CVE-2020-6086

An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious...

The vulnerability of function sub_40662C in the microprogramming software for the TOTOlink EX1800T Wi-Fi range extension allows a intruder to execute arbitrary code.

The vulnerability of the sub40662C function in the TOTOlink EX1800T Wi-Fi extension software is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted network request containing a specific SSID...

CentOS 7 : thunderbird (RHSA-2022:9079)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9079 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER...

CVE-2023-49593

Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4Av3411b2T2RLEV09170623. A specially crafted network request can lead to arbitrary command execution...

CVE-2023-49593

CVE-2023-49593 affects LevelOne WBR-6013 wireless router (Boa web server, Realtek SDK) where leftover debug code in the /boafrm/formSysCmd API allows an attacker to execute arbitrary commands via a crafted network request. Talos confirms the vulnerability, including an exploitable path and a PoC,...

OSGeo GeoServer JAI-EXT Code Injection Vulnerability

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution...

CVE-2023-47166

A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability...

CVE-2023-47166

A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a network request to trigger this vulnerability...

CVE-2023-47166

Milesight UR32L firmware update vulnerability (CVE-2023-47166) affects luci2-io file-import in v32.3.0.7-r2. A crafted network request can bypass upgrade validation, enabling arbitrary firmware updates and potential full device takeover. CVSS v3.1 score 8.8 (Network, Low attack complexity, Privil...

Milesight UR32L 授权问题漏洞

Milesight UR32L is a 4G industrial router from China's StarZone IOT Milesight. An authorization issue vulnerability exists in Milesight UR32L v32.3.0.7-r2, which stems from a firmware update vulnerability in the file import function, where a specially crafted network request could result in an...

Milesight UR32L luci2-io file-import firmware update vulnerability

Talos Vulnerability Report TALOS-2023-1852 Milesight UR32L luci2-io file-import firmware update vulnerability May 1, 2024 CVE Number CVE-2023-47166 SUMMARY A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network...

Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability

Talos Vulnerability Report TALOS-2024-1948 Open Automation Software OAS Platform OAS Engine File Data Source Configuration denial of service vulnerability April 3, 2024 CVE Number CVE-2024-24976 SUMMARY A denial of service vulnerability exists in the OAS Engine File Data Source Configuration...

BIT-ELASTICSEARCH-2022-23712

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request...

VulnCheck KEV: CVE-2022-24816

OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution...

The vulnerability of the NEXO-OS operating system in the Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner tools for maintenance work on production lines allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the NEXO-OS operating system for tools used in production line maintenance with the Bosch Nexo cordless nutrunner and Bosch Nexo special cordless nutrunner lies in the overflowing of memory buffer in dynamic memory. Exploiting this vulnerability can allow a malicious actor to...

CVE-2023-48266

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...

CVE-2023-48265

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...

CVE-2023-48266

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...

CVE-2023-48265

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...

CVE-2023-48264

The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...