CVE-2023-4639
- EPSS 3.74%
- Published 17.11.2024 11:15:05
- Last modified 07.02.2025 17:15:29
A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary addit...
CVE-2024-8509
- EPSS 0.06%
- Published 06.09.2024 16:15:03
- Last modified 09.09.2024 19:15:14
A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The pres...
CVE-2024-1300
- EPSS 0.1%
- Published 02.04.2024 08:15:53
- Last modified 25.11.2024 03:15:10
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is err...
CVE-2021-3948
- EPSS 0.19%
- Published 18.02.2022 18:15:09
- Last modified 21.11.2024 06:23:13
An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cluster, impacting confidentiality, integrity, and a...
CVE-2020-1712
- EPSS 0.11%
- Published 31.03.2020 17:15:26
- Last modified 21.11.2024 05:11:13
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially...