Lucene search
K

258 matches found

Cvelist
Cvelist
added 2024/10/11 2:20 p.m.22 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS0.00428EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/10/11 2:20 p.m.14 views

CVE-2024-25622 H2O ignores headers configuration directives

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The configuration file of h2o has scopes, and the inner scopes e.g., path level are expected to inherit t...

3.1CVSS6.7AI score0.00428EPSS
Exploits1References3
AlmaLinux
AlmaLinux
added 2024/10/09 12:0 a.m.21 views

Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10...

8.1CVSS7.7AI score0.03009EPSS
Exploits0References10
OSV
OSV
added 2024/10/09 12:0 a.m.21 views

ALSA-2024:7869 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10...

8.1CVSS8AI score0.03009EPSS
Exploits0References10
OSV
OSV
added 2024/10/08 5:43 p.m.16 views

GHSA-7VW9-CFWX-9GX9 Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update the...

9.2CVSS8.2AI score0.02049EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/10/08 12:0 a.m.22 views

Ubuntu 22.04 LTS / 24.04 LTS : .NET vulnerabilities (USN-7058-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7058-1 advisory. Brennan Conroy discovered that the .NET Kestrel web server did not properly handle closing HTTP/3 streams under certain circumstances. An...

8.1CVSS8.6AI score0.03009EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/09/06 12:0 a.m.614 views

Nginx 1.25.x < 1.26.1 Multiple Vulnerabilities

According to its Server response header, the installed version of nginx is 1.25.x prior to 1.26.1. It is, therefore, affected by four security issues were identified in nginx HTTP/3 implementation, which might allow an attacker that uses a specially crafted QUIC session to cause a worker process...

6.5CVSS6.2AI score0.00917EPSS
Exploits0References5
Redos
Redos
added 2024/07/25 12:0 a.m.25 views

ROS-20240725-01

Vulnerability of HTTP/3 QUIC module ngxhttpv3module of NGINX Plus and NGINX OSS web servers is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service using specially craft...

5.3CVSS7.1AI score0.00917EPSS
Exploits0
Hacker One
Hacker One
added 2024/07/12 2:41 p.m.61 views

Internet Bug Bounty: CVE-2024-3416: MTU of 4096 or greater without fragmentation may cause NGINX worker processes to leak previously freed memory

A vulnerability was discovered in NGINX Plus or NGINX OSS when configured to use the HTTP/3 QUIC module. If the network infrastructure supported a Maximum Transmission Unit MTU of 4096 or greater without fragmentation, undisclosed QUIC packets could cause NGINX worker processes to leak previously...

9.8CVSS7.6AI score0.00941EPSS
Exploits1
Veracode
Veracode
added 2024/07/10 6:40 a.m.1073 views

Remote Code Execution (RCE)

.NET is vulnerable to Remote Code Execution RCE. The vulnerability is due to data corruption in Kestrel HTTP/3 server, which can result in remote code execution. An attacker can exploit this to execute arbitrary code on the affected system...

8.1CVSS8.5AI score0.02587EPSS
Exploits0References4Affected Software13
OSV
OSV
added 2024/07/09 9:14 p.m.31 views

GHSA-CHFC-9W6M-75RF Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their applicatio...

9.2CVSS8.3AI score0.02587EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/07/09 9:14 p.m.69 views

Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0. This advisory also provides guidance on what developers can do to update their applicatio...

8.1CVSS8AI score0.02587EPSS
Exploits0References5Affected Software12
OSV
OSV
added 2024/07/09 7:34 p.m.17 views

GO-2024-2973 Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes in github.com/traefik/traefik

Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes in github.com/traefik/traefik...

7.5CVSS7.3AI score0.00594EPSS
Exploits0References5
Veracode
Veracode
added 2024/07/08 5:51 a.m.10 views

Authorization Bypass

github.com/traefik/traefik is vulnerable to Authorization Bypass.The vulnerability is caused due to improper handling of HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses, which allows an attacker to bypass IP allow-lists...

7.5CVSS6.6AI score0.00594EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/08 12:0 a.m.14 views

FreeBSD : traefik -- Bypassing IP allow-lists via HTTP/3 early data requests (767dfb2d-3c9e-11ef-a829-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 767dfb2d-3c9e-11ef-a829-5404a68ad561 advisory. The traefik authors report: There is a vulnerability in Traefik that allows bypassing IP allow-lists vi...

7.5CVSS8AI score0.00594EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/07/07 3:55 p.m.12 views

CVE-2024-39321

An authorization bypass vulnerability was found in Traefik. This flaw allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Mitigation Mitigation for this issue is either not available or the currently available options do not meet...

7.5CVSS7.2AI score0.00594EPSS
Exploits0References7
OSV
OSV
added 2024/07/05 8:13 p.m.22 views

GHSA-GXRV-WF35-62W9 Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes

Impact There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.6 - https://github.com/traefik/traefik/releases/tag/v3.0.4 -...

8.7CVSS7.5AI score0.00594EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/07/05 8:13 p.m.26 views

Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes

Impact There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.6 - https://github.com/traefik/traefik/releases/tag/v3.0.4 -...

7.5CVSS6.8AI score0.00594EPSS
Exploits0References6Affected Software2
AlpineLinux
AlpineLinux
added 2024/07/05 6:15 p.m.16 views

CVE-2024-39321

Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...

7.5CVSS7.2AI score0.00594EPSS
Exploits0
NVD
NVD
added 2024/07/05 6:15 p.m.19 views

CVE-2024-39321

Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...

7.5CVSS0.00594EPSS
Exploits0References4
Rows per page
Query Builder