache Tomcat
added 2024/10/09 12:0 a.m.37 views

Fixed in Apache Tomcat 10.1.31

Important: Request and/or response mix-up CVE-2024-52317 Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This was fixed with commit 146f94f8. This issue was identified by the Tomcat Security Team on 1 October 2024...

9.8CVSS7.3AI score0.06287EPSS
Exploits2Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/09 12:0 a.m.4 views

PT-2024-32842 · Ssoready +1 · Ssoready +1

Name of the Vulnerable Software and Affected Versions: SSOReady versions prior to 7f92a06 Description: The issue concerns XML signature bypass attacks. An attacker can exploit differential behavior between XML parsers to carry out signature bypass if they have access to certain IDP-signed message...

9.9CVSS6.4AI score0.97781EPSS
Exploits21References141
Vulnrichment
Vulnrichment
added 2024/10/07 9:30 p.m.13 views

CVE-2024-47781 Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki

CreateWiki is an extension used at Miraheze for requesting & creating wikis. The name of requested wikis is not escaped on Special:RequestWikiQueue, so a user can insert arbitrary HTML that is displayed in the request wiki queue when requesting a wiki. If a wiki creator comes across the XSS...

5.3CVSS6.1AI score0.003EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/10/04 12:0 a.m.6 views

The vulnerability in the script /view/DBManage/Backup_Server_commit.php of the D-Link DAR-7000 and DAR-8000 router microprogramming software allows a attacker to execute arbitrary commands.

The vulnerability of the /view/DBManage/BackupServercommit.php script of the D-Link DAR-7000 and DAR-8000 router microprogramming systems exists due to the failure to address the need to neutralize certain special elements used in the operating system commands. Exploiting this vulnerability allow...

10CVSS6.9AI score0.16194EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2024/09/28 2:50 a.m.2 views

SUSE CVE-2024-46867

In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in showmeminfo There is a real deadlock as well as sleeping in atomic bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix...

5.5CVSS7.6AI score0.00139EPSS
Exploits0References3
OSV
OSV
added 2024/09/27 6:15 p.m.3 views

CVE-2024-9301

A path traversal issue in E2Nest prior to commit 8a41948e553c89c56b14410c6ed395e9cfb9250a...

7.5CVSS5.8AI score0.00682EPSS
Exploits0References1
Rows per page
Query Builder