CVE-2024-36251

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedefsubsel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and...

CVE-2024-36251

The CVE-2024-36251 entry covers Sharp MFP devices whose web interface processes crafted HTTP requests that can crash the device. Specifically, a crafted parameter to billcodedef_sub_sel.html is not processed correctly, causing a device crash. Sources from Red Hat, NVD, CVE list aggregations, and ...

CVE-2024-36251

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedefsubsel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and...

CVE-2024-36251

The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedefsubsel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and...

ProjectSend 安全漏洞

ProjectSend cFTP is the ProjectSend open source suite of self-hosted applications based on PHP and MySQL. A security vulnerability exists in ProjectSend versions prior to r1720, which stems from being affected by an authentication vulnerability that allows a remote, unauthenticated attacker to se...

CVE-2024-6538

CVE-2024-6538 is an OpenShift Console Server‑Side Request Forgery vulnerability. An authenticated user can abuse the /api/dev-console/proxy/internet endpoint to command the console pod to perform arbitrary HTTP(S) requests, potentially reaching services inside the cluster that are not exposed to ...

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

CVE-2024-6538 Openshift-console: openshift console: server-side request forgery

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

PT-2025-16238

Name of the Vulnerable Software and Affected Versions: libsoup affected versions not specified Description: A flaw was found in libsoup, where the soup headers parse request function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP reque...

CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

CVE-2024-11234

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, when using streams with configured proxy and "requestfulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests...

CVE-2024-6538

A flaw was found in OpenShift Console. A Server Side Request Forgery SSRF attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to...

ROS-20241121-04

Vulnerability of authorization plugins AuthZ of the software for automating deployment and management of applications in containerized environments Docker Engine is related to flaws in the AuthZ plugin. application management in containerization-enabled environments Docker Engine is related to...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to the usage of improperly secured regular expressions in the scan and findCharSet methods of the XmlScanner class. By exploiting UCS-4 encoding and encoding guessing techniques, attackers can...

CVE-2020-3538 Cisco Data Center Network Manager Path Traversal Vulnerability

A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager DCNM Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploi...

CVE-2021-1425 Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance SMA could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is bei...

CVE-2021-1465

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP...

CVE-2024-52942

An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting XSS while viewing archived content. This could reflect back to an authenticated user...

CVE-2021-1481

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...

CVE-2021-1481 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management...