Lucene search
K

1380 matches found

BDU FSTEC
BDU FSTEC
added 2024/08/19 12:0 a.m.8 views

The vulnerability of the web interface of the microprogramming software for Cisco Small Business SPA300 and SPA500 allows a perpetrator to execute arbitrary commands in the basic operating system.

The vulnerability of the web interface of Cisco Small Business SPA300 and SPA500 microprogramming software lies in the copying of input data into memory without checking its size. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands on the basic...

10CVSS6.2AI score0.066EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/15 12:0 a.m.13 views

CVE-2024-42978

An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...

7.9AI score0.0123EPSS
Exploits1References1
NVD
NVD
added 2024/08/12 1:38 p.m.12 views

CVE-2024-37826

A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS0.01246EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/09 12:0 a.m.19 views

CVE-2024-37826

A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

0.01246EPSS
Exploits0References1
CVE
CVE
added 2024/08/09 12:0 a.m.45 views

CVE-2024-37826

CVE-2024-37826 describes a NULL pointer dereference in vercot Serva v4.6.0 that can cause a Denial of Service (DoS) via a crafted HTTP request. Public sources (NVD, CVE listing, Red Hat, CNNVD, CVE database) corroborate the same issue. According to the available data, the attack vector is NETWORK...

7.5CVSS6.8AI score0.01246EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/07/19 3:15 p.m.10 views

CVE-2024-6908

Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...

6CVSS0.0026EPSS
Exploits0References2
NVD
NVD
added 2024/07/17 5:15 p.m.94 views

CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS0.80767EPSS
Exploits3References2
Cisco
Cisco
added 2024/07/17 4:0 p.m.14 views

Cisco Secure Email Gateway Server-Side Template Injection Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...

6.5CVSS6.8AI score0.00616EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 3:33 p.m.20 views

CVE-2024-23663

An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...

8.8CVSS0.0064EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/08 12:0 a.m.5 views

Realtek AP-Router SDK Input Validation Error Vulnerability

The Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek of China. An input validation error vulnerability exists in the Realtek AP-Router SDK, which stems from an integer overflow vulnerability in the boa updateConfigIntoFlash function, which can...

7.2CVSS7.9AI score0.01178EPSS
Exploits1References2
CVE
CVE
added 2024/06/21 12:0 a.m.50 views

CVE-2024-37654

CVE-2024-37654 affects BAS-IP AV-01D/AV-01MD/AV-01MFD/AV-01ED/AV-01KD/AV-01BD/AV-01KBD/AV-02D/AV-02IDE/AV-02IDR/AV-02IPD/AV-02FDE/AV-02FDR/AV-03D/AV-03BD/AV-04AFD/AV-04ASD/AV-04FD/AV-04SD/AV-05FD/AV-05SD/AA-07BD/AA-07BDI/BA-04BD/BA-04MD/BA-08BD/BA-08MD/BA-12BD/BA-12MD/CR-02BD before version 3.9.2...

6.1CVSS6.4AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/21 12:0 a.m.14 views

CVE-2024-37654

An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD...

6.6AI score0.00243EPSS
Exploits0References1
OSV
OSV
added 2024/06/12 5:15 p.m.4 views

CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request...

7.5CVSS5.8AI score0.00894EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/12 4:54 p.m.10 views

CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...

5.9CVSS6.8AI score0.00787EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/12 4:54 p.m.28 views

CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...

5.9CVSS0.00787EPSS
Exploits0References1
OSV
OSV
added 2024/06/11 5:15 a.m.6 views

CVE-2024-36360

OS command injection vulnerability exists in awkblog v0.0.1 commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552 and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the...

9.8CVSS5.9AI score0.01571EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/05 4:14 p.m.26 views

CVE-2024-20404

A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...

7.2CVSS6.8AI score0.231EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.26 views

Fortinet FortiWeb - Unauthorized Configuration Download (FG-IR-22-460)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-460 advisory. - An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through...

7CVSS5AI score0.00163EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.20 views

Fortinet Fortigate Node.js crash over administrative interface (FG-IR-24-017)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-017 advisory. - An improper check or handling of exceptional conditions vulnerability CWE-703 in Fortinet FortiOS version 7.4.1 allows an...

7.5CVSS5.6AI score0.01151EPSS
Exploits0References2
CVE
CVE
added 2024/05/21 1:23 a.m.44 views

CVE-2023-37929

CVE-2023-37929 refers to a buffer overflow in the CGI program of the Zyxel VMG3625-T50B firmware (V5.50(ABPM.8)C0). The vulnerability allows an authenticated remote attacker to trigger denial of service by sending a crafted HTTP request to the affected device. CVSSv3.1 metrics indicate an attacke...

6.5CVSS7.2AI score0.00545EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder