Lucene search
K

1383 matches found

BDU FSTEC
BDU FSTEC
added 2024/11/08 12:0 a.m.4 views

The vulnerability in the web interface of Cisco Unified Industrial Wireless network devices’ Cisco Ultra-Reliable Wireless Backhaul software allows a attacker to execute arbitrary code with root privileges.

The vulnerability of the Cisco Unified Industrial Wireless network device management web interface for Cisco Ultra-Reliable Wireless Backhaul URWB is related to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a...

10CVSS8.5AI score0.03146EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2024/11/06 5:15 p.m.3 views

CVE-2024-20476

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions. This vulnerability is due to lack of server-side validation of Administrator permissions. An attacker cou...

4.9CVSS5.8AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2024/10/30 2:15 p.m.46 views

CVE-2024-31152

The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions...

7.5CVSS0.17156EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/30 1:35 p.m.45 views

CVE-2024-31152

The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application, where a series of crafted HTTP requests can cause a reboot. This could lead to network service interruptions...

5.3CVSS0.17156EPSS
Exploits1References1
OSV
OSV
added 2024/10/28 9:30 p.m.3 views

GHSA-25PW-Q952-X37G Duplicate Advisory: pyload-ng vulnerable to RCE with js2py sandbox escape

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9pp-r4xf-597r. This link is maintained to preserve external references. Original Description An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via...

9.8CVSS9.6AI score0.16513EPSS
Exploits4References4
OSV
OSV
added 2024/10/28 8:15 p.m.7 views

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

9.8CVSS6.1AI score0.16513EPSS
Exploits4References3
Vulnrichment
Vulnrichment
added 2024/10/28 12:0 a.m.22 views

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

7.8AI score0.16513EPSS
Exploits4References3
Cvelist
Cvelist
added 2024/10/28 12:0 a.m.34 views

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

0.16513EPSS
Exploits4References3
NVD
NVD
added 2024/10/25 7:15 a.m.20 views

CVE-2024-45829

Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...

7.5CVSS0.00685EPSS
Exploits0References3
NVD
NVD
added 2024/10/25 7:15 a.m.13 views

CVE-2024-43424

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...

7.5CVSS0.00729EPSS
Exploits0References3
CVE
CVE
added 2024/10/25 6:18 a.m.62 views

CVE-2024-45842

The CVE-2024-45842 issue affects Sharp and Toshiba Tec MFPs (multifunction printers). Root cause: improper processing of URI data in HTTP PUT requests, leading to a path traversal vulnerability. Impact: unintended internal files may be retrieved when processing crafted HTTP requests. Connected so...

5.3CVSS5.4AI score0.00541EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/25 6:18 a.m.10 views

CVE-2024-43424

Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...

7.5CVSS7AI score0.00729EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.4 views

Sharp MFP 安全漏洞

Sharp MFP is a series of multifunction printers from Sharp Japan. A security vulnerability exists in Sharp MFP that stems from mishandling of keyword search inputs and SOAP messages, contains multiple out-of-bounds read vulnerabilities, and a carefully crafted HTTP request could cause the affecte...

7.5CVSS8.9AI score0.00729EPSS
Exploits0References3
CVE
CVE
added 2024/10/23 5:30 p.m.50 views

CVE-2024-20379

Cisco Secure Firewall Management Center (FMC) Software contains a vulnerability in its web-based management interface that could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. The issue arises from improper validation of user-supplied input; ...

6.5CVSS6.3AI score0.00615EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2024/10/23 5:15 p.m.17 views

CVE-2024-20275

A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to...

6.1CVSS0.00509EPSS
Exploits0References3
CVE
CVE
added 2024/10/23 5:9 p.m.53 views

CVE-2024-20340

The CVE-2024-20340 issue affects Cisco Secure Firewall Management Center (formerly Firepower FMC) web-based management. The vulnerability is an SQL injection caused by insufficient validation of user-supplied input in the FMC web interface, exploitable by an authenticated attacker who has a valid...

6.5CVSS6.1AI score0.00448EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/10/23 5:7 p.m.54 views

CVE-2024-20275

Cisco Secure Firewall Management Center (FMC) Software’s cluster backup feature is vulnerable due to insufficient validation of data from the web-based management interface. An authenticated user with Network Administrator privileges could trigger a near-user action (cluster backup) to cause the ...

6.1CVSS6.6AI score0.00509EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/23 12:0 a.m.5 views

The vulnerability of the application software interface of the Trend Micro Cloud Edge device for comprehensive network security management allows a perpetrator to execute arbitrary code.

The vulnerability of the application software interface of the Trend Micro Cloud Edge device for comprehensive network security management is related to the failure to take measures for data cleaning at the management level. Exploiting this vulnerability allows a malicious actor to execute...

10CVSS8.4AI score0.0246EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/03 12:0 a.m.7 views

PT-2024-25955 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon version 4.1.6 Description: The issue allows API endpoint rate limiting to be bypassed by setting a crafted HTTP request header. Recommendations: For Mastodon version 4.1.6, as a temporary workaround, consider restricting access to AP...

5.9CVSS6.1AI score0.00371EPSS
Exploits0References9
CVE
CVE
added 2024/10/03 12:0 a.m.105 views

CVE-2024-34535

CVE-2024-34535 affects Mastodon 4.1.6. The issue allows bypassing API endpoint rate limiting by sending a crafted HTTP request header. Impact is described as potential exposure of higher-level access due to rate-limiting bypass, with CVSSv3.1 indicating Network attack, High confidentiality impact...

5.9CVSS6.5AI score0.00371EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder