5908 matches found
CVE-2023-50330
A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...
Server Side Request Forgery (SSRF)
@fedify/fedify is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by making HTTP requests to internal IP addresses referenced in received activities or media URLs, which allows an attacker to send requests to resources within the Fedify server's internal network...
Realtek rtl819x Jungle SDK boa updateConfigIntoFlash integer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1877 Realtek rtl819x Jungle SDK boa updateConfigIntoFlash integer overflow vulnerability July 8, 2024 CVE Number CVE-2023-45742 SUMMARY An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK...
Realtek rtl819x Jungle SDK boa formWsc OS command injection vulnerabilities
Talos Vulnerability Report TALOS-2023-1899 Realtek rtl819x Jungle SDK boa formWsc OS command injection vulnerabilities July 8, 2024 CVE Number CVE-2023-50381,CVE-2023-50383,CVE-2023-50382 SUMMARY Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x...
Realtek rtl819x Jungle SDK boa formIpQoS stack-based buffer overflow vulnerabilities
Talos Vulnerability Report TALOS-2023-1895 Realtek rtl819x Jungle SDK boa formIpQoS stack-based buffer overflow vulnerabilities July 8, 2024 CVE Number CVE-2023-50243,CVE-2023-50244 SUMMARY Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x...
Realtek rtl819x Jungle SDK boa formFilter stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1875 Realtek rtl819x Jungle SDK boa formFilter stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-49073 SUMMARY A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.1...
Realtek rtl819x Jungle SDK boa getInfo stack-based buffer overflow vulnerability
Talos Vulnerability Report TALOS-2023-1903 Realtek rtl819x Jungle SDK boa getInfo stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-50330 SUMMARY A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A...
Realtek AP-Router SDK Input Validation Error Vulnerability
The Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek of China. An input validation error vulnerability exists in the Realtek AP-Router SDK, which stems from an integer overflow vulnerability in the boa updateConfigIntoFlash function, which can...
PT-2024-13886 · Realtek · Realtek Rtl819X Jungle Sdk
Name of the Vulnerable Software and Affected Versions: Realtek rtl819x Jungle SDK version 3.4.11 Description: Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can se...
The vulnerability of the confighttp and configgrpc modules in the data processing software for OpenTelemetry Collector allows a attacker to cause a service failure.
The vulnerability of the confighttp and configgrpc modules in the OpenTelemetry Collector data processing software arises from memory exhaustion resulting from operations exceeding the buffer limits. Exploiting this vulnerability allows a malicious actor to cause service failures by sending...
CVE-2024-39687
Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has...
CVE-2024-29319
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF Server Side Request Forgery via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls...
CVE-2024-29319
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF Server Side Request Forgery via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls...
PT-2024-37698 · Red Hat · Openshift Console
Name of the Vulnerable Software and Affected Versions: OpenShift Console affected versions not specified Description: A flaw was found in OpenShift Console, allowing a Server Side Request Forgery SSRF attack to occur if an attacker supplies all or part of a URL to the server to query. The server,...
Personal Management System security breach
Personal Management System is a web application for managing personal data by Dariusz Personal Developer. A security vulnerability exists in Personal Management System version 1.4.64, which stems from the presence of a server-side request forgery SSRF vulnerability that causes the server to make...
CVE-2024-4105
A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...
CVE-2024-4105
A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...
CVE-2024-4105
A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...
CVE-2024-4105
CVE-2024-4105 affects Yokogawa FAST/TOOLS and CI Server. The issue is a reflected XSS in the WEB HMI server when processing HTTP requests, which could allow a malicious script to execute in a client browser. Affected products/versions: FAST/TOOLS RVSVRN/UNSVRN/HMIWEB/FTEES/HMIMOB (R9.01–R10.04) a...
CVE-2024-6060
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information...