5908 matches found
LevelOne WBR-6012 Web Application improper resource allocation vulnerability
Talos Vulnerability Report TALOS-2024-1982 LevelOne WBR-6012 Web Application improper resource allocation vulnerability October 30, 2024 CVE Number CVE-2024-31152 SUMMARY The LevelOne WBR-6012 router with firmware R0.40e6 is vulnerable to improper resource allocation within its web application,...
Fortinet FortiWeb OS command injection due to unsafe input validation function (FG-IR-21-166)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-166 advisory. - A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWeb version 6.4....
EulerOS Virtualization 2.12.1 : python-urllib3 (EulerOS-SA-2024-2761)
According to the versions of the python-urllib3 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the...
Fortinet FortiWeb Confused deputy issue on SERVER_NAME causes open proxy flaw (FG-IR-21-123)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-123 advisory. - A unintended proxy or intermediary 'confused deputy' in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows a...
Fortinet FortiWeb xss (FG-IR-21-139)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-139 advisory. - A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWeb version 6.4.1 and...
CVE-2024-47549
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...
CVE-2024-47801
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...
CVE-2024-45829
Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...
CVE-2024-42420
Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed...
CVE-2024-43424
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...
CVE-2024-47801
CVE-2024-47801 affects Sharp and Toshiba Tec MFPs. The vulnerability is a reflected cross-site scripting flaw caused by improper processing of query parameters in HTTP requests, enabling script execution in the user's browser when a crafted URL is opened. Technical details confirm the issue locat...
CVE-2024-47549
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser...
CVE-2024-45842
The CVE-2024-45842 issue affects Sharp and Toshiba Tec MFPs (multifunction printers). Root cause: improper processing of URI data in HTTP PUT requests, leading to a path traversal vulnerability. Impact: unintended internal files may be retrieved when processing crafted HTTP requests. Connected so...
CVE-2024-45829
CVE-2024-45829 affects Sharp and Toshiba Tec MFPs. The issue is an Out-of-bounds Read in the web page used to download data, caused by improper processing of query parameters in HTTP requests. Crafting such requests can crash affected devices. Documents do not provide exploit details or fixed ver...
CVE-2024-45829
Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...
CVE-2024-43424
Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed...
CVE-2024-42420
Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed...
CVE-2024-42420
CVE-2024-42420 affects Sharp and Toshiba Tec MFPs. It involves multiple out-of-bounds read vulnerabilities (CWE-125) caused by improper processing of keyword search input and SOAP messages. Exploitation could be triggered by crafted HTTP requests, potentially crashing affected devices. Remediatio...
CVE-2024-42420
Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed...
Spring Framework < 5.3.41 / 6.0.x < 6.0.25 / 6.1.x < 6.1.14 Multiple Vulnerabilities
The remote host contains a Spring Framework version is affected by a path traversal vulnerability. - Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obta...