1380 matches found
The vulnerability of the web interface of the microprogramming software for Cisco Small Business SPA300 and SPA500 allows a perpetrator to execute arbitrary commands in the basic operating system.
The vulnerability of the web interface of Cisco Small Business SPA300 and SPA500 microprogramming software lies in the copying of input data into memory without checking its size. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands on the basic...
CVE-2024-42978
An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request...
CVE-2024-37826
A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
CVE-2024-37826
A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
CVE-2024-37826
CVE-2024-37826 describes a NULL pointer dereference in vercot Serva v4.6.0 that can cause a Denial of Service (DoS) via a crafted HTTP request. Public sources (NVD, CVE listing, Red Hat, CNNVD, CVE database) corroborate the same issue. According to the available data, the attack vector is NETWORK...
CVE-2024-6908
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data...
CVE-2024-20419
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...
Cisco Secure Email Gateway Server-Side Template Injection Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...
CVE-2024-23663
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request...
Realtek AP-Router SDK Input Validation Error Vulnerability
The Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek of China. An input validation error vulnerability exists in the Realtek AP-Router SDK, which stems from an integer overflow vulnerability in the boa updateConfigIntoFlash function, which can...
CVE-2024-37654
CVE-2024-37654 affects BAS-IP AV-01D/AV-01MD/AV-01MFD/AV-01ED/AV-01KD/AV-01BD/AV-01KBD/AV-02D/AV-02IDE/AV-02IDR/AV-02IPD/AV-02FDE/AV-02FDR/AV-03D/AV-03BD/AV-04AFD/AV-04ASD/AV-04FD/AV-04SD/AV-05FD/AV-05SD/AA-07BD/AA-07BDI/BA-04BD/BA-04MD/BA-08BD/BA-08MD/BA-12BD/BA-12MD/CR-02BD before version 3.9.2...
CVE-2024-37654
An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD, CR-02BD...
CVE-2024-5560
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request...
CVE-2024-37039
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...
CVE-2024-37039
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...
CVE-2024-36360
OS command injection vulnerability exists in awkblog v0.0.1 commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552 and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the...
CVE-2024-20404
A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct an SSRF attack on an affected system. This vulnerability is due to insufficient validation of user-supplied input for specific HTTP requests that are sent to an affect...
Fortinet FortiWeb - Unauthorized Configuration Download (FG-IR-22-460)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-460 advisory. - An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through...
Fortinet Fortigate Node.js crash over administrative interface (FG-IR-24-017)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-017 advisory. - An improper check or handling of exceptional conditions vulnerability CWE-703 in Fortinet FortiOS version 7.4.1 allows an...
CVE-2023-37929
CVE-2023-37929 refers to a buffer overflow in the CGI program of the Zyxel VMG3625-T50B firmware (V5.50(ABPM.8)C0). The vulnerability allows an authenticated remote attacker to trigger denial of service by sending a crafted HTTP request to the affected device. CVSSv3.1 metrics indicate an attacke...