Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dos vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-21036
Sails.js before v1.0.0-46 allows malicious users to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.
Sailsjs Sails
5.5
CVSSv3
CVE-2019-14337
An issue exists on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is an ability to escape to a shell in the restricted command line interface, as demonstrated by the `/bin/sh -c wget` sequence.
Dlink 6600-ap Firmware 4.2.0.14
Dlink Dwl-3600ap Firmware 4.2.0.14
7.8
CVSSv3
CVE-2019-14332
An issue exists on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is use of weak ciphers for SSH such as diffie-hellman-group1-sha1.
Dlink 6600-ap Firmware 4.2.0.14
Dlink Dwl-3600ap Firmware 4.2.0.14
5.5
CVSSv3
CVE-2019-14333
An issue exists on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a pre-authenticated denial of service attack against the access point via a long action parameter to admin.cgi.
Dlink 6600-ap Firmware 4.2.0.14
Dlink Dwl-3600ap Firmware 4.2.0.14
5.5
CVSSv3
CVE-2019-14334
An issue exists on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command.
Dlink 6600-ap Firmware 4.2.0.14
Dlink Dwl-3600ap Firmware 4.2.0.14
Dlink Dwl-8610ap Firmware 4.2.0.14
5.5
CVSSv3
CVE-2019-14335
An issue exists on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI.
Dlink 6600-ap Firmware 4.2.0.14
Dlink Dwl-3600ap Firmware 4.2.0.14
5.5
CVSSv3
CVE-2019-14336
An issue exists on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated dump of all of the config files through a certain admin.cgi?action= insecure HTTP request.
Dlink 6600-ap Firmware 4.2.0.14
Dlink Dwl-3600ap Firmware 4.2.0.14
6.1
CVSSv3
CVE-2019-14338
An issue exists on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is a post-authentication admin.cgi?action= XSS vulnerability on the management interface.
Dlink 6600-ap Firmware 4.2.0.14
Dlink Dwl-3600ap Firmware 4.2.0.14
NA
CVE-2024-2758
Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.
1 Article
NA
CVE-2024-2653
amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash.
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »