Lucene search
K

1453 matches found

Vulnrichment
Vulnrichment
added 2024/11/28 9:20 a.m.11 views

CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

4.6CVSS7.5AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/28 9:20 a.m.14 views

CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x8664/server:5.0.2.7.8.1: before...

4.6CVSS0.00271EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/25 12:0 a.m.5 views

The vulnerability of TOTOLINK A3300R router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to bypass security restrictions and change Wi-Fi passwords.

The vulnerability of TOTOLINK A3300R router microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and change the Wi-Fi password by resetting it on the /wizard.html or...

7.8CVSS7.2AI score0.00537EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2024/11/19 3:51 a.m.2 views

SUSE CVE-2024-49502

A Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container...

3.5CVSS6.6AI score0.00271EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.9 views

openSUSE 15 Security Update : kmail-account-wizard (openSUSE-SU-2024:0353-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2024:0353-1 advisory. - CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files boo1232454, kde487882 Tenable has extracted the precedi...

5.9CVSS6AI score0.0025EPSS
Exploits0References4
OSV
OSV
added 2024/11/06 7:1 p.m.10 views

OPENSUSE-SU-2024:0353-1 Security update for kmail-account-wizard

This update for kmail-account-wizard fixes the following issues: - CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files boo1232454, kde487882...

5.9CVSS5.7AI score0.0025EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2024/11/06 12:0 a.m.9 views

Security update for kmail-account-wizard (moderate)

openSUSE Security Update: Security update for kmail-account-wizard Announcement ID: openSUSE-SU-2024:0353-1 Rating: moderate References: 1232454 Cross-References: CVE-2024-50624 Affected Products: openSUSE Backports SLE-15-SP5 openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability i...

5.9CVSS7.2AI score0.0025EPSS
Exploits0References1
NVD
NVD
added 2024/10/28 12:15 a.m.14 views

CVE-2024-50624

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...

5.9CVSS0.0025EPSS
Exploits0References5
OSV
OSV
added 2024/10/28 12:15 a.m.0 views

DEBIAN-CVE-2024-50624

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...

5.9CVSS5.8AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2024/10/28 12:15 a.m.19 views

CVE-2024-50624

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...

6.4AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/27 12:0 a.m.7 views

CVE-2024-50624

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...

6.7AI score0.0025EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/10/27 12:0 a.m.10 views

CVE-2024-50624

ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is...

5.9CVSS5.8AI score0.0025EPSS
Exploits0
NVD
NVD
added 2024/10/16 7:15 a.m.11 views

CVE-2020-36837

The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the resetwizardactions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there ...

9.9CVSS0.00568EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/16 6:43 a.m.21 views

CVE-2020-36837 ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset

The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the resetwizardactions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if there ...

9.9CVSS0.00568EPSS
Exploits0References4
Citrix
Citrix
added 2024/10/15 12:0 a.m.5 views

All Hosts missing from PVS Desktop Wizard

When trying to create a catalog using the PVS Desktop Wizard, the host list may be empty even though the Delivery Controller you are connecting had Hosts configured. You may also not see the option to add hosts in the PVS console...

7AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-36837

The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the resetwizardactions function in versions 1.3.4 through 1.6.1. This makes it possible for authenticated attackers to reset the WordPress database. After which, if...

9.9CVSS5.8AI score0.00568EPSS
Exploits0References1
OSV
OSV
added 2024/10/07 1:15 a.m.5 views

CVE-2024-9564

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The...

8.8CVSS6.1AI score0.01889EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/10/07 12:0 a.m.3 views

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is the first cloud router from AUO, aimed at home and small office network environments. The D-Link DIR-605L suffers from a buffer overflow vulnerability that originates from the function formWlanWizardSetup in the file /goform/formWlanWizardSetup.An attacker can exploit this...

9CVSS7.5AI score0.01889EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/10/07 12:0 a.m.4 views

D-Link DIR-605L 安全漏洞

The AUO DIR-605L is a wireless router from China's AUO D-Link. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the webpage parameter of the formWlanSetupWizard function in the /goform/formWlanSetupWizard page that fails to correctly validate the length of the...

9CVSS8AI score0.01374EPSS
Exploits1References6
OSV
OSV
added 2024/10/06 4:15 p.m.3 views

CVE-2024-9556

A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. T...

8.8CVSS7.5AI score0.01337EPSS
Exploits1References5
Rows per page
Query Builder