|
308251
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: avoid potential underflow in qdisc_pkt_len_init() with UFO
After commit 7c6d2ecbda83 ("net: be more gentle about silly gso
r…
|
CWE-476
NULL Pointer Dereference
|
CVE-2024-49949
|
2024-11-13 06:03 |
2024-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308252
|
9.8 |
CRITICAL
Network
|
eyecix
|
jobsearch_wp_job_board
|
Missing Authorization vulnerability in eyecix JobSearch allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JobSearch: from n/a through 2.5.4.
|
CWE-862
Missing Authorization
|
CVE-2024-43929
|
2024-11-13 05:49 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308253
|
8.8 |
HIGH
Network
|
eyecix
|
jobsearch_wp_job_board
|
Missing Authorization vulnerability in eyecix JobSearch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobSearch: from n/a through 2.5.4.
|
CWE-862
Missing Authorization
|
CVE-2024-43928
|
2024-11-13 05:49 |
2024-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308254
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mad: Improve handling of timed out WRs of mad agent
Current timeout handler of mad agent acquires/releases mad_agent_priv
lo…
|
NVD-CWE-noinfo
|
CVE-2024-50095
|
2024-11-13 05:26 |
2024-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308255
|
7.5 |
HIGH
Network
|
dena
|
h2o
|
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based ac…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2024-45397
|
2024-11-13 05:14 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308256
|
7.5 |
HIGH
Network
|
dena
|
quicly
|
Quicly is an IETF QUIC protocol implementation. Quicly up to commtit d720707 is susceptible to a denial-of-service attack. A remote attacker can exploit these bugs to trigger an assertion failure tha…
|
CWE-617
Reachable Assertion
|
CVE-2024-45396
|
2024-11-13 05:05 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308257
|
4.3 |
MEDIUM
Network
|
dena
|
h2o
|
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The configuration directives provided by the headers handler allows users to modify the response headers being sent by h2o. The con…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-25622
|
2024-11-13 05:04 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308258
|
9.8 |
CRITICAL
Network
|
dena
|
picotls
|
Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within pico…
|
CWE-415
Double Free
|
CVE-2024-45402
|
2024-11-13 05:02 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308259
|
7.5 |
HIGH
Network
|
dena
|
h2o
|
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h2o might crash due to an assertion fail…
|
CWE-617
Reachable Assertion
|
CVE-2024-45403
|
2024-11-13 04:59 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
308260
|
5.8 |
MEDIUM
Network
|
plane
|
plane
|
Plane is an open-source project management tool. Plane uses the ** wildcard support to retrieve the image from any hostname as in /web/next.config.js. This may permit an attacker to induce the server…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2024-47830
|
2024-11-13 04:55 |
2024-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
