Lucene search
K

259 matches found

Cvelist
Cvelist
added 2024/07/24 4:49 p.m.129 views

CVE-2024-41110 Moby authz zero length regression

Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins AuthZ under specific circumstances. The base likelihood of this being...

9.9CVSS0.16496EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2024/07/15 12:0 a.m.17 views

EulerOS 2.0 SP10 : golang (EulerOS-SA-2024-1909)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaini...

7.5CVSS7.8AI score0.91969EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2024/07/06 2:58 a.m.5 views

SUSE CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

7.5CVSS7.3AI score0.00494EPSS
Exploits0References10
NVD
NVD
added 2024/07/04 9:15 p.m.25 views

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

8.6CVSS0.00494EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/04 12:0 a.m.26 views

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

8.6CVSS0.00494EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/07/04 12:0 a.m.18 views

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

8.6CVSS7.3AI score0.00494EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/06/20 12:39 p.m.4 views

golang: net/mail: comments in display names are incorrectly handled

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

7.5CVSS7.3AI score0.01042EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/30 12:34 a.m.11 views

Symfony2 security issue when the trust proxy mode is enabled

An application is vulnerable if it uses the client IP address as returned by the Request::getClientIp method for sensitive decisions like IP based access control. To fix this security issue, the following changes have been made to all versions of Symfony2: A new Request::setTrustedProxies method...

7.1AI score
Exploits0References7Affected Software2
RedHat Linux
RedHat Linux
added 2024/05/22 11:47 a.m.5 views

golang: net/mail: comments in display names are incorrectly handled

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

7.5CVSS7.3AI score0.01042EPSS
Exploits0References4
NVD
NVD
added 2024/05/14 11:57 a.m.33 views

CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch CWE-297. When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be...

7.7CVSS7.5AI score0.00464EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/05/13 6:0 p.m.17 views

CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch CWE-297. When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be...

7.7CVSS5.7AI score0.00464EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.5 views

PT-2024-11905 · Unknown +2 · Strongswan +2

Name of the Vulnerable Software and Affected Versions: strongSwan versions 5.9.2 through 5.9.5 Description: The issue is related to authorization bypass through improper validation of certificates with host mismatch. When certificates are used to authenticate clients in TLS-based EAP methods, the...

7.7CVSS6.9AI score0.00464EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.25 views

RHEL 8 : polkit (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - polkit: Improper handling of user with uid INTMAX leading to authentication bypass CVE-2018-19788 - In...

8AI score0.11483EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/04/30 1:33 p.m.5 views

golang: net/mail: comments in display names are incorrectly handled

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

7.5CVSS7.3AI score0.01042EPSS
Exploits0References4
OSV
OSV
added 2024/04/12 11:7 a.m.4 views

OESA-2024-1432 golang security update

The Go Programming Language. Security Fixes: The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different...

7.5CVSS7AI score0.01042EPSS
Exploits0References2
Veracode
Veracode
added 2024/03/17 5:30 p.m.24 views

Interpretation Differences

net/mail in GO is vulnerable to Interpretation Differences. The vulnerability is due to the ParseAddressList function incorrectly handling comments text within parentheses inside display names. The parser handles the display names different then conforming address parsers, which could result in...

7.5CVSS6.5AI score0.01042EPSS
Exploits0References8Affected Software2
OSV
OSV
added 2024/03/12 8:24 a.m.20 views

BIT-GOLANG-2024-24784 Comments in display names are incorrectly handled in net/mail

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

7.5CVSS6.9AI score0.01042EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/03/09 12:0 a.m.40 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.22 (SUSE-SU-2024:0812-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0812-1 advisory. - Upgrade go to version 1.22.1 - CVE-2023-45289: net/http, net/http/cookiejar: incorrect...

7.5CVSS6.7AI score0.01165EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2024/03/06 4:33 a.m.4 views

SUSE CVE-2024-24784

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

7.5CVSS7.2AI score0.01042EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2024/03/06 3:33 a.m.76 views

CVE-2024-24784

A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using...

5.4CVSS7.2AI score0.01042EPSS
Exploits0References3
Rows per page
Query Builder