Lucene search
K

537 matches found

Circl
Circl
added 2024/11/13 4:20 p.m.2 views

GHSA-CG23-QF8F-62RR

creationtimestamp| type| source ---|---|--- 2024-11-13 16:20:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113476554727172279...

7.2AI score
Exploits0References1
Amd
Amd
added 2024/10/18 12:0 a.m.28 views

State Injection Into Hardware Prefetchers

Bulletin ID: AMD-SB-7023 Potential Impact: Data leakage via Side Channels Severity: N/A Summary A research paper titled ‘ ShadowLoad: Injecting State into Hardware Prefetchers ’ was provided to AMD in February 2024. The paper discusses the possibility for prefetchers to be used to inject cache...

6.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2024/10/08 3:39 p.m.6 views

What Google's U-Turn on Third-Party Cookies Means for Chrome Privacy

Earlier this year, Google ditched its plans to abolish support for third-party cookies in its Chrome browser. While privacy advocates called foul, the implications for users is not so clear cut...

7.2AI score
Exploits0
OSV
OSV
added 2024/10/03 7:38 a.m.18 views

BIT-GITLAB-2023-3441 Exposure of Sensitive Information Due to Incompatible Policies in GitLab

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches...

9.1CVSS7.5AI score0.00546EPSS
Exploits1References5
OSV
OSV
added 2024/10/01 6:13 p.m.13 views

GHSA-4F8R-QQR9-FQ8J Incorrect delegation lookups can make go-tuf download the wrong artifact

During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the...

8.7CVSS9.3AI score0.00486EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/10/01 6:13 p.m.28 views

Incorrect delegation lookups can make go-tuf download the wrong artifact

During the ongoing work on the TUF conformance test suite, we have come across a test that reveals what we believe is a bug in go-tuf with security implications. The bug exists in go-tuf delegation tracing and could result in downloading the wrong artifact. We have come across this issue in the...

8.2CVSS6.8AI score0.00486EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/01 9:47 a.m.13 views

CVE-2023-3441 Exposure of Sensitive Information Due to Incompatible Policies in GitLab

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches...

6.6CVSS6.6AI score0.00546EPSS
Exploits1References4
CVE
CVE
added 2024/10/01 9:47 a.m.65 views

CVE-2023-3441

CVE-2023-3441 details (from provided documents): GitLab EE/CE versions 8.0 through 16.3/16.4 are affected by an issue where the product did not sufficiently warn about the security implications of granting merge rights to protected branches. Root cause described as inadequate warning/messaging; s...

9.1CVSS6.2AI score0.00546EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/10/01 9:47 a.m.14 views

CVE-2023-3441 Exposure of Sensitive Information Due to Incompatible Policies in GitLab

An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches...

6.6CVSS6.5AI score0.00546EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/09/20 7:4 p.m.16 views

CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...

8.3CVSS5.9AI score0.00515EPSS
Exploits0References3
CVE
CVE
added 2024/09/20 7:4 p.m.74 views

CVE-2024-47061

The CVE-2024-47061 issue affects Plate editors using @udecode/plate-core, where arbitrary DOM attributes can be injected via nodeProps (often from the attributes property), enabling cross-site scripting (XSS) and potential information exposure (e.g., user IPs and whether a malicious document is o...

8.3CVSS7.8AI score0.00515EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/09/20 2:41 p.m.24 views

Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes

Impact One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the node component using the nodeProps prop. Note: The attributes prop that is typically rendered alongside nodeProps is...

8.3CVSS5.2AI score0.00515EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/09/19 11:15 p.m.22 views

CVE-2024-45410

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

9.8CVSS0.01513EPSS
Exploits0References3
CVE
CVE
added 2024/09/19 10:51 p.m.151 views

CVE-2024-45410

Traefik vulnerability CVE-2024-45410 involves hop-by-hop header handling where X-Forwarded-Host/X-Forwarded-Port (and related headers) could be modified by a client in HTTP/1.1, enabling header manipulation that trusted backend apps may rely on for security decisions. The issue arises from how Tr...

9.8CVSS8.5AI score0.01513EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/19 10:51 p.m.15 views

CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

9.8CVSS6.8AI score0.01513EPSS
Exploits0References3
OSV
OSV
added 2024/09/19 10:51 p.m.17 views

CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

9.8CVSS8.7AI score0.01513EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2024/09/19 10:51 p.m.14 views

CVE-2024-45410

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

9.8CVSS8.6AI score0.01513EPSS
Exploits0
Cvelist
Cvelist
added 2024/09/19 10:51 p.m.470 views

CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik

Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modif...

9.8CVSS0.01513EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/09/19 5:42 p.m.13 views

CVE-2024-45410

A flaw was found in Traefik. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since t...

8.6CVSS6.6AI score0.01513EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2024/08/21 6:10 a.m.23 views

CVE-2022-48895

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Don't unregister on shutdown Michael Walle says he noticed the following stack trace while performing a shutdown with "reboot -f". He suggests he got "lucky" and just hit the correct spot for the reboot while ther...

5.5CVSS5.4AI score0.00209EPSS
Exploits0
Rows per page
Query Builder