Lucene search
K

5909 matches found

Vulnrichment
Vulnrichment
added 2024/04/09 2:12 p.m.23 views

CVE-2023-49909

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS7.9AI score0.01822EPSS
Exploits1References1
CVE
CVE
added 2024/04/09 2:12 p.m.71 views

CVE-2023-49909

Talos reports a stack-based buffer overflow in Tp-Link AC1350 (EAP225 V3) Web UI, specifically in the Radio Scheduling endpoint. The vulnerability (CVE-2023-49909) is triggered by crafted POST requests to /data/scheduler.association.json with operation not equal to read or load (commonly operatio...

8.8CVSS7.8AI score0.01822EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/04/09 2:12 p.m.24 views

CVE-2023-49910

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS7.6AI score0.01822EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/09 2:12 p.m.21 views

CVE-2023-49908

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS7.9AI score0.01822EPSS
Exploits1References1
CVE
CVE
added 2024/04/09 2:12 p.m.63 views

CVE-2023-49908

CVE-2023-49908 affects Tp-Link AC1350 (EAP225 V3) with firmware v5.1.0 Build 20220926. The flaw is a stack-based buffer overflow in the web interface Radio Scheduling via the POST endpoint /data/scheduler.association.json, specifically involving the profile parameter. An authenticated attacker ca...

8.8CVSS7.8AI score0.01822EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/04/09 2:12 p.m.23 views

CVE-2023-49908

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS7.6AI score0.01822EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/09 2:12 p.m.15 views

CVE-2023-49906

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS7.9AI score0.01919EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/09 2:12 p.m.28 views

CVE-2023-49907

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS7.6AI score0.01822EPSS
Exploits1References1
CVE
CVE
added 2024/04/09 2:12 p.m.58 views

CVE-2023-49913

CVE-2023-49913 affects TP-Link AC1350 family (EAP225 V3) and EAP115, décrit comme une overflow de pile dans l’interface web Radio Scheduling via la fonction POST /data/scheduler.association.json. L’exploitation exige une requête authentifiée et peut survenir lorsque l’opération ne vaut pas read/l...

8.8CVSS7.8AI score0.01919EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/04/09 2:12 p.m.22 views

CVE-2023-49913

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS7.6AI score0.01919EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2024/04/09 11:15 a.m.28 views

K000139229: Tempesta vulnerability CVE-2024-2758

Security Advisory Description Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately. CVE-2024-2758 Impact There is no impact; F5 products are not affected by this...

6.3CVSS8.2AI score0.7275EPSS
Exploits0
CNNVD
CNNVD
added 2024/04/09 12:0 a.m.2 views

Fortinet FortiSandbox 路径遍历漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, a dynamic threat intelligence system, real-time control panel and reporting, and more. A path traversal vulnerability exists in Fortinet FortiSandbox...

6.5CVSS6.3AI score0.00858EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/04/08 8:54 a.m.1 views

nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of...

7.5CVSS7.1AI score0.03168EPSS
Exploits0References4
Redos
Redos
added 2024/04/05 12:0 a.m.31 views

ROS-20240405-12

A vulnerability in the Commons FileUpload component of Apache Tomcat application server exists due to incomplete cleanup of temporary or auxiliary resources. clearing of temporary or auxiliary resources. Exploitation of the vulnerability could allow an attacker , acting remotely, to cause a denia...

7.5CVSS6.5AI score0.05848EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2024/04/04 3:23 p.m.2 views

undertow: directory traversal vulnerability

A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories...

5.3CVSS7.1AI score0.01714EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/04/04 1:6 p.m.20 views

CVE-2024-2758

Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately...

7AI score0.7275EPSS
Exploits0References4
NVD
NVD
added 2024/04/03 6:15 p.m.19 views

CVE-2024-2758

Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately...

6.3CVSS6.5AI score0.7275EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/04/03 5:17 p.m.12 views

CVE-2024-2758 CVE-2024-2758

Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately...

6.9AI score0.7275EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/04/03 5:17 p.m.27 views

CVE-2024-2758 CVE-2024-2758

Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately...

7.7AI score0.7275EPSS
Exploits0References3
CVE
CVE
added 2024/04/03 5:17 p.m.105 views

CVE-2024-2758

CVE-2024-2758 concerns Tempesta FW. The vulnerability stems from how HTTP/2 CONTINUATION frames are handled when rate limits are not enabled by default, enabling potential denial-of-service via excessive CONTINUATION traffic (OOM/CPU exhaustion depending on implementation). The initial descriptio...

6.3CVSS6.5AI score0.7275EPSS
Exploits0References3
Rows per page
Query Builder