Lucene search
K

16601 matches found

Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.4 views

PT-2023-5068 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is caused by a buffer overflow in the set dmvpn function of the Milesight UR32L router's firmware, which can be exploited by a remote attacker to execute arbitrary code. A specially...

8.3CVSS7.4AI score0.01318EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.5 views

PT-2023-5151 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L versions 32.3.0.5 Description: The issue is caused by a buffer overflow vulnerability in the set qos function of the Milesight UR32L's vtysh ubus binary, due to the use of an unsafe sprintf pattern. This can be exploited by...

9CVSS7.3AI score0.01318EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.4 views

PT-2023-19361 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: A stack-based buffer overflow issue exists in the security decrypt password functionality of the libzebra.so.0.0.0 library. This can be triggered by a specially crafted HTTP request, potentially...

8.8CVSS9AI score0.01285EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.8 views

PT-2023-5091 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: The issue is caused by multiple buffer overflow vulnerabilities in the vtysh ubus binary due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code...

8.3CVSS7.5AI score0.01318EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.6 views

PT-2023-5077 · Milesight · Milesight Ur32L

Name of the Vulnerable Software and Affected Versions: Milesight UR32L version 32.3.0.5 Description: Multiple buffer overflow vulnerabilities exist in the vtysh ubus binary due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An...

8.3CVSS7.5AI score0.01318EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.5 views

Milesight UR32L 缓冲区错误漏洞

The Milesight UR32L is a 4G industrial router from China-based Milesight. A security vulnerability exists in the Milesight UR32L version v32.3.0.5, which stems from the use of an insecure sprintf pattern. An attacker could exploit the vulnerability to cause a buffer overflow via a specially craft...

7.2CVSS7.4AI score0.01318EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.6 views

Milesight VPN 安全漏洞

Milesight VPN is a web-based VPN monitoring and management platform from China-based Milesight. A security vulnerability exists in Milesight VPN v2.0.2. An attacker can exploit this vulnerability to cause arbitrary Javascript code injection via a specially crafted HTTP request...

4.7CVSS7.5AI score0.00652EPSS
Exploits1References2
Talos
Talos
added 2023/07/06 12:0 a.m.61 views

Milesight MilesightVPN requestHandlers.js detail_device cross-site scripting (XSS) vulnerabilities

Talos Vulnerability Report TALOS-2023-1704 Milesight MilesightVPN requestHandlers.js detaildevice cross-site scripting XSS vulnerabilities July 6, 2023 CVE Number CVE-2023-24497,CVE-2023-24496 SUMMARY Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice...

4.7CVSS5.7AI score0.00652EPSS
Exploits2
Talos
Talos
added 2023/07/06 12:0 a.m.114 views

Milesight UR32L vtysh_ubus sprintf pattern buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1716 Milesight UR32L vtyshubus sprintf pattern buffer overflow vulnerabilities July 6, 2023 CVE Number...

7.2CVSS8.4AI score0.01405EPSS
Exploits44
Talos
Talos
added 2023/07/06 12:0 a.m.57 views

Milesight UR32L vtysh_ubus tcpdump_start_cb OS command injection vulnerability

Talos Vulnerability Report TALOS-2023-1714 Milesight UR32L vtyshubus tcpdumpstartcb OS command injection vulnerability July 6, 2023 CVE Number CVE-2023-22653 SUMMARY An OS command injection vulnerability exists in the vtyshubus tcpdumpstartcb functionality of Milesight UR32L v32.3.0.5. A speciall...

8.8CVSS8.8AI score0.06834EPSS
Exploits1
Talos
Talos
added 2023/07/06 12:0 a.m.45 views

Milesight UR32L libzebra.so security_decrypt_password buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1715 Milesight UR32L libzebra.so securitydecryptpassword buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-24018 SUMMARY A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesigh...

8.8CVSS8.8AI score0.01285EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/05 7:13 p.m.51 views

Security Bulletin: ICP Match 360 is vulnerable to the following CVEs

Summary ICP Match 360 is vulnerable to the following CVEs CVE-2022-3697, CVE-2022-41721, CVE-2022-41723, CVE-2015-3627, CVE-2022-23471, CVE-2023-25153, CVE-2023-25173 Vulnerability Details CVEID:CVE-2022-3697 DESCRIPTION: Ansible Collections Amazon AWS Collection could allow a remote attacker to...

7.8CVSS8.2AI score0.04561EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2023/07/05 3:18 p.m.28 views

CVE-2023-30589

A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

7.5CVSS7.5AI score0.03906EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.44 views

EulerOS 2.0 SP11 : httpd (EulerOS-SA-2023-2271)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affect...

9.8CVSS7AI score0.8377EPSS
Exploits5References3
Packet Storm
Packet Storm
added 2023/07/03 12:0 a.m.180 views

Prestashop 8.0.4 Cross Site Scripting

Exploit Title: Prestashop 8.0.4 - Cross-Site Scripting XSS Application: prestashop Version: 8.0.4 Bugs: Stored XSS Technology: PHP Vendor URL: https://prestashop.com/ Software Link: https://prestashop.com/prestashop-edition-basic/ Date of found: 30.06.2023 Author: Mirabbas Ağalarov Tested on: Lin...

7.1AI score
Exploits0
OSV
OSV
added 2023/07/01 12:30 a.m.34 views

GHSA-CGGH-PQ45-6H9X llhttp vulnerable to HTTP request smuggling

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.2AI score0.03906EPSS
Exploits1References13
Github Security Blog
Github Security Blog
added 2023/07/01 12:30 a.m.52 views

llhttp vulnerable to HTTP request smuggling

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.7AI score0.03906EPSS
Exploits1References13Affected Software1
OSV
OSV
added 2023/07/01 12:15 a.m.9 views

AZL-27278 CVE-2023-30589 affecting package nodejs for versions less than 16.20.1-2

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References1
OSV
OSV
added 2023/07/01 12:15 a.m.6 views

AZL-27279 CVE-2023-30589 affecting package nodejs18 for versions less than 18.17.1-2

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS6.9AI score0.03906EPSS
Exploits1References1
OSV
OSV
added 2023/07/01 12:15 a.m.38 views

CVE-2023-30589

The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS. The CR character without LF is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only th...

7.5CVSS7.2AI score
Exploits0References10
Rows per page
Query Builder