741
|
6.5 |
MEDIUM
Network
|
cisco
|
ata_191_firmware ata_192_firmware
|
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery…
Update
|
CWE-352
Origin Validation Error
|
CVE-2024-20421
|
2024-10-23 02:51 |
2024-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
742
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit…
Update
|
CWE-362
Race Condition
|
CVE-2022-2742
|
2024-10-23 02:35 |
2023-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
743
|
- |
|
-
|
-
|
The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['…
Update
|
CWE-77
Command Injection
|
CVE-2024-10131
|
2024-10-23 02:15 |
2024-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
744
|
6.5 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may …
Update
|
CWE-457
Use of Uninitialized Variable
|
CVE-2024-9355
|
2024-10-23 02:15 |
2024-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
745
|
7.5 |
HIGH
Network
oisf debian
|
suricata debian_linux
|
An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inj…
Update
|
NVD-CWE-noinfo
|
CVE-2019-18625
|
2024-10-23 02:11 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
746
|
9.1 |
CRITICAL
Network
oisf debian
|
suricata debian_linux
|
An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the …
Update
|
CWE-436
Interpretation Conflict
|
CVE-2019-18792
|
2024-10-23 02:11 |
2020-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
747
|
9.8 |
CRITICAL
Network
oisf
|
suricata
|
Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-comm…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2018-10244
|
2024-10-23 02:11 |
2019-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
748
|
7.5 |
HIGH
Network
oisf debian
|
suricata debian_linux
|
Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2018-10242
|
2024-10-23 02:11 |
2019-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
749
|
- |
|
openinfosecfoundation oisf
|
suricata
|
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.
Update
|
CWE-20
Improper Input Validation
|
CVE-2013-5919
|
2024-10-23 02:11 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
750
|
7.5 |
HIGH
Network
didiglobal
|
ddmq
|
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2024-10173
|
2024-10-23 02:05 |
2024-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|