1125 matches found
CVE-2024-28728
CVE-2024-28728 describes a Cross Site Scripting vulnerability in D-Link DWR-2000M 5G CPE with Wi-Fi 6 Ax1800 and D-Link DWR-2000M_1.34ME. The issue arises from handling of the WiFi SSID Name field, allowing a local attacker to obtain sensitive information via a crafted payload. Affected product/v...
Tianyu CPE Router CommonCPExCPETS Command Execution Vulnerability
Tianyu CPE Router is a wireless router from China Tianyu Tianyu. A command execution vulnerability exists in the Tianyu CPE Router CommonCPExCPETS, which can be exploited by an attacker to execute arbitrary commands on the system...
AlmaLinux 9 : python3.12 (ALSA-2024:8447)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:8447 advisory. python: cpython: tarfile: ReDos via excessive backtracking while parsing header values CVE-2024-6232 Tenable has extracted the preceding description block directly...
NuGet Package 'Betalgo.OpenAI' Detection
The remote host has a 'Betalgo.OpenAI' with a Verified NuGet package status and is installed on the remote host. Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
CVE-2024-48440
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...
CVE-2024-48441
Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETSv3.2.468.11.04P4 was discovered to contain a command injection vulnerability via the component atcommand.asp...
CVE-2024-48442
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication...
CVE-2024-48442
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication...
CVE-2024-48440
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...
CVE-2024-48441
Wuhan Tianyu Information Industry Co., Ltd Tianyu CPE Router CommonCPExCPETSv3.2.468.11.04P4 was discovered to contain a command injection vulnerability via the component atcommand.asp...
CVE-2024-48442
CVE-2024-48442 affects Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLIC, version 3.2.2543.12.18. Root cause is an incorrect access control that allows unauthenticated SSH access. Reported impact is confidentiality exposure via SSH without authentication; no...
CVE-2024-48442
Incorrect access control in Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 allows attackers to access the SSH protocol without authentication...
CVE-2024-48440
Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA RG500UEAABxCOMSLICv3.2.2543.12.18 was discovered to contain a command injection vulnerability via the component atcommand.asp...
PT-2024-33112 · Tianyu · Tianyu Cpe Router
Name of the Vulnerable Software and Affected Versions: Tianyu CPE Router version CommonCPExCPETS v3.2.468.11.04 P4 Description: A command injection issue was discovered in the Tianyu CPE Router, specifically via the component at command.asp. Recommendations: For version CommonCPExCPETS...
CVE-2024-48440
The CVE-2024-48440 entry affects Shenzhen Tuoshi Network Communications Co.,Ltd 5G CPE Router NR500-EA (RG500UEAABxCOMSLICv3.2.2543.12.18) and is caused by a command injection vulnerability in the at_command.asp component. Public data lists CVSSv3.1 metrics: AV Adjacent, AC Low, PR None, UI None,...
CVE-2024-48441
The CVE-2024-48441 issue affects the Tianyu CPE Router CommonCPExCPETS version v3.2.468.11.04_P4, specifically the at_command.asp component, where a command-injection vulnerability exists. The root cause is input handling in at_command.asp that allows arbitrary commands to be executed with high i...
Eclipse Jetty DoS Vulnerability (GHSA-r7m4-f9h5-gr79) - Windows
Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...
CVE-2024-39547
The CVE describes an Improper Handling of Exceptional Conditions vulnerability in the rpd-server of Juniper Networks Junos OS and Junos OS Evolved within cRPD. An unauthenticated network attacker can trigger a CPU-based DoS by sending crafted TCP traffic to the control plane, or when a TCP sessio...
CUPS Multiple Vulnerabilities (Sep/Oct 2024)
Various components of CUPS are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Fedora 40 : chisel (2024-5aad2fda6a)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5aad2fda6a advisory. Update to new upstream version closes rhbz2303131 Tenable has extracted the preceding description block directly from the Fedora security advisory...