Lucene search

K

Quidway S2700,Quidway S5300,Quidway S5700,S2300,S2700,S5300,S5700,S600-E,S6300,S6700 Security Vulnerabilities

openbugbounty
openbugbounty

e-maetani.jp Cross Site Scripting vulnerability OBB-3935340

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-15 12:36 PM
nessus
nessus

Debian dla-3829 : libmilter-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3829 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3829-1 [email protected] ...

5.3CVSS

6.7AI Score

0.002EPSS

2024-06-15 12:00 AM
osv
osv

Moderate: mutt security update

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): mutt: null pointer dereference (CVE-2023-4874) mutt: null pointer dereference...

6.5CVSS

6.4AI Score

0.001EPSS

2024-06-14 01:59 PM
rocky
rocky

mutt security update

An update is available for mutt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mutt is a low resource, highly configurable, text-based MIME e-mail client....

6.5CVSS

6.5AI Score

0.001EPSS

2024-06-14 01:59 PM
githubexploit
githubexploit

Exploit for CVE-2024-27173

Poc CVE-2024-27173 Join t.me/SpiderzTM Shodan and FOFA...

9.8CVSS

7.1AI Score

0.0004EPSS

2024-06-14 07:04 AM
44
cve
cve

CVE-2024-3498

Attackers can then execute malicious files by enabling certain services of the printer via the web configuration page and elevate its privileges to root. As for the affected products/models/versions, see the reference...

7.8CVSS

7.8AI Score

0.0004EPSS

2024-06-14 05:15 AM
9
cve
cve

CVE-2024-3496

Attackers can bypass the web login authentication process to gain access to the printer's system information and upload malicious drivers to the printer. As for the affected products/models/versions, see the reference...

8.8CVSS

9.1AI Score

0.0004EPSS

2024-06-14 05:15 AM
7
cve
cve

CVE-2024-3497

Path traversal vulnerability in the web server of the Toshiba printer enables attacker to overwrite orginal files or add new ones to the printer. As for the affected products/models/versions, see the reference...

8.8CVSS

8.7AI Score

0.0004EPSS

2024-06-14 05:15 AM
10
cve
cve

CVE-2024-27179

Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference...

4.7CVSS

7.3AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27180

An attacker with admin access can install rogue applications. As for the affected products/models/versions, see the reference...

6.7CVSS

7AI Score

0.0004EPSS

2024-06-14 04:15 AM
9
cve
cve

CVE-2024-27178

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying file name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than...

7.2CVSS

7.9AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27177

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower...

7.2CVSS

7.8AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27176

An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than.....

7.2CVSS

7.9AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27175

Remote Command program allows an attacker to read any file using a Local File Inclusion vulnerability. An attacker can read any file on the printer. As for the affected products/models/versions, see the reference...

4.4CVSS

7AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27174

Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this...

9.8CVSS

7.7AI Score

0.0004EPSS

2024-06-14 04:15 AM
8
cve
cve

CVE-2024-27173

Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is...

9.8CVSS

8AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27172

Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference...

9.8CVSS

9.8AI Score

0.0005EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27169

Toshiba printers provides API without authentication for internal access. A local attacker can bypass authentication in applications, providing administrative access. As for the affected products/models/versions, see the reference...

8.4CVSS

8.5AI Score

0.0004EPSS

2024-06-14 04:15 AM
11
cve
cve

CVE-2024-27171

A remote attacker using the insecure upload functionality will be able to overwrite any Python file and get Remote Code Execution. As for the affected products/models/versions, see the reference...

7.4CVSS

7.7AI Score

0.0004EPSS

2024-06-14 04:15 AM
8
cve
cve

CVE-2024-27170

It was observed that all the Toshiba printers contain credentials used for WebDAV access in the readable file. Then, it is possible to get a full access with WebDAV to the printer. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27167

Toshiba printers use Sendmail to send emails to recipients. Sendmail is used with several insecure directories. A local attacker can inject a malicious Sendmail configuration file. As for the affected products/models/versions, see the reference...

7.4CVSS

7.3AI Score

0.0004EPSS

2024-06-14 04:15 AM
6
cve
cve

CVE-2024-27168

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference...

7.1CVSS

7.2AI Score

0.0004EPSS

2024-06-14 04:15 AM
12
cve
cve

CVE-2024-27166

Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27164

Toshiba printers contain hardcoded credentials. As for the affected products/models/versions, see the reference...

7.1CVSS

7AI Score

0.0004EPSS

2024-06-14 04:15 AM
6
cve
cve

CVE-2024-27165

Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference...

