Lucene search
K

255 matches found

Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.3 views

PT-2025-1455 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions 11.0.33 and earlier Description: The issue allows for Directory Traversal, enabling the creation of arbitrary files on the system through authenticated SOAP requests to the "WSConnector" servic...

6.5CVSS7AI score0.00677EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/13 12:0 a.m.12 views

FreeBSD : Matrix clients -- mxc uri validation in js sdk (574f7bc9-a141-11ef-84e9-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 574f7bc9-a141-11ef-84e9-901b0e9408dc advisory. matrix-js-sdk upstream reports: matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversa...

5.3CVSS8.5AI score0.00835EPSS
Exploits0References3
OSV
OSV
added 2024/11/12 5:15 p.m.1 views

DEBIAN-CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS8.6AI score0.00835EPSS
Exploits0References1
OSV
OSV
added 2024/11/12 5:15 p.m.2 views

UBUNTU-CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

5.3CVSS7.4AI score0.00835EPSS
Exploits0References5
NVD
NVD
added 2024/05/15 1:15 p.m.25 views

CVE-2023-6322

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger...

8.8CVSS7AI score0.01022EPSS
Exploits1References1
NVD
NVD
added 2024/05/15 1:15 p.m.17 views

CVE-2023-6321

A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability...

8.8CVSS7.1AI score0.02748EPSS
Exploits1References1
OSV
OSV
added 2024/05/15 1:15 p.m.4 views

CVE-2023-6321

A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability...

8.8CVSS5.9AI score0.02748EPSS
Exploits1References1
OSV
OSV
added 2024/05/15 1:15 p.m.3 views

CVE-2023-6322

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger...

8.8CVSS6.3AI score0.01022EPSS
Exploits1References1
CVE
CVE
added 2024/05/15 12:8 p.m.38 views

CVE-2023-6322

CVE-2023-6322 affects the Roku Indoor Camera SE (v3.0.2.4679) and Wyze Cam v3 (v4.36.11.5859). The root cause is a stack-based buffer overflow in the message parsing functionality . An attacker who can make authenticated requests can trigger the overflow, potentially leading to impact on confiden...

8.8CVSS7AI score0.01022EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/05/15 12:8 p.m.32 views

CVE-2023-6322 Stack-based buffer overflow in message parser functionality

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger...

7.2CVSS7.2AI score0.01022EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/15 12:8 p.m.17 views

CVE-2023-6322 Stack-based buffer overflow in message parser functionality

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger...

7.2CVSS7.1AI score0.01022EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/15 12:7 p.m.23 views

CVE-2023-6321 Owlet Camera OS command injection

A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability...

7.2CVSS7.3AI score0.02748EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/05/15 12:7 p.m.15 views

CVE-2023-6321 Owlet Camera OS command injection

A command injection vulnerability exists in the IOCTL that manages OTA updates. A specially crafted command can lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability...

7.2CVSS7.3AI score0.02748EPSS
Exploits1References1
CVE
CVE
added 2024/05/15 12:7 p.m.31 views

CVE-2023-6321

The CVE-2023-6321 issue is described across connected sources as a command-injection vulnerability in the IOCTL handler that manages OTA updates on Owlet Cam OS. The underlying flaw allows an authenticated attacker to execute commands with root privileges, potentially taking full control of affec...

8.8CVSS7.2AI score0.02748EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.5 views

PT-2024-24749 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to the fix commit applied around 2024-04-21 14:30 UTC Description: Hydra, a Continuous Integration service for Nix-based projects, has an issue that allows attackers to execute arbitrary code in the browser context and...

4.6CVSS7.5AI score0.00463EPSS
Exploits0References8
OSV
OSV
added 2024/04/17 1:15 p.m.3 views

CVE-2023-39367

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS5.9AI score0.37678EPSS
Exploits5References3
OSV
OSV
added 2024/04/09 3:15 p.m.5 views

CVE-2023-49910

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

8.8CVSS7.9AI score0.01822EPSS
Exploits1References2
OSV
OSV
added 2024/04/09 3:15 p.m.4 views

CVE-2023-49911

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

8.8CVSS7.9AI score0.01822EPSS
Exploits1References2
OSV
OSV
added 2024/04/09 3:15 p.m.4 views

CVE-2023-49909

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

8.8CVSS7.9AI score0.01822EPSS
Exploits1References2
NVD
NVD
added 2024/04/09 2:15 p.m.16 views

CVE-2023-6320

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this...

9.1CVSS9.3AI score0.0392EPSS
Exploits1References2
Rows per page
Query Builder