Lucene search
K

16603 matches found

NVD
NVD
•added 2024/06/12 5:15 p.m.•15 views

CVE-2024-37040

CWE-120: Buffer Copy without Checking Size of Input ā€˜Classic Buffer Overflow’ vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request...

8.1CVSS0.00393EPSS
Exploits0References1
OSV
OSV
•added 2024/06/12 5:15 p.m.•4 views

CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...

7.5CVSS5.8AI score
Exploits0References1
NVD
NVD
•added 2024/06/12 5:15 p.m.•21 views

CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...

7.5CVSS0.00787EPSS
Exploits0References1
NVD
NVD
•added 2024/06/12 5:15 p.m.•27 views

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ā€˜Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

8.1CVSS0.01025EPSS
Exploits0References1
CVE
CVE
•added 2024/06/12 4:56 p.m.•60 views

CVE-2024-37040

CVE-2024-37040 is associated with Schneider Electric Sage RTU devices. The vulnerability stems from a buffer copy without checking input size in the web interface, described as a classic Buffer Overflow (CWE-120). A malformed HTTP request could cause a fault in the device. Connected sources corro...

8.1CVSS5.5AI score0.00393EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
•added 2024/06/12 4:56 p.m.•11 views

CVE-2024-37040

CWE-120: Buffer Copy without Checking Size of Input ā€˜Classic Buffer Overflow’ vulnerability exists that could allow a user with access to the device’s web interface to cause a fault on the device when sending a malformed HTTP request...

5.4CVSS7.1AI score0.00393EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2024/06/12 4:54 p.m.•10 views

CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...

5.9CVSS6.8AI score0.00787EPSS
Exploits0References1
Cvelist
Cvelist
•added 2024/06/12 4:54 p.m.•28 views

CVE-2024-37039

CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...

5.9CVSS0.00787EPSS
Exploits0References1
CVE
CVE
•added 2024/06/12 4:54 p.m.•50 views

CVE-2024-37039

CVE-2024-37039 affects Schneider Electric Sage RTU devices. The root cause is an unchecked return value (CWE-252) which could allow an attacker to cause a denial of service by sending specially crafted HTTP requests to the device’s web interface. In published references, the vulnerability is asso...

7.5CVSS5.7AI score0.00787EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
•added 2024/06/12 4:50 p.m.•7 views

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ā€˜Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

8.1CVSS6.7AI score0.01025EPSS
Exploits0References1
CVE
CVE
•added 2024/06/12 4:50 p.m.•51 views

CVE-2024-37037

CVE-2024-37037 concerns a path traversal vulnerability in Schneider Electric Sage RTU devices. The authenticated attacker, with access to the device web interface, can exploit an improper limitation of a pathname to a restricted directory via a crafted HTTP request to corrupt files and impact dev...

8.1CVSS8.1AI score0.01025EPSS
Exploits0References1Affected Software1
CVE
CVE
•added 2024/06/12 4:45 p.m.•55 views

CVE-2024-5560

CVE-2024-5560 affects Schneider Electric Sage RTUs, with an out-of-bounds read in the web interface that could cause DoS when a specially crafted HTTP request is sent. Multiple connected sources describe the issue as a vulnerability in the Sage RTU/web interface, linked to CWE-125 (Out-of-bounds ...

7.5CVSS5.3AI score0.00894EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
•added 2024/06/12 4:45 p.m.•28 views

CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request...

5.3CVSS0.00894EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2024/06/12 4:45 p.m.•15 views

CVE-2024-5560

CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the device’s web interface when an attacker sends a specially crafted HTTP request...

5.3CVSS6.8AI score0.00894EPSS
Exploits0References1
RedHat Linux
RedHat Linux
•added 2024/06/12 4:3 a.m.•32 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.59 bug fix and security update

Red Hat OpenShift Container Platform release 4.12.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

7.5CVSS7.1AI score0.02996EPSS
Exploits0References9
NVD
NVD
•added 2024/06/11 5:15 a.m.•16 views

CVE-2024-36360

OS command injection vulnerability exists in awkblog v0.0.1 commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552 and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the...

9.8CVSS0.01571EPSS
Exploits0References2
CNNVD
CNNVD
•added 2024/06/11 12:0 a.m.•2 views

TOTOLINK AC1200 å®‰å…Øę¼ę“ž

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. The TOTOLINK AC1200 suffers from a buffer overflow vulnerability that originates from the cgi function setNoticeCfg in /lib/cstemodules/system.so that does not check the length of the user input string NoticeUrl,...

7.5CVSS7.2AI score0.00647EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
•added 2024/06/10 9:17 p.m.•66 views

Security Bulletin: Vulnerable netty classes from couchdb affecting IBM Knowledge Catalog for IBM Cloud Pak for Data

Summary There are vulnerabilities in netty classes from couchdb clouseau jar file included in IBM Knowledge Catalog. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafte...

9.1CVSS9.1AI score0.13474EPSS
Exploits3Affected Software1
OSV
OSV
•added 2024/06/10 3:15 p.m.•4 views

CVE-2024-35306

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...

9.8CVSS7.9AI score
Exploits0References1
NVD
NVD
•added 2024/06/10 3:15 p.m.•26 views

CVE-2024-35305

Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through 777...

9.8CVSS0.00374EPSS
Exploits0References1
Rows per page
Query Builder