Lucene search
K

6 matches found

RubySec
RubySec
added 2026/05/04 12:0 a.m.13 views

net-imap has quadratic complexity when reading response literals

Summary Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are crafted to exhaust the client's CPU for a denial of service attack. Details For each literal in a response, ResponseReader...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 5:18 a.m.6 views

CVE-2023-30429

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. When a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar...

9.6CVSS7.1AI score0.00733EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.6 views

CVE-2023-32695

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3...

7.5CVSS6.9AI score0.01059EPSS
Exploits0References1
CVE
CVE
added 2024/11/05 7:16 p.m.56 views

CVE-2024-51752

The CVE-2024-51752 entry concerns the AuthKit Next.js library for WorkOS/AuthKit integration. Affected versions log refresh tokens to the console when the debug flag is enabled, enabling potential token exposure through logs. The issue has a patched fix in version 0.13.2; upgrading to that versio...

5.5CVSS6.7AI score0.00247EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/11/16 10:1 p.m.40 views

CVE-2023-47112 Authenticated users can view job names and groups they do not have authorization to view in Rundeck

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and...

4.3CVSS4.9AI score0.00481EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/27 8:28 p.m.35 views

CVE-2023-42818 SSH public key login without private key challenge if mfa is enabled in jumpserver

JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication...

5.4CVSS9.7AI score0.00582EPSS
Exploits1References2
Rows per page
Query Builder