CVE-2024-8947 MicroPython objarray.c use after free

A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...

CVE-2024-8869

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult...

CVE-2024-8869 TOTOLINK A720R exportOvpn os command injection

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult...

CVE-2024-8869

CVE-2024-8869 affects TOTOLINK A720R 4.1.5; the vulnerability is in the exportOvpn function and enables OS command injection. The issue can be exploited remotely with high impact on confidentiality, integrity, and availability (per CVSS data), and exploitability is described as difficult with hig...

CVE-2024-8869 TOTOLINK A720R exportOvpn os command injection

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult...

AutomationDirect DirectLogic H2-DM1E

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION : Exploitable from an adjacent network/low attack complexity Vendor : AutomationDirect Equipment : DirectLogic H2-DM1E Vulnerabilities : Session Fixation, Authentication Bypass by Capture-replay 2. RISK EVALUATION Successful exploitation of...

CVE-2024-7592

...

BPL Medical Technologies PWS-01-BT and BPL Be Well Android Application

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Low attack complexity/public exploits are available Vendor : BPL Medical Technologies Equipment : PWS-01-BT, Be Well Android App Vulnerability : Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of...

EulerOS 2.0 SP12 : python-pip (EulerOS-SA-2024-2349)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

EulerOS 2.0 SP12 : python-idna (EulerOS-SA-2024-2355)

According to the versions of the python-idna package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

Siemens SINUMERIK ONE, SINUMERIK 840D and SINUMERIK 828D

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

EulerOS 2.0 SP12 : python-idna (EulerOS-SA-2024-2347)

According to the versions of the python-idna package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was identified in the kjd/idna library, specifically within the idna.encode function, affecting version 3.6. The issue arises...

CVE-2024-8580 TOTOLINK AC1200 T8 shadow.sample hard-coded password

A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861B20230220. This vulnerability affects unknown code of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can be initiated remotely. The complexity of an attack is rather...

OESA-2024-2119 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

GHSA-G6Q4-W3J3-JFC4 Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill

A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is...

ReDoS in urlregex

A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...

GHSA-RW72-V6C7-HF9R ReDoS in urlregex

A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...

CVE-2023-7279

A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targetsschema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular...

CVE-2020-36830

A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...

CVE-2020-36830

A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The...