16589 matches found
CVE-2024-20374
Cisco Secure Firewall Management Center (FMC) Command Injection (CVE-2024-20374) affects FMC web-based management interface. The root cause is insufficient input validation of certain HTTP request parameters, enabling an authenticated administrator to execute arbitrary commands on the underlying ...
CVE-2024-20340
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability,...
CVE-2024-20275
A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to...
CVE-2024-20340
The CVE-2024-20340 issue affects Cisco Secure Firewall Management Center (formerly Firepower FMC) web-based management. The vulnerability is an SQL injection caused by insufficient validation of user-supplied input in the FMC web interface, exploitable by an authenticated attacker who has a valid...
CVE-2024-20340
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability,...
CVE-2024-20340
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability,...
CVE-2024-20275
Cisco Secure Firewall Management Center (FMC) Software’s cluster backup feature is vulnerable due to insufficient validation of data from the web-based management interface. An authenticated user with Network Administrator privileges could trigger a near-user action (cluster backup) to cause the ...
CVE-2024-20275 Cisco Secure Firewall Management Center Software Backup Cluster Command Injection Vulnerability
A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to...
CVE-2024-20275 Cisco Secure Firewall Management Center Software Backup Cluster Command Injection Vulnerability
A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to...
Cisco Secure Firewall Management Center Software SQL Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability,...
Cisco Secure Firewall Management Center Software Command Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating...
Cisco Secure Firewall Management Center Software Cluster Backup Command Injection Vulnerability
A vulnerability in the cluster backup feature of Cisco Secure Firewall Management Center FMC Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to...
The vulnerability of the application software interface of the Trend Micro Cloud Edge device for comprehensive network security management allows a perpetrator to execute arbitrary code.
The vulnerability of the application software interface of the Trend Micro Cloud Edge device for comprehensive network security management is related to the failure to take measures for data cleaning at the management level. Exploiting this vulnerability allows a malicious actor to execute...
CVE-2024-40088
A Directory Traversal vulnerability in the Boa webserver of Vilo 5 Mesh WiFi System = 5.16.1.33 allows remote, unauthenticated attackers to enumerate the existence and length of any file in the filesystem by placing malicious payloads in the path of any HTTP request...
CVE-2024-43689
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed...
CVE-2024-43689
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed...
CVE-2024-43689
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed...
CVE-2024-43689
CVE-2024-43689 describes a stack-based buffer overflow in ELECOM wireless access points/routers triggered by processing a crafted HTTP request, potentially enabling arbitrary code execution. Affected products and versions (per connected sources): WRC-X3000GS2-B/W/GS2A-B before 1.09; WAB-I1750-PS ...
CVE-2024-43689
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed...
OESA-2024-2259 rubygem-puma security update
A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request...