|
303801
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mad: Improve handling of timed out WRs of mad agent
Current timeout handler of mad agent acquires/releases mad_agent_priv
lo…
|
NVD-CWE-noinfo
|
CVE-2024-50095
|
2024-11-13 05:26 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303802
|
7.5 |
HIGH
Network
|
dena
|
h2o
|
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based ac…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2024-45397
|
2024-11-13 05:14 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303803
|
7.5 |
HIGH
Network
|
dena
|
quicly
|
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure tha…
|
CWE-617
Reachable Assertion
|
CVE-2024-45396
|
2024-11-13 05:05 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303804
|
4.3 |
MEDIUM
Network
|
dena
|
h2o
|
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The con…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-25622
|
2024-11-13 05:04 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303805
|
9.8 |
CRITICAL
Network
|
dena
|
picotls
|
Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within pico…
|
CWE-415
Double Free
|
CVE-2024-45402
|
2024-11-13 05:02 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303806
|
7.5 |
HIGH
Network
|
dena
|
h2o
|
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion fail…
|
CWE-617
Reachable Assertion
|
CVE-2024-45403
|
2024-11-13 04:59 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303807
|
5.8 |
MEDIUM
Network
|
plane
|
plane
|
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-47830
|
2024-11-13 04:55 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303808
|
9.8 |
CRITICAL
Network
|
dataease
|
dataease
|
DataEase is an open source data visualization analysis tool. In Dataease, the PostgreSQL data source in the data source function can customize the JDBC connection parameters and the PG server target …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2024-47074
|
2024-11-13 04:52 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303809
|
7.8 |
HIGH
Local
|
workbooth_project
|
workbooth
|
Vulnerability in Distro Linux Workbooth v2.5 that allows to escalate privileges to the root user by manipulating the network configuration script.
|
NVD-CWE-noinfo
|
CVE-2024-9576
|
2024-11-13 04:34 |
2024-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303810
|
7.5 |
HIGH
Network
|
finrota
|
finrota
|
Cleartext Storage of Sensitive Information vulnerability in Finrota Netahsilat allows Retrieve Embedded Sensitive Data.This issue solved in versions 1.21.10, 1.23.01, 1.23.08, 1.23.11 and 1.24.03.
|
CWE-202
CWE-311
CWE-312
Exposure of Sensitive Information Through Data Queries
Missing Encryption of Sensitive Data
Cleartext Storage of Sensitive Information
|
CVE-2024-6400
|
2024-11-13 04:32 |
2024-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
