Lucene search
K

16599 matches found

Cvelist
Cvelist
added 2024/11/21 2:41 p.m.37 views

CVE-2024-29224

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...

9.8CVSS0.06292EPSS
Exploits0References1
CVE
CVE
added 2024/11/21 2:41 p.m.56 views

CVE-2024-29224

Summary: CVE-2024-29224 affects GoCast 1.1.3. The NAT parameter in the GoCast HTTP API can be abused to trigger OS command injection, enabling arbitrary command execution via an unauthenticated HTTP request. The root cause is the nat string being concatenated into a system command (iptables) with...

9.8CVSS9.8AI score0.06292EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/21 2:41 p.m.14 views

CVE-2024-28026

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

7.2CVSS7.7AI score0.05838EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/21 2:41 p.m.20 views

CVE-2024-28025

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these...

7.2CVSS7.7AI score0.07504EPSS
Exploits1References1
CVE
CVE
added 2024/11/21 2:41 p.m.63 views

CVE-2024-28027

MC Technologies MC LR Router 2.10.5 exposes three OS command injection flaws in the web interface I/O configuration CGI (/cgi-bin/p/adm/io). An authenticated HTTP request can reach three parameters—btn1 , out1 , and timer1 —where attacker-controlled values are directly passed to system calls, res...

7.2CVSS7.6AI score0.07504EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/21 2:41 p.m.15 views

CVE-2024-21786

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS7.2AI score0.10514EPSS
Exploits1References1
CVE
CVE
added 2024/11/21 2:41 p.m.81 views

CVE-2024-21786

CVE-2024-21786 is an OS command injection vulnerability in MC Technologies MC LR Router 2.10.5. Cisco Talos details show the flaw resides in the web interface configuration upload path (cgi-bin/p/adm/cfg) where the request handling writes the user-supplied filename and derives file_type from the ...

7.2CVSS7.3AI score0.10514EPSS
Exploits1References2Affected Software1
Redos
Redos
added 2024/11/21 12:0 a.m.16 views

ROS-20241121-06

A vulnerability in the Consul service configuration tool is related to the use of URL paths in L7 traffic. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access rules based on HTTP request paths. HTTP request paths The vulnerability in the Consul service...

8.1CVSS5.9AI score0.00725EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/11/21 12:0 a.m.8 views

CBL Mariner 2.0 Security Update: libsoup (CVE-2024-52530)

The version of libsoup installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52530 advisory. - GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at...

7.5CVSS6.8AI score0.00793EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/11/21 12:0 a.m.7 views

RHEL 7 : libsoup (RHSA-2024:9654)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:9654 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: HTTP request smuggling via stripping null bytes fr...

7.5CVSS7AI score0.00793EPSS
Exploits1References4
Talos
Talos
added 2024/11/21 12:0 a.m.33 views

MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability

Talos Vulnerability Report TALOS-2024-1954 MC Technologies MC LR Router web interface configuration upload OS command injection vulnerability November 21, 2024 CVE Number CVE-2024-21786 SUMMARY An OS command injection vulnerability exists in the web interface configuration upload functionality of...

7.2CVSS8AI score0.10514EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/20 8:0 a.m.4 views

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations

...

7.5CVSS6.9AI score0.00793EPSS
Exploits1
Rockylinux
Rockylinux
added 2024/11/19 4:0 p.m.27 views

libsoup security update

An update is available for libsoup. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libsoup packages provide an HTTP client and server library for GNOME...

7.5CVSS6.8AI score0.00933EPSS
Exploits1
OSV
OSV
added 2024/11/19 4:0 p.m.23 views

RLSA-2024:9573 Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names CVE-2024-52530 For more details about the security...

7.5CVSS7.8AI score0.00933EPSS
Exploits1References3
Veracode
Veracode
added 2024/11/19 7:54 a.m.8 views

HTTP Request Smuggling

io.undertow:undertow-core is vulnerable to HTTP Request Smuggling. The vulnerability is due to incorrect parsing of cookies with specific value-delimiting characters, enabling attackers to exfiltrate HttpOnly cookies or spoof additional cookie values...

7.4CVSS6.6AI score0.01117EPSS
Exploits0References12Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/19 12:0 a.m.4 views

The vulnerability in the ap_mode.cgi script of NETGEAR’s router microprogramming devices R8500, XR300, R7000P, and R6400 v2 allows a hacker to induce a service failure.

The vulnerability of the apmode.cgi script in NETGEAR’s router microprogramming devices such as R8500, XR300, R7000P, and R6400 v2 lies in a buffer overflow that occurs during the processing of the apmodedns1pri and apmodedns1sec parameters. Exploiting this vulnerability allows an attacker to...

5.7CVSS5.9AI score0.00292EPSS
Exploits0References3Affected Software4
Tenable Nessus
Tenable Nessus
added 2024/11/19 12:0 a.m.11 views

RockyLinux 8 : libsoup (RLSA-2024:9573)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9573 advisory. libsoup: infinite loop while reading websocket data CVE-2024-52532 libsoup: HTTP request smuggling via stripping null bytes from the ends of header names...

7.5CVSS7AI score0.00933EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/18 9:41 p.m.22 views

Security Bulletin: Several Security Vulnerabilities were discovered in IBM Security Directory Suite

Summary Several Security Vulnerabilities in the IBM Security Directory Integrator and Eclipse Jetty were addressed in the IBM Security Directory Suite. Vulnerability Details CVEID:CVE-2022-32759 DESCRIPTION: IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0...

9.8CVSS8AI score0.7848EPSS
Exploits5Affected Software1
Snyk
Snyk
added 2024/11/18 9:2 p.m.2 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to incorrect parsing of newlines in chunk extensions via the feeddata function. An attacker can bypass firewall or proxy protections by sending specially crafted requests. Note: Exploiting this vulnerability i...

8.2CVSS7AI score0.00576EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/11/18 8:1 p.m.289 views

XXE in PHPSpreadsheet's XLSX reader

Summary The XmlScanner class has a scan method which should prevent XXE attacks. However, we found another bypass than the previously reported CVE-2024-47873, the regexes from the findCharSet method, which is used for determining the current encoding can be bypassed by using a payload in the...

7.5CVSS7.5AI score0.00718EPSS
Exploits1References5Affected Software2
Rows per page
Query Builder