Lucene search
K

5908 matches found

Cvelist
Cvelist
added 2024/07/08 3:22 p.m.27 views

CVE-2023-50330

A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...

7.2CVSS0.01101EPSS
Exploits0References1
Veracode
Veracode
added 2024/07/08 7:3 a.m.12 views

Server Side Request Forgery (SSRF)

@fedify/fedify is vulnerable to Server Side Request Forgery SSRF. The vulnerability is caused by making HTTP requests to internal IP addresses referenced in received activities or media URLs, which allows an attacker to send requests to resources within the Fedify server's internal network...

7.2CVSS7AI score0.006EPSS
Exploits0References6Affected Software1
Talos
Talos
added 2024/07/08 12:0 a.m.20 views

Realtek rtl819x Jungle SDK boa updateConfigIntoFlash integer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1877 Realtek rtl819x Jungle SDK boa updateConfigIntoFlash integer overflow vulnerability July 8, 2024 CVE Number CVE-2023-45742 SUMMARY An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK...

7.2CVSS7.5AI score0.01178EPSS
Exploits1
Talos
Talos
added 2024/07/08 12:0 a.m.52 views

Realtek rtl819x Jungle SDK boa formWsc OS command injection vulnerabilities

Talos Vulnerability Report TALOS-2023-1899 Realtek rtl819x Jungle SDK boa formWsc OS command injection vulnerabilities July 8, 2024 CVE Number CVE-2023-50381,CVE-2023-50383,CVE-2023-50382 SUMMARY Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x...

7.2CVSS8AI score0.03195EPSS
Exploits1
Talos
Talos
added 2024/07/08 12:0 a.m.29 views

Realtek rtl819x Jungle SDK boa formIpQoS stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1895 Realtek rtl819x Jungle SDK boa formIpQoS stack-based buffer overflow vulnerabilities July 8, 2024 CVE Number CVE-2023-50243,CVE-2023-50244 SUMMARY Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x...

7.2CVSS8AI score0.01413EPSS
Exploits2
Talos
Talos
added 2024/07/08 12:0 a.m.22 views

Realtek rtl819x Jungle SDK boa formFilter stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1875 Realtek rtl819x Jungle SDK boa formFilter stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-49073 SUMMARY A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.1...

7.2CVSS7.6AI score0.00893EPSS
Exploits0
Talos
Talos
added 2024/07/08 12:0 a.m.36 views

Realtek rtl819x Jungle SDK boa getInfo stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1903 Realtek rtl819x Jungle SDK boa getInfo stack-based buffer overflow vulnerability July 8, 2024 CVE Number CVE-2023-50330 SUMMARY A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A...

7.2CVSS7.6AI score0.01101EPSS
Exploits0
CNNVD
CNNVD
added 2024/07/08 12:0 a.m.5 views

Realtek AP-Router SDK Input Validation Error Vulnerability

The Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek of China. An input validation error vulnerability exists in the Realtek AP-Router SDK, which stems from an integer overflow vulnerability in the boa updateConfigIntoFlash function, which can...

7.2CVSS7.9AI score0.01178EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/08 12:0 a.m.6 views

PT-2024-13886 · Realtek · Realtek Rtl819X Jungle Sdk

Name of the Vulnerable Software and Affected Versions: Realtek rtl819x Jungle SDK version 3.4.11 Description: Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can se...

7.2CVSS8.3AI score0.01413EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2024/07/08 12:0 a.m.3 views

The vulnerability of the confighttp and configgrpc modules in the data processing software for OpenTelemetry Collector allows a attacker to cause a service failure.

The vulnerability of the confighttp and configgrpc modules in the OpenTelemetry Collector data processing software arises from memory exhaustion resulting from operations exceeding the buffer limits. Exploiting this vulnerability allows a malicious actor to cause service failures by sending...

8.5CVSS5.6AI score0.00994EPSS
Exploits1References5Affected Software3
NVD
NVD
added 2024/07/05 6:15 p.m.21 views

CVE-2024-39687

Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the @id or other resources present within the activity it has...

7.2CVSS0.006EPSS
Exploits0References3
NVD
NVD
added 2024/07/05 4:15 p.m.26 views

CVE-2024-29319

Volmarg Personal Management System 1.4.64 is vulnerable to SSRF Server Side Request Forgery via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls...

9.8CVSS0.00385EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/05 12:0 a.m.16 views

CVE-2024-29319

Volmarg Personal Management System 1.4.64 is vulnerable to SSRF Server Side Request Forgery via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls...

6.8AI score0.00385EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/05 12:0 a.m.2 views

PT-2024-37698 · Red Hat · Openshift Console

Name of the Vulnerable Software and Affected Versions: OpenShift Console affected versions not specified Description: A flaw was found in OpenShift Console, allowing a Server Side Request Forgery SSRF attack to occur if an attacker supplies all or part of a URL to the server to query. The server,...

8.1CVSS6.1AI score0.03001EPSS
Exploits3References39
CNNVD
CNNVD
added 2024/07/05 12:0 a.m.3 views

Personal Management System security breach

Personal Management System is a web application for managing personal data by Dariusz Personal Developer. A security vulnerability exists in Personal Management System version 1.4.64, which stems from the presence of a server-side request forgery SSRF vulnerability that causes the server to make...

9.8CVSS6.8AI score0.00385EPSS
Exploits1References2
NVD
NVD
added 2024/06/26 6:15 a.m.20 views

CVE-2024-4105

A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...

5.8CVSS0.00477EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/26 5:25 a.m.36 views

CVE-2024-4105

A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...

5.8CVSS0.00477EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/26 5:25 a.m.13 views

CVE-2024-4105

A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw Reflected XSS that allows the execution of malicious scripts. Therefore, if a client PC with inadequate security measures accesses a product UR...

5.8CVSS6.9AI score0.00477EPSS
Exploits0References1
CVE
CVE
added 2024/06/26 5:25 a.m.48 views

CVE-2024-4105

CVE-2024-4105 affects Yokogawa FAST/TOOLS and CI Server. The issue is a reflected XSS in the WEB HMI server when processing HTTP requests, which could allow a malicious script to execute in a client browser. Affected products/versions: FAST/TOOLS RVSVRN/UNSVRN/HMIWEB/FTEES/HMIMOB (R9.01–R10.04) a...

5.8CVSS6.9AI score0.00477EPSS
Exploits0References1
NVD
NVD
added 2024/06/25 10:15 p.m.14 views

CVE-2024-6060

An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information...

9.3CVSS0.00183EPSS
Exploits0References2
Rows per page
Query Builder