9454 matches found
CVE-2023-38709
CVE-2023-38709 describes HTTP response splitting in the core of Apache HTTP Server caused by faulty input validation. It affects Apache HTTP Server up to version 2.4.58; multiple advisories (e.g., Astra Linux, AlmaLinux, Alpine Linux) note that upgrading to 2.4.64 fixes the issue. Some sources in...
Schweitzer Engineering Laboratories SEL 700 series relays
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : Schweitzer Engineering Laboratories Equipment : SEL 700 series relays Vulnerability : Inclusion of Undocumented Features 2. RISK EVALUATION Successful exploitation of this vulnerability...
PT-2024-25148 · Sourcecodester · Sourcecodester Elearning System
Name of the Vulnerable Software and Affected Versions: SourceCodester eLearning System version 1.0 Description: A vulnerability has been found in the Maintenance Module of the SourceCodester eLearning System. The manipulation of the Subject Code/Description argument leads to cross-site scripting...
enersys.ru Cross Site Scripting vulnerability OBB-3897221
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
PT-2024-24659 · Unknown · Sourcecodester Internship Portal Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Internship Portal Management System version 1.0 Description: A critical issue has been found in the SourceCodester Internship Portal Management System, affecting the processing of the file admin/edit admin.php. The manipulation...
IOSIX IO-1020 Micro ELD
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION : Exploitable from adjacent network/Low attack complexity Vendor : IOSiX Equipment : IO-1020 Micro ELD Vulnerabilities : Use of Default Credentials, Download of Code Without Integrity Check 2. RISK EVALUATION Successful exploitation of these...
CVE-2024-3039
Affected software: Shanghai Brad Technology BladeX 3.4.0. Vulnerable component: API endpoint /api/blade-user/export-user. Root cause: SQL injection via input manipulation using updatexml(1,concat(0x3f,md5(123456),0x3f),1)=1). Impact: potential remote exploitation allowing unauthorized access or d...
Oracle Linux 8 : thunderbird (ELSA-2024-1494)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-1494 advisory. 115.9.0-1.0.1 - Add Oracle prefs 115.9.0-1 - Update to 115.9.0 build1 - Fix expat CVE-2023-52425 Tenable has extracted the preceding description block...
CVE-2024-2903
CVE-2024-2903 affects Tenda AC7 firmware version 15.03.06.44. A stack-based buffer overflow is triggered in the GetParentControlInfo function located at /goform/GetParentControlInfo via manipulation of the mac argument. The vulnerability permits remote code execution or crash, with a publicly dis...
AutomationDirect C-MORE EA9 HMI
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : AutomationDirect Equipment : C-MORE EA9 HMI Vulnerabilities : Path Traversal, Stack-Based Buffer Overflow, Plaintext Storage of a Password 2. RISK EVALUATION Successful exploitation of these...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
Mozilla: Crash in NSS TLS method
The Mozilla Foundation Security Advisory describes this flaw as: An unchecked return value in TLS handshake code could have caused a potentially exploitable crash...
RHEL 8 : firefox (RHSA-2024:1491)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:1491 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...