Lucene search
K

144 matches found

NVD
NVD
added 2020/09/09 5:15 p.m.19 views

CVE-2020-2041

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS...

7.8CVSS0.02135EPSS
Exploits0References1
OSV
OSV
added 2020/09/09 5:15 p.m.5 views

CVE-2020-2041

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS...

7.5CVSS7.2AI score0.02135EPSS
Exploits0References1
Prion
Prion
added 2020/09/09 5:15 p.m.16 views

Cross site request forgery (csrf)

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS...

7.8CVSS7.5AI score0.02135EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/09/09 4:45 p.m.72 views

CVE-2020-2041

CVE-2020-2041 describes a denial-of-service condition in Palo Alto Networks PAN-OS caused by an insecure configuration of the appweb daemon . The vulnerability allows a remote, unauthenticated actor to send a crafted request that crashes the appweb service, leading to a restart of PAN-OS services...

7.8CVSS7.5AI score0.02135EPSS
Exploits0References1Affected Software1
Palo Alto Networks
Palo Alto Networks
added 2020/09/09 4:0 p.m.38 views

PAN-OS: Management web interface denial-of-service (DoS)

An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS...

7.5CVSS3.1AI score0.02135EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/14 12:0 a.m.2 views

Appweb Null Pointer Dereference Vulnerability

Appweb is a web server for embedded applications. Appweb suffers from a null pointer dereference vulnerability. The vulnerability stems from the fact that Appweb, which supports CGI, does not properly handle HTTP requests with a Range header that lacks an exact range. An attacker could exploit th...

7.5CVSS6.7AI score0.01328EPSS
Exploits0References1
OSV
OSV
added 2020/07/13 2:15 p.m.5 views

CVE-2020-15689

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...

7.5CVSS5.8AI score0.01328EPSS
Exploits0References1
NVD
NVD
added 2020/07/13 2:15 p.m.18 views

CVE-2020-15689

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...

7.5CVSS0.01328EPSS
Exploits0References1
Prion
Prion
added 2020/07/13 2:15 p.m.11 views

Null pointer dereference

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...

5CVSS7.4AI score0.01328EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/13 1:48 p.m.22 views

CVE-2020-15689

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service...

7.5AI score0.01328EPSS
Exploits0References1
CVE
CVE
added 2020/07/13 1:48 p.m.48 views

CVE-2020-15689

CVE-2020-15689 affects Appweb prior to 7.2.2 and 8.x prior to 8.1.0 when built with CGI support. A crafted HTTP Range header lacking an exact range can cause a NULL pointer dereference, leading to a denial of service. Impact is described as a crash/DoS without additional exploitation details in t...

7.5CVSS7.4AI score0.01328EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/08/02 12:0 a.m.4 views

The vulnerability of Web servers Embedthis GoAhead and Embedthis Appweb, related to POST HTTP request processing errors, allows attackers to trigger a service failure.

The vulnerability of Embedthis GoAhead and Embedthis Appweb web servers is related to HTTP request processing errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS5.5AI score0.02227EPSS
Exploits1References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2019/08/02 12:0 a.m.6 views

The vulnerability of Web servers Embedthis GoAhead and Embedthis Appweb, related to HTTP request processing errors, allows attackers to trigger service interruptions.

The vulnerability of Embedthis GoAhead and Embedthis Appweb web servers is related to HTTP request processing errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS5.5AI score0.02766EPSS
Exploits1References3Affected Software3
CNVD
CNVD
added 2019/07/09 12:0 a.m.2 views

Dynacolor FCM-MB40 Trust Management Issues Vulnerability

Dynacolor FCM-MB40 is an IP camera from Dynacolor, Taiwan, China. A security vulnerability exists in the Dynacolor FCM-MB40 v1.2.0.0, which originates from the program storing web-based administrative credentials in plaintext in /etc/appWeb/appweb.pass. An attacker could exploit the vulnerability...

9.8CVSS6.9AI score0.01644EPSS
Exploits1References1
CVE
CVE
added 2019/07/08 12:2 a.m.46 views

CVE-2019-13400

CVE-2019-13400 affects Dynacolor FCM-MB40 v1.2.0.0. The issue arises from storing administrative web-interface credentials in cleartext at /etc/appWeb/appweb.pass, which can be retrieved by accessing cgi-bin/getuserinfo.cgi?mode=info. The vulnerability is evidenced in multiple sources (NVD entry ...

9.8CVSS9.3AI score0.01644EPSS
Exploits1References1Affected Software1
Wallarm Lab
Wallarm Lab
added 2019/02/28 3:45 p.m.237 views

Can your Printer Hack your Secrets: Appweb Authorization Bypass

How IoT can pave the way for data breaches: Understanding the Appweb Authorization Bypass An engineering POV into everyday vulnerability. The everyday things you rely on may leave you vulnerable to attack. And it may not be the things themselves, but what is hiding inside. Are your IoT devices,...

6.8CVSS8.6AI score0.19854EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2018/11/02 12:0 a.m.230 views

Appweb < 7.0.3 authCondition Authentication Bypass Vulnerability

According to its banner, the version of Appweb installed on the remote host is prior to 7.0.3. It is, therefore, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. Note...

8.1CVSS7.8AI score0.19854EPSS
Exploits2References2
OSV
OSV
added 2018/08/18 3:29 a.m.3 views

CVE-2018-15505

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing '' character in an IPv6 address...

7.5CVSS5.8AI score0.02227EPSS
Exploits1References4
OSV
OSV
added 2018/08/18 3:29 a.m.3 views

CVE-2018-15504

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11...

7.5CVSS5.8AI score0.02766EPSS
Exploits1References5
Cvelist
Cvelist
added 2018/08/18 12:0 a.m.29 views

CVE-2018-15504

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11...

7.5AI score0.02766EPSS
Exploits1References5
Rows per page
Query Builder