Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5
CVE-2024-41708
- EPSS 0.17%
- Veröffentlicht 25.09.2024 17:15:18
- Zuletzt bearbeitet 26.09.2024 14:35:13
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module.
7.4
CVE-2024-37015
- EPSS 0.22%
- Veröffentlicht 13.08.2024 17:15:23
- Zuletzt bearbeitet 14.08.2024 02:07:05
An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-th...
- EPSS 0.56%
- Veröffentlicht 08.02.2012 21:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many...
1