Lucene search
K

9791 matches found

CVE
CVE
added 2022/05/04 12:8 a.m.1430 views

CVE-2021-43164

CVE-2021-43164 affects Ruijie RG-EW Series routers running ReyeeOS up to 1.55.1915 / EW_3.0(1)B11P55. The vulnerability is an RCE via the updateVersion function in /cgi-bin/luci/api/wireless, with PoC and public exploit code showing authenticated access can trigger code execution on affected devi...

8.8CVSS8.8AI score0.34947EPSS
Exploits4References3Affected Software1
OSV
OSV
added 2022/05/02 3:38 a.m.12 views

GHSA-9RJ9-5WCV-XGF2 Roundup Improper Access Control

The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as...

5.5CVSS6.1AI score0.02322EPSS
Exploits0References12
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.8 views

The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a hacker to execute arbitrary code.

The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter is related to the lack of validation for the sequences of XML objects. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

7.5CVSS7.6AI score0.68846EPSS
Exploits1References18Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.5 views

The vulnerability of the CGI interpreter component for the PHP programming language allows attackers to disclose protected information, compromise data integrity, or cause service failures.

The vulnerability of the cgi component sapi/cgi/cgimain.c in the PHP programming language is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to disclose sensitive information, compromise data integrity, or cause service failures...

7.5CVSS7.1AI score0.1689EPSS
Exploits1References19Affected Software4
NVD
NVD
added 2022/04/25 5:15 a.m.14 views

CVE-2021-40680

There is a Directory Traversal vulnerability in Artica Proxy 4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273 via the filename parameter to /cgi-bin/main.cgi...

8.1CVSS0.01262EPSS
Exploits0References1
Prion
Prion
added 2022/04/25 5:15 a.m.20 views

Directory traversal

There is a Directory Traversal vulnerability in Artica Proxy 4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273 via the filename parameter to /cgi-bin/main.cgi...

5.5CVSS7.9AI score0.01262EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/25 4:12 a.m.19 views

CVE-2021-40680

There is a Directory Traversal vulnerability in Artica Proxy 4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273 via the filename parameter to /cgi-bin/main.cgi...

8.1CVSS8.2AI score0.01262EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.3 views

Artica Proxy 路径遍历漏洞

Artica Proxy is an open source Artica proxy solution from Artica France. A security vulnerability exists in Artica Proxy VMWare Appliance 4.30.000000 SP273 and earlier versions and Artica Proxy versions 4.30.000000 SP206 through SP255, which stems from a lack of filtering of the filename paramete...

8.1CVSS7.7AI score0.01262EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/04/20 12:0 a.m.25 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2022-1496)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS7.3AI score0.02931EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/04/20 12:0 a.m.40 views

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2022-1515)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS7.3AI score0.02931EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/04/20 12:0 a.m.7 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1458)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.02931EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/04/20 12:0 a.m.13 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1437)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.02931EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/04/20 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1515)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.02931EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/04/20 12:0 a.m.12 views

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2022-1496)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.9AI score0.02931EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/04/18 12:0 a.m.31 views

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2022-1458)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS7.3AI score0.02931EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/04/18 12:0 a.m.40 views

EulerOS 2.0 SP9 : ruby (EulerOS-SA-2022-1437)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby...

7.5CVSS7.3AI score0.02931EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/14 12:0 a.m.3 views

ArduPilot APWeb 缓冲区错误漏洞

ArduPilot APWeb is an ArduPilot web server interface. A security vulnerability exists in ArduPilot APWeb that stems from a memory corruption in the cgi.c unescape function. An attacker can send a specially crafted HTTP request to trigger this vulnerability...

9.8CVSS6.6AI score0.01636EPSS
Exploits1References2
Talos
Talos
added 2022/04/14 12:0 a.m.41 views

ArduPilot APWeb cgi.c unescape memory corruption vulnerability

Summary A memory corruption vulnerability exists in the cgi.c unescape functionality of ArduPilot APWeb master branch 50b6b7ac - master branch 46177cb9. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. Tested...

9.8CVSS7.5AI score0.01636EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/04/14 12:0 a.m.4 views

PT-2022-19187 · Ardupilot · Ardupilot Apweb

Name of the Vulnerable Software and Affected Versions: ArduPilot APWeb master branch versions 50b6b7ac through 46177cb9 Description: A memory corruption issue exists in the cgi.c unescape functionality. This can be triggered by a specially-crafted HTTP request, leading to memory corruption. An...

9.8CVSS5.7AI score0.01636EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/10 9:15 p.m.3 views

CVE-2022-27268

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component getcgifrommemory. This vulnerability is triggered via a crafted packet...

9.8CVSS6.5AI score0.03592EPSS
Exploits1References4
Rows per page
Query Builder