7.8CVSS

7.6AI Score

0.0004EPSS

2024-06-14 04:15 AM
6
cve
cve

CVE-2024-27163

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 04:15 AM
10
cve
cve

CVE-2024-27160

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...

6.2CVSS

6.6AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27162

Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the...

6.1CVSS

6AI Score

0.0004EPSS

2024-06-14 04:15 AM
8
cve
cve

CVE-2024-27161

all the Toshiba printers have programs containing a hardcoded key used to encrypt files. An attacker can decrypt the encrypted files using the hardcoded key. Insecure algorithm is used for the encryption. This vulnerability can be executed in combination with other vulnerabilities and difficult...

6.2CVSS

6.5AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27159

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for...

6.2CVSS

6.6AI Score

0.0004EPSS

2024-06-14 04:15 AM
6
cve
cve

CVE-2024-27158

All the Toshiba printers share the same hardcoded root password. As for the affected products/models/versions, see the reference...

7.4CVSS

7.5AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27157

The sessions are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference...

6.8CVSS

6.9AI Score

0.0004EPSS

2024-06-14 04:15 AM
7
cve
cve

CVE-2024-27156

The session cookies, used for authentication, are stored in clear-text logs. An attacker can retrieve authentication sessions. A remote attacker can retrieve the credentials and bypass the authentication mechanism. As for the affected products/models/versions, see the reference...

6.8CVSS

6.9AI Score

0.0004EPSS

2024-06-14 04:15 AM
6
cve
cve

CVE-2024-27155

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference...

7.7CVSS

7.5AI Score

0.0004EPSS

2024-06-14 04:15 AM
5
cve
cve

CVE-2024-27154

Passwords are stored in clear-text logs. An attacker can retrieve passwords. As for the affected products/models/versions, see the reference...

6.2CVSS

6.3AI Score

0.0004EPSS

2024-06-14 03:15 AM
5
cve
cve

CVE-2024-27151

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 03:15 AM
6
cve
cve

CVE-2024-27153

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 03:15 AM
6
cve
cve

CVE-2024-27152

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 03:15 AM
5
cve
cve

CVE-2024-27150

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 03:15 AM
6
cve
cve

CVE-2024-27146

The Toshiba printers do not implement privileges separation. As for the affected products/models/versions, see the reference...

6.7CVSS

6.6AI Score

0.0004EPSS

2024-06-14 03:15 AM
7
cve
cve

CVE-2024-27147

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 03:15 AM
5
cve
cve

CVE-2024-27149

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 03:15 AM
6
cve
cve

CVE-2024-27148

The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference...

7.4CVSS

7.4AI Score

0.0004EPSS

2024-06-14 03:15 AM
7
cve
cve

CVE-2024-27145

The Toshiba printers provide several ways to upload files using the admin web interface. An attacker can remotely compromise any Toshiba printer. An attacker can overwrite any insecure files. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute...

9.8CVSS

9.8AI Score

0.0004EPSS

2024-06-14 03:15 AM
7
cve
cve

CVE-2024-27142

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers. An attacker can exploit the XXE to retrieve...

5.9CVSS

5.7AI Score

0.0004EPSS

2024-06-14 03:15 AM
7
cve
cve

CVE-2024-27143

Toshiba printers use SNMP for configuration. Using the private community, it is possible to remotely execute commands as root on the remote printer. Using this vulnerability will allow any attacker to get a root access on a remote Toshiba printer. This vulnerability can be executed in combination.....

9.8CVSS

9.7AI Score

0.0004EPSS

2024-06-14 03:15 AM
6
cve
cve

CVE-2024-27144

The Toshiba printers provide several ways to upload files using the web interface without authentication. An attacker can overwrite any insecure files. And the Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer....

9.8CVSS

9.6AI Score

0.0004EPSS

2024-06-14 03:15 AM
7
cve
cve

CVE-2024-27141

Toshiba printers use XML communication for the API endpoint provided by the printer. For the endpoint, XML parsing library is used and it is vulnerable to a time-based blind XML External Entity (XXE) vulnerability. An attacker can DoS the printers by sending a HTTP request without authentication......

5.9CVSS

5.8AI Score

0.0004EPSS

2024-06-14 03:15 AM
8
nvd
nvd

CVE-2023-36504

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-14 12:15 AM
2
cve
cve

CVE-2023-36504

Missing Authorization vulnerability in BBS e-Theme BBS e-Popup.This issue affects BBS e-Popup: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-14 12:15 AM
10
Total number of security vulnerabilities147357