Lucene search
K

5908 matches found

Vulnrichment
Vulnrichment
added 2024/07/17 4:27 p.m.50 views

CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS7.8AI score0.80767EPSS
Exploits3References2
Cvelist
Cvelist
added 2024/07/17 4:27 p.m.37 views

CVE-2024-20419

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS0.80767EPSS
Exploits3References2
Cisco
Cisco
added 2024/07/17 4:0 p.m.49 views

Cisco Smart Software Manager On-Prem Password Change Vulnerability

A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process...

10CVSS9.9AI score0.80767EPSS
Exploits3References1
Veracode
Veracode
added 2024/07/16 8:34 a.m.18 views

Denial Of Service (DoS)

golang.org/x/net is vulnerable to Denial Of Service DoS. The vulnerability is due to the client mishandling cases where a server responds with a non-informational status, which leaves the client connection in an invalid state. Attackers can exploit this by sending "Expect: 100-continue" requests ...

7.5CVSS6.8AI score0.01414EPSS
Exploits0References8Affected Software2
Veracode
Veracode
added 2024/07/16 5:50 a.m.13 views

Information Disclosure

fastapi-opa is vulnerable to Information Disclosure. The vulnerability is due to lack of authentication enforcement for HTTP OPTIONS requests by OpaMiddleware, allowing an unauthenticated attacker to determine the existence of entities within the application based on the responses to these reques...

5.8CVSS7AI score0.00563EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/07/15 3:15 a.m.23 views

CVE-2024-39740

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009...

5.3CVSS0.00371EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/15 12:0 a.m.4 views

PT-2024-27009 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM system affected versions not specified Description: An improper input validation in the PAM system allows an unauthenticated attacker to achieve remote command execution by sending a specially crafted HTTP request. Recommendations: At the...

9.4CVSS7.4AI score0.00475EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/11 8:40 p.m.34 views

CVE-2024-6468 Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior

Vault and Vault Enterprise did not properly handle requests originating from unauthorized IP addresses when the TCP listener option, proxyprotocolbehavior, was set to denyunauthorized. When receiving a request from a source IP address that was not listed in proxyprotocolauthorizedaddrs, the Vault...

7.5CVSS0.00491EPSS
Exploits0References1
Talos Blog
Talos Blog
added 2024/07/10 4:0 p.m.44 views

15 vulnerabilities discovered in software development kit for wireless routers

Cisco Talos Vulnerability Research team recently discovered 15 vulnerabilities in the Realtek rtl819x Jungle software development kit used in some small and home office wireless routers. This SDK uses the discontinued, open-source Boa as its web server. Talos researchers discovered these...

9.8CVSS9.1AI score0.26288EPSS
Exploits9
Vulnrichment
Vulnrichment
added 2024/07/09 3:33 p.m.18 views

CVE-2024-21759

An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests...

4.3CVSS7.1AI score0.00294EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.4 views

PT-2024-5966 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2310 Hardware A Firmware 1.16RC028 Description: The issue is related to a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server. This allows remote attackers to execute arbitrar...

10CVSS8.3AI score0.0095EPSS
Exploits0References10
NVD
NVD
added 2024/07/08 4:15 p.m.17 views

CVE-2023-50382

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...

7.2CVSS0.01929EPSS
Exploits0References2
NVD
NVD
added 2024/07/08 4:15 p.m.16 views

CVE-2023-50330

A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...

7.2CVSS0.01101EPSS
Exploits0References2
OSV
OSV
added 2024/07/08 4:15 p.m.3 views

CVE-2023-50243

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

7.2CVSS6.4AI score0.01413EPSS
Exploits1References2
NVD
NVD
added 2024/07/08 4:15 p.m.18 views

CVE-2023-50381

Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This comman...

7.2CVSS0.03195EPSS
Exploits1References2
OSV
OSV
added 2024/07/08 4:15 p.m.4 views

CVE-2023-50330

A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...

7.2CVSS6.4AI score0.01101EPSS
Exploits0References2
NVD
NVD
added 2024/07/08 4:15 p.m.26 views

CVE-2023-50244

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

7.2CVSS0.01413EPSS
Exploits1References2
NVD
NVD
added 2024/07/08 4:15 p.m.23 views

CVE-2023-50243

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

7.2CVSS0.01413EPSS
Exploits1References2
OSV
OSV
added 2024/07/08 4:15 p.m.4 views

CVE-2023-50244

Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This...

7.2CVSS6.4AI score0.01413EPSS
Exploits1References2
NVD
NVD
added 2024/07/08 4:15 p.m.23 views

CVE-2023-49867

A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...

7.2CVSS0.01101EPSS
Exploits0References2
Rows per page
Query Builder