Lucene search
K

255 matches found

OSV
OSV
added 2024/04/09 2:15 p.m.4 views

CVE-2023-6319

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to...

7.2CVSS6.1AI score0.06437EPSS
Exploits2References2
NVD
NVD
added 2024/04/09 2:15 p.m.18 views

CVE-2023-6318

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger...

9.1CVSS9.3AI score0.04667EPSS
Exploits1References2
OSV
OSV
added 2024/04/09 2:15 p.m.5 views

CVE-2023-6318

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger...

7.2CVSS5.9AI score0.04667EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/04/09 1:43 p.m.25 views

CVE-2023-6320 Command injection in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this...

9.1CVSS9.4AI score0.0392EPSS
Exploits1References2
CVE
CVE
added 2024/04/09 1:43 p.m.87 views

CVE-2023-6320

CVE-2023-6320: A command injection vulnerability affects webOS 5.x and 6.x, specifically the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint. The root cause is a command execution path that can be triggered by a sequence of authenticated requests, allowing execution as the db...

9.1CVSS9.3AI score0.0392EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/04/09 1:42 p.m.102 views

CVE-2023-6319

CVE-2023-6319 affects LG webOS: a command injection in getAudioMetadata of the com.webos.service.attachedstoragemanager. Affected webOS versions include 4.9.7–5.30.40, 5.5.0–04.50.51, 6.3.3-442–03.36.50, and 7.3.1-43–03.33.85. The vulnerability allows an attacker to execute commands as root via s...

9.1CVSS9.3AI score0.06437EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2024/04/09 1:41 p.m.24 views

CVE-2023-6318 Command injection in the processAnalyticsReport method from the com.webos.service.cloudupload service

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger...

9.1CVSS9.5AI score0.04667EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/04/09 1:41 p.m.11 views

CVE-2023-6318 Command injection in the processAnalyticsReport method from the com.webos.service.cloudupload service

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger...

9.1CVSS7.4AI score0.04667EPSS
Exploits1References2
CVE
CVE
added 2024/04/09 1:41 p.m.80 views

CVE-2023-6318

LG webOS versions 5 through 7 are affected by a command injection in the processAnalyticsReport method of the com.webos.service.cloudupload service, enabling root-level code execution via specially crafted authenticated requests. Affected versions listed include webOS 5.5.0 – 04.50.51, 6.3.3-442,...

9.1CVSS9.4AI score0.04667EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/04 12:0 a.m.6 views

PT-2024-23299 · Livemarks · Livemarks

Name of the Vulnerable Software and Affected Versions: Livemarks versions prior to 3.7 Description: The issue allows a malicious website to coerce the extension into sending an authenticated GET request to an arbitrary URL, potentially leading to Privilege Escalation. This occurs because the...

2.6CVSS7AI score0.00263EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.5 views

PT-2024-3319 · Tp Link · Eap115 +1

Name of the Vulnerable Software and Affected Versions: Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 version 5.1.0 Build 20220926 Tp-Link EAP115 version 5.0.4 Build 20220216 Description: A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling...

9CVSS8.1AI score0.01822EPSS
Exploits1References10
OSV
OSV
added 2024/03/06 11:14 a.m.19 views

BIT-GITLAB-2022-3483

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the...

5.5CVSS5.2AI score0.0065EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:54 a.m.25 views

BIT-JUPYTER-NOTEBOOK-2022-29238 Forced Browsing in Jupyter Notebook

Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files...

4.3CVSS4.9AI score0.0103EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:54 a.m.17 views

BIT-JUPYTER-BASE-NOTEBOOK-2022-29238 Forced Browsing in Jupyter Notebook

Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with ContentsManager.allowhidden = False only prevented listing the contents of hidden directories, not accessing individual hidden files or files...

4.3CVSS4.9AI score0.0103EPSS
Exploits0References2
OSV
OSV
added 2024/02/06 5:15 p.m.3 views

CVE-2023-47618

A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request t...

7.2CVSS6AI score0.01943EPSS
Exploits1References2
OSV
OSV
added 2024/02/06 5:15 p.m.5 views

CVE-2023-43482

A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

7.2CVSS6AI score0.03252EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.6 views

TP-LINK ER7206 Operating System Command Injection Vulnerability

The TP-LINK ER7206 is a multifunction Gigabit router from China P&L TP-LINK. An operating system command injection vulnerability exists in the TP-LINK ER7206 version 1.3.0 build 20230322 Rel.70591, which stems from a specially crafted HTTP request that could lead to arbitrary command injection. T...

7.2CVSS7.7AI score0.03442EPSS
Exploits1References2
OSV
OSV
added 2024/01/03 10:56 p.m.25 views

GO-2023-2399 Denial of service via memory exhaustion in github.com/hashicorp/vault

Unauthenticated and authenticated HTTP requests from a client will be attempted to be mapped to memory. Large requests may result in the exhaustion of available memory on the host, which may cause crashes and denial of service...

7.5CVSS7.2AI score0.00792EPSS
Exploits0References3
OSV
OSV
added 2023/12/23 9:15 a.m.6 views

CVE-2023-5961

A Cross-Site Request Forgery CSRF vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This...

8.8CVSS5.7AI score0.00373EPSS
Exploits1References1
OSV
OSV
added 2023/12/15 10:15 a.m.23 views

CVE-2023-6838

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests...

6.1CVSS6AI score
Exploits0References1
Rows per page
Query Builder