Lucene search
K

5111 matches found

OSV
OSV
added 2025/02/15 12:15 a.m.4 views

CVE-2024-5462

If Brocade Fabric OS before Fabric OS 9.2.0 configuration settings are not set to encrypt SNMP passwords, then the SNMP privsecret / authsecret fields can be exposed in plaintext. The plaintext passwords can be exposed in a configupload capture or a supportsave capture if encryption of passwords ...

7.5CVSS5.8AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/13 11:24 p.m.10 views

CVE-2024-35110

A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/class/application.class.php: when logged-in users access a malicious link, their cookies can be captured by an attacker...

5.5CVSS5.9AI score0.00294EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/02/13 8:53 p.m.672 views

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-42009 PoC: Email Capture Listener & XSS Exploit O...

9.3CVSS8.7AI score0.82853EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.8 views

Azure Linux 3.0 Security Update: libpcap / nmap (CVE-2023-7256)

The version of libpcap / nmap installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-7256 advisory. - In affected libpcap versions during the setup of a remote packet capture the internal function...

9.8CVSS6.4AI score0.01522EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.11 views

Azure Linux 3.0 Security Update: libpcap / nmap (CVE-2024-8006)

The version of libpcap / nmap installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8006 advisory. - Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remo...

4.4CVSS6.5AI score0.0022EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2025/02/07 12:0 a.m.289 views

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning

ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...

8.8CVSS7.6AI score0.00888EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/02/06 3:56 a.m.7 views

CVE-2021-39196

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...

7.7CVSS6.1AI score0.01212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:37 p.m.7 views

CVE-2022-24831

OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared statements. No known workarounds exist. This issue has...

9.8CVSS7.8AI score0.01041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:50 a.m.7 views

CVE-2024-50338

Git Credential Manager GCM is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format key=value. Git's documentation restricts the...

7.4CVSS7.3AI score0.03148EPSS
Exploits0References1
Amazon
Amazon
added 2025/02/05 12:0 a.m.5 views

Medium: wireshark

Issue Overview: ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVE-2024-11596 Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service v...

7.8CVSS7.3AI score0.01309EPSS
Exploits2
Amazon
Amazon
added 2025/02/05 12:0 a.m.6 views

Medium: wireshark

Issue Overview: ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVE-2024-11596 Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service v...

7.8CVSS7.5AI score0.01309EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2025/02/05 12:0 a.m.18 views

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2025-837)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-837 advisory. ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file CVE-2024-11596 Buffer Overflow vulnerability in Wiresha...

7.8CVSS6.6AI score0.01309EPSS
Exploits2References12
RedhatCVE
RedhatCVE
added 2025/02/04 11:5 p.m.3 views

CVE-2024-0860

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests...

8CVSS6.7AI score0.00513EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/04 8:41 p.m.54 views

Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-37891 DESCRIPTION: urllib3 could allow a remote authenticated attacker to...

8.1CVSS9.1AI score0.01947EPSS
Exploits2Affected Software1
OSV
OSV
added 2025/02/04 11:15 a.m.3 views

CVE-2024-27137

In Apache Cassandra it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these...

5.3CVSS5.3AI score
Exploits0References2
NVD
NVD
added 2025/02/03 8:15 p.m.9 views

CVE-2024-12511

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...

7.6CVSS0.00573EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/03 7:23 p.m.7 views

CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...

7.6CVSS7.6AI score0.00573EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/03 7:23 p.m.38 views

CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access...

7.6CVSS0.00573EPSS
Exploits0References1
CVE
CVE
added 2025/02/03 7:23 p.m.88 views

CVE-2024-12511

CVE-2024-12511 is a Xerox VersaLink pass-back vulnerability affecting VersaLink MFPs (C7020/7025/7030 series) up to firmware 57.69.91. An attacker with printer/admin access and configured SMB/FTP scan could alter the user address book to redirect SMB/FTP traffic to a rogue host, allowing capture ...

7.6CVSS7.5AI score0.00573EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/03 12:0 a.m.2 views

Xerox Versalink 安全漏洞

Xerox VersaLink is a line of commercial printers from Xerox Corporation USA. A security vulnerability exists in Xerox Versalink that originates from access via the address book and can modify SMB/FTP settings, redirect scans and potentially capture credentials...

7.6CVSS7.9AI score0.00573EPSS
Exploits0References1
Rows per page
Query Builder