|
21
|
- |
|
-
|
-
|
Zitadel is an open source identity management platform. In Zitadel, even after an organization is deactivated, associated projects, respectively their applications remain active. Users across other o…
New
|
CWE-200
Information Exposure
|
CVE-2024-47060
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
- |
|
-
|
-
|
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability t…
New
|
CWE-269
Improper Privilege Management
|
CVE-2024-47000
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
- |
|
-
|
-
|
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to …
New
|
CWE-269
Improper Privilege Management
|
CVE-2024-46999
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
- |
|
-
|
-
|
Envoy is a cloud-native high-performance edge/middle/service proxy. A vulnerability has been identified in Envoy that allows malicious attackers to inject unexpected content into access logs. This is…
New
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2024-45808
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
- |
|
-
|
-
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy's 1.31 is using `oghttp` as the default HTTP/2 codec, and there are potential bugs around stream management in the codec. To …
New
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2024-45807
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
- |
|
-
|
-
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requ…
New
|
-
|
CVE-2024-45810
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
- |
|
-
|
-
|
Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, whi…
New
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2024-45809
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
- |
|
-
|
-
|
Envoy is a cloud-native high-performance edge/middle/service proxy. A security vulnerability in Envoy allows external clients to manipulate Envoy headers, potentially leading to unauthorized access o…
New
|
-
|
CVE-2024-45806
|
2024-09-20 09:15 |
2024-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
5.9 |
MEDIUM
Network
|
consensys
|
gnark-crypto
|
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property…
Update
|
NVD-CWE-noinfo
|
CVE-2024-45040
|
2024-09-20 09:13 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
6.2 |
MEDIUM
Local
|
consensys
|
gnark-crypto
|
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover …
Update
|
NVD-CWE-noinfo
|
CVE-2024-45039
|
2024-09-20 09:12 |
2024-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
