Lucene search
+L

593 matches found

cvelist
cvelist
added 2022/01/14 7:11 p.m.24 views

CVE-2021-3965

Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews...

7.8AI score0.05235EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/01/14 12:0 a.m.6 views

HP DesignJet安全漏洞

HP DesignJet is an American HP company that provides plotter functionality. A security vulnerability exists in HP DesignJet that stems from the fact that certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests that allow viewing and downloading of print job previews...

7.5CVSS7.3AI score0.05235EPSS
Exploits0References2
osv
osv
added 2022/01/08 12:43 a.m.33 views

GHSA-WRX7-QGMJ-MF2Q Server-Side Request Forgery in Apache Kylin

All request mappings in StreamingCoordinatorController.java handling /kylin/api/streamingcoordinator/ REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification...

7.5CVSS7.6AI score0.02557EPSS
Exploits0References5
osv
osv
added 2021/10/26 2:15 p.m.22 views

CVE-2021-41157

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. Abuse...

5.3CVSS6.5AI score
Exploits0References4
osv
osv
added 2021/10/26 10:15 a.m.6 views

CVE-2021-34593

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing...

7.5CVSS7.1AI score0.02649EPSS
Exploits4References4
prion
prion
added 2021/10/26 10:15 a.m.13 views

Design/Logic Flaw

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing...

5CVSS7.5AI score0.02649EPSS
Exploits4References4Affected Software2
cvelist
cvelist
added 2021/10/26 9:55 a.m.32 views

CVE-2021-34593 CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service

In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versions V2.4.7.56 unauthenticated crafted invalid requests may result in several denial-of-service conditions. Running PLC programs may be stopped, memory may be leaked, or further communication clients may be blocked from accessing...

7.5CVSS7.7AI score0.02649EPSS
Exploits4References4
cnnvd
cnnvd
added 2021/10/26 12:0 a.m.35 views

CODESYS 安全漏洞

CODESYS is a controller development system from 3S-Smart Software Solutions, Germany. A security vulnerability exists in CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56, which stems from a crafted invalid request without authentication in the affected software may...

7.5CVSS7.2AI score0.02649EPSS
Exploits4References7
ptsecurity
ptsecurity
added 2021/10/26 12:0 a.m.9 views

PT-2021-20569 · 3S Smart Software Solutions · Codesys V2 Runtime Toolkit

Name of the Vulnerable Software and Affected Versions: CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT versions prior to V2.4.7.56 Description: The issue allows unauthenticated crafted invalid requests to result in several denial-of-service conditions. This can cause running PLC programs to b...

7.5CVSS7.2AI score0.02649EPSS
Exploits4References9
cnvd
cnvd
added 2021/10/11 12:0 a.m.21 views

Digi RealPort has an unspecified vulnerability

Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol.A security vulnerability exists in Digi RealPort that could be exploited by an attacker to...

9.8CVSS3.8AI score0.00665EPSS
Exploits0References1
cnnvd
cnnvd
added 2021/10/08 12:0 a.m.7 views

Digi RealPort 安全漏洞

Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol.A security vulnerability exists in Digi RealPort that could be exploited by an attacker to...

9.8CVSS8.3AI score0.00665EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2021/09/17 12:0 a.m.10 views

PT-2021-22116 · Digi · Digi Portserver Ts 16 Rack

Name of the Vulnerable Software and Affected Versions: Digi PortServer TS 16 Rack device affected versions not specified Description: The issue concerns the Digi PortServer TS 16 Rack device, where properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers do not...

9.8CVSS9.4AI score0.01342EPSS
Exploits0References3
attackerkb
attackerkb
added 2021/09/14 5:0 p.m.5 views

CVE-2021-38412

Properly formatted POST requests to multiple resources on the HTTP and HTTPS web servers of the Digi PortServer TS 16 Rack device do not require authentication or authentication tokens. This vulnerability could allow an attacker to enable the SNMP service and manipulate the community strings to...

9.8CVSS7.2AI score0.01342EPSS
Exploits0References2
attackerkb
attackerkb
added 2021/09/14 12:15 p.m.5 views

CVE-2021-38177

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP syst...

7.5CVSS7.1AI score0.03223EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2021/08/26 12:0 a.m.11 views

PT-2021-18249 · October · October/System

Name of the Vulnerable Software and Affected Versions: october/system package versions prior to v1.1.5 october/system package versions prior to Build 472 Description: The issue allows an attacker to bypass authentication and take over a user account on an October CMS server. This can be exploited...

7.4CVSS7.4AI score0.00895EPSS
Exploits0References9
cnnvd
cnnvd
added 2021/06/16 12:0 a.m.7 views

Cisco Meeting Server 输入验证错误漏洞

Cisco Meeting Server is a video conferencing solution from Cisco that combines place-based video, audio, and Web communications to meet the collaboration needs of the modern workplace. A denial of service vulnerability exists in the API for Cisco Meeting Server versions 3.1, 3.1.1. The...

6.5CVSS5.6AI score0.01101EPSS
Exploits0References4
osv
osv
added 2021/06/10 7:15 a.m.6 views

AZL-6473 CVE-2019-17567 affecting package httpd for versions less than 2.4.52-1

Apache HTTP Server versions 2.4.6 to 2.4.46 modproxywstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authenticati...

5.3CVSS6.7AI score0.60266EPSS
Exploits0References1
osv
osv
added 2021/06/08 7:15 p.m.6 views

UBUNTU-CVE-2020-28713

Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The we...

6.5CVSS5.8AI score0.01359EPSS
Exploits1References2
osv
osv
added 2021/06/01 2:15 p.m.3 views

CVE-2020-4561

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. IBM X-Force ID: 183903...

10CVSS7.3AI score
Exploits0References3
cnnvd
cnnvd
added 2021/04/27 12:0 a.m.6 views

Apache Ozone 访问控制错误漏洞

Apache Ozone is a scalable, redundant and distributed object store for Hadoop and cloud-native environments. An authorization issue vulnerability exists in Apache Ozone Cluster versions prior to 1.1.0 related to the affected version allowing access to keys and buckets via curl commands or...

7.5CVSS5.7AI score0.02266EPSS
Exploits0References7
Rows per page
Query Builder