16603 matches found
CVE-2024-37040
CWE-120: Buffer Copy without Checking Size of Input āClassic Buffer Overflowā vulnerability exists that could allow a user with access to the deviceās web interface to cause a fault on the device when sending a malformed HTTP request...
CVE-2024-37039
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...
CVE-2024-37039
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...
CVE-2024-37037
CWE-22: Improper Limitation of a Pathname to a Restricted Directory āPath Traversalā vulnerability exists that could allow an authenticated user with access to the deviceās web interface to corrupt files and impact device functionality when sending a crafted HTTP request...
CVE-2024-37040
CVE-2024-37040 is associated with Schneider Electric Sage RTU devices. The vulnerability stems from a buffer copy without checking input size in the web interface, described as a classic Buffer Overflow (CWE-120). A malformed HTTP request could cause a fault in the device. Connected sources corro...
CVE-2024-37040
CWE-120: Buffer Copy without Checking Size of Input āClassic Buffer Overflowā vulnerability exists that could allow a user with access to the deviceās web interface to cause a fault on the device when sending a malformed HTTP request...
CVE-2024-37039
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...
CVE-2024-37039
CWE-252: Unchecked Return Value vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request...
CVE-2024-37039
CVE-2024-37039 affects Schneider Electric Sage RTU devices. The root cause is an unchecked return value (CWE-252) which could allow an attacker to cause a denial of service by sending specially crafted HTTP requests to the deviceās web interface. In published references, the vulnerability is asso...
CVE-2024-37037
CWE-22: Improper Limitation of a Pathname to a Restricted Directory āPath Traversalā vulnerability exists that could allow an authenticated user with access to the deviceās web interface to corrupt files and impact device functionality when sending a crafted HTTP request...
CVE-2024-37037
CVE-2024-37037 concerns a path traversal vulnerability in Schneider Electric Sage RTU devices. The authenticated attacker, with access to the device web interface, can exploit an improper limitation of a pathname to a restricted directory via a crafted HTTP request to corrupt files and impact dev...
CVE-2024-5560
CVE-2024-5560 affects Schneider Electric Sage RTUs, with an out-of-bounds read in the web interface that could cause DoS when a specially crafted HTTP request is sent. Multiple connected sources describe the issue as a vulnerability in the Sage RTU/web interface, linked to CWE-125 (Out-of-bounds ...
CVE-2024-5560
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the deviceās web interface when an attacker sends a specially crafted HTTP request...
CVE-2024-5560
CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service of the deviceās web interface when an attacker sends a specially crafted HTTP request...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.59 bug fix and security update
Red Hat OpenShift Container Platform release 4.12.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...
CVE-2024-36360
OS command injection vulnerability exists in awkblog v0.0.1 commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552 and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed with the privileges of the affected product on the...
TOTOLINK AC1200 å®å Øę¼ę“
TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. The TOTOLINK AC1200 suffers from a buffer overflow vulnerability that originates from the cgi function setNoticeCfg in /lib/cstemodules/system.so that does not check the length of the user input string NoticeUrl,...
Security Bulletin: Vulnerable netty classes from couchdb affecting IBM Knowledge Catalog for IBM Cloud Pak for Data
Summary There are vulnerabilities in netty classes from couchdb clouseau jar file included in IBM Knowledge Catalog. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafte...
CVE-2024-35306
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...
CVE-2024-35305
Unauth Time-Based SQL Injection in API allows to exploit HTTP request Authorization header. This issue affects Pandora FMS: from 700 through 777...