CVE-2020-2891

Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications component: User Interfaces. The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2020-2819

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Administration. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-7755

The EWON FLEXY 202 transmits credentials using a weak encoding method base64. An attacker who is present in the network can sniff the traffic and decode the credentials...

CVE-2024-12648

Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and...

CVE-2024-12649

Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and earlier...

CVE-2024-12647

Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera MF656Cdw/Satera MF654Cdw firmware v05.04 and...

CVE-2024-23842

Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.024.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

CVE-2024-10194

A vulnerability was found in WAVLINK WN530H4, WN530HG4 and WN572HG3 up to 20221028. It has been classified as critical. Affected is the function Gotochidx of the file login.cgi of the component Front-End Authentication Page. The manipulation of the argument wlanUrl leads to stack-based buffer...

CVE-2024-31903

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 allow an attacker on the local network to execute arbitrary code on the system, caused by the deserialization of untrusted data...

CVE-2024-22771

Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.024.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

CVE-2024-22768

Improper Input Validation in Hitron Systems DVR HVR-4781 1.034.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

CVE-2024-22770

Improper Input Validation in Hitron Systems DVR HVR-16781 1.034.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

CVE-2024-22769

Improper Input Validation in Hitron Systems DVR HVR-8781 1.034.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

CVE-2024-22772

Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.024.02 allows an attacker to cause network attack in case of using defalut admin ID/PW...

MariaDB -- DoS vulnerability in InnoDB

MariaDB reports: Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash complete DOS of MySQL...

(Pwn2Own) Canon imageCLASS MF656Cdw listObjects2 Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF656Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper...

CVE-2024-23963 Alpine Halo9 Stack-based Buffer Overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2024-23970 ChargePoint Home Flex Improper Certificate Validation

This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPTSSLVERIFYHOST setting. The issue...

CVE-2024-23968

CVE-2024-23968 (ChargePoint Home Flex) affects the SrvrToSmSetAutoChnlListMsg function. The flaw stems from insufficient validation of user-supplied data length before copying to a fixed-length stack-based buffer, causing a stack-based overflow. This enables network-adjacent attackers to execute ...

CVE-2024-24731

CVE-2024-24731 affects Silicon Labs Gecko OS. The vulnerability is a stack-based buffer overflow in the http_download command caused by insufficient validation of user-supplied data length, enabling network-adjacent attackers to execute arbitrary code with device context and no authentication. Do...