Lucene search
K

30 matches found

CVE
CVE
added 2026/06/24 3:40 a.m.9 views

CVE-2026-12851

Geovision GV-I/O Box 4E (version 2.09) contains multiple OS command injection flaws in libNetSetObj.so, including CVE-2026-12851. The vulnerabilities arise from unsanitized inputs in CNetSetObj::m_F_n_Set_DNS_Addr (and related DNS/IP/Netmask/Gateway/config functions), which build shell commands a...

9.1CVSS5.9AI score0.01684EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:34 a.m.15 views

CVE-2026-12848

The CVE-2026-12848 entry refers to GV-I/O Box 4E, a device exposing DVRSearch over UDP (port 10001). Connected sources describe a concrete vulnerability in the DNS field handling: attacker-controlled input can trigger a stack overflow via copying g_network_config->dns_addr into a local reply_b...

10CVSS6.2AI score0.00427EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/22 3:30 a.m.6 views

EUVD-2019-19918

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes...

6.9CVSS6AI score0.00171EPSS
Exploits1References5
NVD
NVD
added 2026/03/22 1:16 a.m.5 views

CVE-2019-25588

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes...

6.9CVSS0.00171EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/22 12:11 a.m.1 views

CVE-2019-25588

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the DNS Address field that allows local attackers to crash the application by supplying an excessively long string. Attackers can enable the DNS Address option in the Firewall settings and paste a buffer of 700 bytes...

6.9CVSS6AI score0.00171EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/22 12:11 a.m.17 views

CVE-2019-25588

BulletProof FTP Server 2019.0.0.50 contains a local-denial of service vulnerability in the DNS Address field. By enabling DNS Address in the Firewall settings and pasting a ~700-byte buffer, an attacker can crash the application when Test is invoked. Affects BulletProof FTP Server 2019.0.0.50; ro...

6.9CVSS6AI score0.00171EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-8755

Malware in sbrugna...

7.5CVSS7.6AI score0.02415EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-26929

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:35 p.m.6 views

CVE-2021-36380

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi...

10CVSS7.4AI score0.97599EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/04/12 4:29 a.m.672 views

Exploit for CVE-2024-28255

OpenMetadataRCE CVE-2024-28255 Batch scan/exploit 1.このツー...

9.8CVSS9.6AI score0.73255EPSS
Exploits5
NVD
NVD
added 2024/02/05 10:15 p.m.35 views

CVE-2023-22817

Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...

5.5CVSS5.7AI score0.00241EPSS
Exploits0References1
CVE
CVE
added 2024/02/05 9:26 p.m.49 views

CVE-2023-22817

CVE-2023-22817 describes an SSRF vulnerability in Western Digital My Cloud OS 5 (prior to 5.27.161), My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices (prior to 9.5.1-104). The issue stems from insufficient validation of incoming requests, allowing a rogue server on the local network to m...

5.5CVSS6AI score0.00241EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/02/05 9:26 p.m.34 views

CVE-2023-22817 Server-side Request Forgery vulnerability in Western Digital My Cloud, My Cloud Home and SanDisk ibi products

Server-side request forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL using another DNS address to point back to the loopback adapter. This could then allow the URL to exploit other vulnerabilities on the local server. This was addressed by fixing D...

5.5CVSS6.3AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2024/02/02 9:35 a.m.13 views

SUSE-SU-2024:0317-1 Security update for openconnect

This update for openconnect fixes the following issues: - Update to release 9.12: Explicitly reject overly long tun device names. Increase maximum input size from stdin 579. Ignore 0.0.0.0 as NBNS address !446, vpnc-scripts58. Fix stray null in URL path after Pulse authentication 4023bd95. Fix...

9.8CVSS8.1AI score0.04622EPSS
Exploits1References9
VulnCheck KEV
VulnCheck KEV
added 2023/10/09 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-36380

Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi...

10CVSS7.5AI score0.97599EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.5 views

SUSE CVE-2015-8899

Dnsmasq before 2.76 allows remote servers to cause a denial of service crash via a reply with an empty DNS address that has an 1 A or 2 AAAA record defined locally...

7.5CVSS6.9AI score0.02415EPSS
Exploits0References11
CNNVD
CNNVD
added 2023/02/09 12:0 a.m.6 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Jan-2023 Release 1 prior to Release 1, which stems from incorrect authorization manageme...

5.7CVSS5.7AI score0.0015EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/09/29 12:0 a.m.5 views

The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine aircraft monitoring application, which allows a violator to execute arbitrary commands

The vulnerability of the cgi/networkDiag.cgi implementation of the SureLine monitoring application exists because measures are not taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...

10CVSS8.4AI score0.97599EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2021/08/13 4:15 p.m.6 views

CVE-2021-36380

Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi...

9.8CVSS7.5AI score0.97599EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2019/05/20 12:0 a.m.118 views

BulletProof FTP Server 2019.0.0.50 DNS Address / Storage-Path Denial Of Service

Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested...

0.5AI score
Exploits0
Rows per page
Query Builder