Lucene search
K

168 matches found

OSV
OSV
added 2025/03/06 3:54 p.m.10 views

CVE-2024-58061 wifi: mac80211: prohibit deactivating all links

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: prohibit deactivating all links In the internal API this calls this is a WARNON, but that should remain since internally we want to know about bugs that may cause this. Prevent deactivating all links in the debugf...

5.5CVSS6.1AI score0.00166EPSS
Exploits0References9
Veracode
Veracode
added 2025/02/11 6:59 a.m.9 views

Remote Code Execution (RCE)

mitmproxy is vulnerable to Remote Code Execution RCE. The vulnerability is due to mitmweb's proxy server allowing access to its internal API, allowing an attacker to perform SSRF and potentially escalate to remote code execution...

8.2CVSS7.5AI score0.00817EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/08 6:23 p.m.11 views

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS7.5AI score0.00817EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/08 3:47 a.m.3 views

SUSE CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS8.2AI score0.00817EPSS
Exploits0References3
OSV
OSV
added 2025/02/06 6:15 p.m.2 views

DEBIAN-CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS5.9AI score0.00817EPSS
Exploits0References1
OSV
OSV
added 2025/02/06 6:15 p.m.1 views

UBUNTU-CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS6AI score0.00817EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/02/06 5:32 p.m.8 views

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS5.9AI score0.00817EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/02/06 5:32 p.m.1 views

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malicious client can use mitmweb's proxy server bound to :8080 by default to access mitmweb's internal...

8.2CVSS8.1AI score0.00817EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.5 views

PT-2025-5851 · Mitmproxy +3 · Mitmproxy +3

Name of the Vulnerable Software and Affected Versions: mitmweb versions 11.1.1 and below mitmproxy versions 11.1.1 and below Description: A malicious client can use mitmweb's proxy server to access mitmweb's internal API, potentially leading to remote code execution. The mitmproxy and mitmdump...

9.8CVSS8.3AI score0.9077EPSS
Exploits6References24
RedhatCVE
RedhatCVE
added 2025/02/05 1:49 a.m.6 views

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

8.2CVSS7.3AI score0.0043EPSS
Exploits0References1
NVD
NVD
added 2024/11/29 8:15 a.m.29 views

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

8.2CVSS0.0043EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/29 7:1 a.m.13 views

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

8.2CVSS7.3AI score0.0043EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/29 7:1 a.m.38 views

CVE-2024-11481

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints...

8.2CVSS0.0043EPSS
Exploits0References1
NVD
NVD
added 2024/06/14 4:15 a.m.30 views

CVE-2024-27168

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL...

7.1CVSS0.00286EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/14 3:53 a.m.25 views

CVE-2024-27168 Hardcoded keys used to generate authentication cookies

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the affected products/models/versions, see the reference URL...

7.1CVSS0.00286EPSS
Exploits1References4
CVE
CVE
added 2024/06/14 3:53 a.m.99 views

CVE-2024-27168

CVE-2024-27168 involves hardcoded keys used to generate authentication cookies for internal APIs on Toshiba e‑STUDIO/MFP devices. Connected sources describe that private keys may let an attacker bypass authentication and reach the administrative interfaces, enabling information disclosure or cont...

7.1CVSS7.4AI score0.00286EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/06/14 3:40 a.m.18 views

CVE-2024-27163 Leak of admin password and passwords

Toshiba printers will display the password of the admin user in clear-text and additional passwords when sending 2 specific HTTP requests to the internal API. An attacker stealing the cookie of an admin or abusing a XSS vulnerability can recover this password in clear-text and compromise the...

6.5CVSS6.6AI score0.0042EPSS
Exploits1References4
CVE
CVE
added 2024/06/14 3:40 a.m.85 views

CVE-2024-27163

CVE-2024-27163 affects Toshiba printers (notably MFPs/e-Studio). It exposes admin passwords (and additional passwords) in clear-text when two specific HTTP requests are sent to the internal API; an attacker who can steal an admin cookie or exploit XSS can recover these passwords and compromise th...

6.5CVSS6.9AI score0.0042EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/13 12:0 a.m.4 views

PT-2024-22652 · Dell · Dell Scg

Name of the Vulnerable Software and Affected Versions: Dell SCG versions prior to 5.24.00.00 Description: The issue is related to an Improper Access Control vulnerability in the SCG exposed for an internal update REST API. This API is only accessible if enabled by an Admin user from the UI. A...

4.3CVSS7.3AI score0.00424EPSS
Exploits0References3
OSV
OSV
added 2024/03/22 12:19 a.m.10 views

MGASA-2024-0079 Updated libuv packages fix security vulnerability

It was discovered that the uvgetaddrinfo function in libuv, an asynchronous event notification library, incorrectly truncated certain hostnames, which may result in bypass of security measures on internal APIs or SSRF attacks. CVE-2024-24806...

7.3CVSS7.1AI score0.02003EPSS
Exploits1References5
Rows per page
Query Builder