Lucene search
K

4721 matches found

Github Security Blog
Github Security Blog
added 2024/11/29 9:31 p.m.33 views

Withdrawn Advisory: Symfony http-security has authentication bypass

Withdrawn Advisory This advisory has been withdrawn because the report is not part of a valid vulnerability. This link is maintained to preserve external references. For more information, see advisory-database/pull/5046. Original Description In Symfony, a security vulnerability was identified in...

7.5CVSS7.6AI score0.00761EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2024/11/29 7:15 p.m.14 views

CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

7.5CVSS0.00761EPSS
Exploits0References5
OSV
OSV
added 2024/11/29 7:15 p.m.3 views

DEBIAN-CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

7.5CVSS5.4AI score0.00761EPSS
Exploits0References1
OSV
OSV
added 2024/11/29 7:15 p.m.2 views

UBUNTU-CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/11/29 12:0 a.m.9 views

CVE-2024-36611

In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic...

7.6AI score0.00761EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2024/11/28 8:0 a.m.5 views

AES-SIV implementation ignores empty associated data entries

...

5.3CVSS6.7AI score0.00525EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/11/28 3:56 a.m.2 views

SUSE CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

5.5CVSS7AI score0.00234EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/11/28 12:0 a.m.16 views

CBL Mariner 2.0 Security Update: hvloader (CVE-2023-2975)

The version of hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-2975 advisory. - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated...

5.3CVSS6.9AI score0.00525EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2024/11/27 12:15 p.m.3 views

CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

5.5CVSS7.3AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 12:15 p.m.5 views

DEBIAN-CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

5.5CVSS4.6AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 12:15 p.m.2 views

UBUNTU-CVE-2024-42328

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

5.5CVSS5.8AI score0.00234EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/27 12:4 p.m.18 views

CVE-2024-42328 JS - Crash on empty HTTP server response

When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curlwritecb when receiving data. If the server's response is an empty document, then wd-data in the code below will remain NULL and an attempt to read from it will...

3.3CVSS7.2AI score0.00234EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/11/27 12:0 a.m.4 views

PT-2024-9611 · Zabbix +3 · Zabbix +3

Name of the Vulnerable Software and Affected Versions: Browser object affected versions not specified Zabbix affected versions not specified Description: The issue is related to the handling of data downloaded from an HTTP server by the Browser object's web driver. When the server's response is a...

9.9CVSS6.6AI score0.78831EPSS
Exploits13References47
Vulnrichment
Vulnrichment
added 2024/11/26 5:33 a.m.25 views

CVE-2024-10781 Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'apikey' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for...

8.1CVSS7.9AI score0.03824EPSS
Exploits1References4
OSV
OSV
added 2024/11/21 6:0 a.m.1 views

BELL-CVE-2024-53082

Bulletin has no description...

7.1CVSS8.1AI score0.00236EPSS
Exploits0References1
CNVD
CNVD
added 2024/11/21 12:0 a.m.11 views

Unspecified vulnerability in Linux kernel (CNVD-2024-46446)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from an empty header address. No details of the vulnerability are provided at this time...

5.5CVSS6.6AI score0.00244EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel has a security vulnerability that stems from an empty header address. No details of the vulnerability are provided at this time...

5.5CVSS8.2AI score0.00244EPSS
Exploits0References5
OSV
OSV
added 2024/11/15 6:15 p.m.5 views

DEBIAN-CVE-2024-52510

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...

7.5CVSS5.3AI score0.00728EPSS
Exploits0References1
OSV
OSV
added 2024/11/15 6:15 p.m.2 views

UBUNTU-CVE-2024-52510

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...

7.5CVSS5.7AI score0.00728EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-35349 · Nextcloud +1 · Nextcloud Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.14.2 Description: The issue concerns the Nextcloud Desktop Client, a tool used to synchronize files from Nextcloud Server with a computer. It was found that the Desktop client did not stop with an...

4.2CVSS4.8AI score0.00728EPSS
Exploits0References19
Rows per page
Query Builder