Lucene search
K

558 matches found

Debian CVE
Debian CVE
added 2024/06/17 6:2 p.m.24 views

CVE-2018-25103

There exists use-after-free vulnerabilities in lighttpd = 1.4.50 request parsing which might read from invalid pointers to memory used in the same request, not from other requests...

5.3CVSS5.4AI score0.00662EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/06/17 12:0 a.m.5 views

PT-2024-10621 · Lighttpd · Lighttpd

Name of the Vulnerable Software and Affected Versions: lighttpd versions = 1.4.50 Description: The issue is related to a use-after-free vulnerability that can allow access to compare data in a case-insensitive manner with a reused pointer. This vulnerability might read from invalid pointers to...

5.3CVSS6.5AI score0.00662EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2024/06/15 2:19 a.m.3 views

SUSE CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

9.8CVSS8.4AI score0.00773EPSS
Exploits1References4
OSV
OSV
added 2024/06/11 1:15 p.m.18 views

CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

9.8CVSS6.5AI score0.00773EPSS
Exploits1References2
NVD
NVD
added 2024/06/11 1:15 p.m.26 views

CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

9.8CVSS0.00773EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/11 12:40 p.m.42 views

CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

0.00773EPSS
Exploits1References2
CVE
CVE
added 2024/06/11 12:40 p.m.319 views

CVE-2024-5699

CVE-2024-5699 affects Mozilla Firefox prior to version 127. The issue arises from cookie prefixes such as __Secure being ignored when capitalization isn’t correct, contrary to the spec that requires a case-insensitive check. This could allow behaviors not being honored as defined by the prefix, w...

9.8CVSS6.3AI score0.00773EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2024/06/11 12:40 p.m.19 views

CVE-2024-5699

In violation of spec, cookie prefixes such as Secure were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This...

9.8CVSS7.3AI score0.00773EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2024/06/10 6:41 p.m.3 views

python-social-auth: Improper Handling of Case Sensitivity in social-auth-app-django

A flaw was found in social-auth-app-django. In affected versions of this package, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match...

4.9CVSS5.7AI score0.00581EPSS
Exploits0References5
Gitee
Gitee
added 2024/05/30 2:14 p.m.54 views

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002: Exploiting Git RCE via git clone This repository contains a PoC for exploiting CVE-2024-32002, a vulnerability in Git that allows RCE during a git clone operation. By crafting repositories with submodules in a specific way, an attacker can exploit symlink handling on...

9CVSS8AI score0.25334EPSS
Exploits32
RustSec
RustSec
added 2024/05/22 12:0 p.m.8 views

Traversal outside working tree enables arbitrary code execution

Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...

8.8CVSS8AI score0.00816EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2024/05/20 12:13 p.m.15 views

SQL Injection

doctrine/orm is vulnerable to SQL Injection. The vulnerability is due to statements in the Where-Clause not being wrapped in brackets due to improper handling of case-insensitive checks, which allows an attacker to execute arbitrary SQL statements...

8.1AI score
Exploits0
GithubExploit
GithubExploit
added 2024/05/20 9:16 a.m.41 views

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002: Exploiting Git RCE via git clone This repos...

9CVSS7AI score0.25334EPSS
Exploits32
OSV
OSV
added 2024/05/15 8:19 p.m.13 views

GHSA-VJRG-WPM8-RHRW doctrine/orm Regression in Query Parenthesis can have Security Implications

An issue identified in doctrine/orm project related to statement in Where-Clause were not wrapped in brackets due to improper hadandling of case insensitive check...

7.1AI score
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/05/14 7:0 a.m.78 views

GitHub: CVE-2024-32002 Recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

...

9CVSS9.3AI score0.25334EPSS
Exploits32
SUSE CVE
SUSE CVE
added 2024/04/25 11:11 p.m.3 views

SUSE CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

4.9CVSS6.9AI score0.00581EPSS
Exploits0References3
NVD
NVD
added 2024/04/24 8:15 p.m.19 views

CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

4.9CVSS5.1AI score0.00581EPSS
Exploits0References3
OSV
OSV
added 2024/04/24 8:15 p.m.2 views

DEBIAN-CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

4.9CVSS5.9AI score0.00581EPSS
Exploits0References1
OSV
OSV
added 2024/04/24 8:15 p.m.1 views

UBUNTU-CVE-2024-32879

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed b...

4.9CVSS6.7AI score0.00581EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.5 views

Python Social Auth 安全漏洞

Python Social Auth is an easy to set up social authentication/registration mechanism from Python Social Auth open source. Multiple frameworks and authentication providers are supported. A security vulnerability exists in Python Social Auth versions prior to 5.4.1 , which stems from the default...

4.9CVSS7.8AI score0.00581EPSS
Exploits0References3
Rows per page
Query Builder