|
308061
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing spec…
|
CWE-863
Incorrect Authorization
|
CVE-2024-10295
|
2024-11-13 06:15 |
2024-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308062
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: MGMT: Fix possible crash on mgmt_index_removed
If mgmt_index_removed is called while there are commands queued on
cmd_…
|
NVD-CWE-noinfo
|
CVE-2024-49951
|
2024-11-13 06:06 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308063
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: avoid potential underflow in qdisc_pkt_len_init() with UFO
After commit 7c6d2ecbda83 ("net: be more gentle about silly gso
r…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49949
|
2024-11-13 06:03 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308064
|
9.8 |
CRITICAL
Network
|
eyecix
|
jobsearch_wp_job_board
|
Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4.
|
CWE-862
Missing Authorization
|
CVE-2024-43929
|
2024-11-13 05:49 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308065
|
8.8 |
HIGH
Network
|
eyecix
|
jobsearch_wp_job_board
|
Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4.
|
CWE-862
Missing Authorization
|
CVE-2024-43928
|
2024-11-13 05:49 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308066
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mad: Improve handling of timed out WRs of mad agent
Current timeout handler of mad agent acquires/releases mad_agent_priv
lo…
|
NVD-CWE-noinfo
|
CVE-2024-50095
|
2024-11-13 05:26 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308067
|
7.5 |
HIGH
Network
|
dena
|
h2o
|
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based ac…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2024-45397
|
2024-11-13 05:14 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308068
|
7.5 |
HIGH
Network
|
dena
|
quicly
|
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure tha…
|
CWE-617
Reachable Assertion
|
CVE-2024-45396
|
2024-11-13 05:05 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308069
|
4.3 |
MEDIUM
Network
|
dena
|
h2o
|
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The con…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-25622
|
2024-11-13 05:04 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308070
|
9.8 |
CRITICAL
Network
|
dena
|
picotls
|
Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within pico…
|
CWE-415
Double Free
|
CVE-2024-45402
|
2024-11-13 05:02 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
