Lucene search
K

63 matches found

CNNVD
CNNVD
added 2023/12/29 12:0 a.m.8 views

Cloudflare Wrangle Security Breach

Cloudflare Wrangler is a repository from Cloudflare, Inc. A security vulnerability exists in Cloudflare Wrangler versions prior to 3.19.0 that stems from the presence of an arbitrary code execution vulnerability that allows an attacker on a local network to connect to the inspector and run...

8.5CVSS7.5AI score0.00583EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/07/17 12:0 a.m.5 views

Zyxel ATP 操作系统命令注入漏洞

Zyxel ATP is a firewall from Zyxel China. Zyxel ATP ZLD V5.00 to V5.36 Patch 2, USG FLEX ZLD V5.00 to V5.36 Patch 2, USG FLEX 50W / USG20W-VPN ZLD V5.00 to V5.36 Patch 2, VPN ZLD V5.00 to V5.36. An operating system command injection vulnerability exists in Patch 2 release, which stems from a...

8CVSS7.9AI score0.00629EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/02 12:0 a.m.10 views

PT-2023-20297 · Unknown · Status Powerbpm

Name of the Vulnerable Software and Affected Versions: Status PowerBPM affected versions not specified Description: The issue is related to insufficient authentication in a specific function of Status PowerBPM. A LAN attacker with normal user privileges can exploit this to modify the substitute...

5.7CVSS5.5AI score0.00252EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.9 views

kernel: ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU

A flaw in the routing table size was found in the ICMPv6 handling of "Packet Too Big". The size of the routing table is regulated by periodic garbage collection. However, with "Packet Too Big Messages" it is possible to exceed the routing table size and garbage collector threshold. A user located...

7.5CVSS6.6AI score0.0094EPSS
Exploits0References6
OSV
OSV
added 2023/05/08 11:15 p.m.6 views

CVE-2023-22813

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS...

4.3CVSS5.8AI score0.00455EPSS
Exploits0References1
NCSC
NCSC
added 2023/04/11 12:0 a.m.4 views

Fixed vulnerabilities in HP Laserjet printers and multifunctionals

Hewlett Packard has fixed vulnerabilities in the firmware of several HP Laserjet, Color Laserjet and Laserjet Pro printers and multifunction devices. An unauthenticated malicious person with access to the local network could exploit the vulnerabilities to cause a denial-of-service cause, or to...

9.8CVSS7.9AI score0.01486EPSS
Exploits0
CNNVD
CNNVD
added 2022/09/09 12:0 a.m.5 views

OpenHarmony 授权问题漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony v3.1.1 and earlier versions, which stems from the presence of a privilege bypass vulnerability that allows a LAN attacker to bypass...

8.8CVSS8AI score0.00352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/09/06 7:44 a.m.8 views

CVE-2022-38700

OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service...

8.8CVSS5.8AI score0.00352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/07/23 12:15 a.m.5 views

CVE-2022-1128

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page...

6.5CVSS6.8AI score0.0059EPSS
Exploits1References4
OSV
OSV
added 2022/07/14 1:15 p.m.2 views

CVE-2022-28375

Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...

9.8CVSS6.4AI score0.02179EPSS
Exploits1References2
NVD
NVD
added 2022/03/10 5:47 p.m.15 views

CVE-2022-25217

Use of a hard-coded cryptographic key pair by the telnetdstartup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetdstartup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware...

7.8CVSS0.00324EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/03/07 1:44 a.m.3 views

CVE-2022-25595

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt...

6.5CVSS5.4AI score0.00386EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/02 1:33 a.m.4 views

CVE-2022-23970

ASUS RT-AX56U’s updatejson function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a system file by uploading another file with the same file name, which results in service disruption...

8.1CVSS5.5AI score0.00472EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/14 4:35 a.m.8 views

CVE-2022-22054

ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate filtering for special characters in URL parameters, which allows an unauthenticated local area network attacker to access restricted system paths and download arbitrary files...

6.5CVSS6.7AI score0.00452EPSS
Exploits0References2
Prion
Prion
added 2021/08/16 5:15 a.m.25 views

Command injection

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

2.1CVSS6.5AI score0.24563EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.4 views

Apple macOS 输入验证错误漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. macOS suffers from an input validation error vulnerability that stems from insufficient validation of user-supplied input when processing paths in smbx. A remote attacker on a local network could exploit this...

6.5CVSS6.6AI score0.24292EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.5 views

Apple macOS 信息泄露漏洞

Apple macOS is a specialized operating system developed by Apple Inc. for Mac computers. An information disclosure vulnerability exists in macOS, which stems from excessive data output in smbx. A remote attacker on a local network could exploit this vulnerability to gain unauthorized access to...

5.9CVSS6.5AI score0.01641EPSS
Exploits0References8
Prion
Prion
added 2020/08/31 3:15 p.m.14 views

Hardcoded credentials

THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol...

7.2CVSS7.5AI score0.00415EPSS
Exploits1References1Affected Software2
Cvelist
Cvelist
added 2020/08/31 2:22 p.m.29 views

CVE-2020-11618

THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol...

7.6AI score0.00415EPSS
Exploits1References1
OSV
OSV
added 2020/08/07 10:15 p.m.4 views

CVE-2020-15065

DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values...

6.5CVSS6.6AI score0.0051EPSS
Exploits0References1
Rows per page
Query Builder