Lucene search
K

156 matches found

Prion
Prion
added 2023/05/11 1:15 p.m.23 views

Authentication flaw

Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger unauthorized access to the product. :Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier...

5CVSS5.3AI score0.0057EPSS
Exploits0References4Affected Software45
Cvelist
Cvelist
added 2023/05/11 12:0 a.m.31 views

CVE-2023-0852

Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C...

9.8CVSS10AI score0.01139EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/05/11 12:0 a.m.37 views

CVE-2023-0855

Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF740C...

9.8CVSS10AI score0.01139EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.3 views

SUSE CVE-2020-12695

The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue...

7.5CVSS6.9AI score0.15193EPSS
Exploits3References10
Saint
Saint
added 2023/02/10 12:0 a.m.253 views

VMware ESXi OpenSLP heap overflow

Added: 02/10/2023 Background VMware ESXi is a bare metal hypervisor. Problem A heap overflow vulnerability in the OpenSLP service could allow an attacker on the same network segment to execute arbitrary commands. Resolution Upgrade to a fixed version referenced in VMSA-2021-0002 or disable the SL...

8.1AI score
Exploits0
NVD
NVD
added 2022/12/16 8:15 p.m.29 views

CVE-2022-47208

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication...

8.8CVSS0.01203EPSS
Exploits0References1
Prion
Prion
added 2022/12/16 8:15 p.m.16 views

Command injection

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication...

5.8CVSS9.3AI score0.01203EPSS
Exploits0References1Affected Software6
Vulnrichment
Vulnrichment
added 2022/12/16 12:0 a.m.8 views

CVE-2022-47208

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication...

9.3AI score0.01203EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/16 12:0 a.m.41 views

CVE-2022-47208

The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication...

9.5AI score0.01203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.8 views

PT-2022-16842 · Haas · Haas Controller

Name of the Vulnerable Software and Affected Versions: Haas Controller version 100.20.000.1110 Description: The issue concerns the "Ethernet Q Commands" service in the Haas Controller, where authentication is currently unsupported. This allows any user on the same network segment as the controlle...

9.8CVSS7.8AI score0.00673EPSS
Exploits0References3
CERT
CERT
added 2022/09/27 12:0 a.m.57 views

L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers

Overview Layer-2 L2 network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service DoS or to perform a...

4.7CVSS4.9AI score0.0069EPSS
Exploits1References14
NVD
NVD
added 2022/07/23 12:15 a.m.17 views

CVE-2022-1128

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page...

6.5CVSS0.0059EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/07/22 11:36 p.m.37 views

CVE-2022-1128

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page...

6.5CVSS7.2AI score0.0059EPSS
Exploits1
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.6 views

Oracle MySQL 缓冲区错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and MySQL Connectors is one of the drivers that connects to applications that use MySQL. The vulnerability allows a highly privileged attacker to...

2.9CVSS7.4AI score0.0175EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/03/29 12:0 a.m.56 views

FreeBSD : chromium -- multiple vulnerabilities (ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ec)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ec advisory. - Use after free in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who...

8.8CVSS7.6AI score0.01613EPSS
Exploits17References22
Tenable Nessus
Tenable Nessus
added 2022/02/07 12:0 a.m.20 views

Rockwell Automation Flex IO Classic Buffer Overflow (CVE-2020-6088)

An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen- Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS7.2AI score0.03454EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/01/19 12:15 p.m.8 views

CVE-2022-21279

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physica...

6.3CVSS6.7AI score0.78951EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/06/16 2:15 p.m.24 views

Code injection

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based...

3.3CVSS6.4AI score0.00419EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2021/06/16 1:8 p.m.33 views

CVE-2020-8299

Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based...

6.4AI score0.00419EPSS
Exploits0References1
Citrix
Citrix
added 2021/06/08 11:6 a.m.101 views

Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliance Security Update

Multiple vulnerabilities have been discovered in Citrix ADCformerly known as NetScaler ADC, Citrix Gateway formerly known as NetScaler Gateway, and Citrix SD-WAN WANOP Edition appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited,could result in the followin...

6.5CVSS0.5AI score0.0301EPSS
Exploits1Affected Software5
Rows per page
Query Builder