Lucene search
K

5 matches found

SUSE CVE
SUSE CVE
added 2024/10/15 2:48 a.m.2 views

SUSE CVE-2024-49214

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality...

5.3CVSS6.9AI score0.00502EPSS
Exploits0References4
OSV
OSV
added 2024/07/05 5:32 p.m.2 views

CVE-2024-39321 Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes

Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patc...

7.5CVSS7.3AI score0.00594EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/12/01 12:0 a.m.46 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (3cde510a-7135-11ed-a28b-bff032704f00)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 3cde510a-7135-11ed-a28b-bff032704f00 advisory. - Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP...

9.3CVSS6.2AI score0.01074EPSS
Exploits9References12
FreeBSD
FreeBSD
added 2022/11/30 12:0 a.m.30 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP allow-list not fully respected by the Package Registry Deploy keys and tokens may bypass External Authorization service if it is enabled Repository import still allows to import 40 hexadecimal branches...

9.3CVSS0.5AI score0.01074EPSS
Exploits9References1
Huntr
Huntr
added 2022/06/09 9:1 a.m.74 views

SSRF via Plugin SMTP

Description The SMTP plugin doesn't have verification or validation, allowing the attacker to make requests to internal servers and get the contents. Reproduce 1. Go to Team & Settings 2. App Store SMTP 3. Configure and intercept Test request 4. Change Host/Port to internal address, example:...

5CVSS0.5AI score0.01418EPSS
Exploits1
Rows per page
Query Builder