CyberAlerts

CVE-2024-21647

Description: Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.

CVSS: MEDIUM (5.9)

EPSS Score: 1.79%

SSVC Exploitation: none

Source: CVE

June 3rd, 2025 (12 days ago)

CVE-2024-21597

Junos OS: MX Series: In an AF scenario traffic can bypass configured lo0 firewall filters

Description: An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

CVSS: MEDIUM (5.3)

EPSS Score: 0.03%

SSVC Exploitation: none

Source: CVE

June 3rd, 2025 (12 days ago)

CVE-2024-21594

Junos OS: SRX 5000 Series: Repeated execution of a specific CLI command causes a flowd crash

Description: A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node.fpc.pic. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.

CVSS: MEDIUM (5.5)

EPSS Score: 0.02%

SSVC Exploitation: none

Source: CVE

June 3rd, 2025 (12 days ago)

CVE-2024-21587

Junos OS: MX Series: Memory leak in bbe-smgd process if BFD liveness detection for DHCP subscribers is enabled

Description: An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue. Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation. user@junos> show system processes extensive | match bbe-smgd 13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd} 13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd} ... user@junos> show system processes extensive | match bbe-smgd 13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd} 13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd} ... This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * ...

CVSS: MEDIUM (6.5)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

June 3rd, 2025 (12 days ago)

CVE-2024-0546

EasyFTP LIST Command denial of service

Description: A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715. Eine Schwachstelle wurde in EasyFTP 1.7.0 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Komponente LIST Command Handler. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

SSVC Exploitation: poc

Source: CVE

June 3rd, 2025 (12 days ago)

CVE-2024-0540

Tenda W9 httpd formOfflineSet stack-based overflow

Description: A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in Tenda W9 1.0.0.7(4456) ausgemacht. Es betrifft die Funktion formOfflineSet der Komponente httpd. Durch das Beeinflussen des Arguments ssidIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.1%

SSVC Exploitation: none

Source: CVE

June 3rd, 2025 (12 days ago)

CVE-2024-0530

CXBSoft Post-Office HTTP POST Request reg_go.php sql injection

Description: A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_reg leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250700. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in CXBSoft Post-Office bis 1.0 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /apps/reg_go.php der Komponente HTTP POST Request Handler. Durch Beeinflussen des Arguments username_reg mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.5)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

June 3rd, 2025 (12 days ago)

CVE-2024-0527

CXBSoft Url-shorting HTTP POST Request update_go.php sql injection

Description: A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250697 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in CXBSoft Url-shorting bis 1.3.1 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /admin/pages/update_go.php der Komponente HTTP POST Request Handler. Durch das Manipulieren des Arguments version mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (6.3)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

June 3rd, 2025 (12 days ago)

CVE-2024-0522

Allegro RomPager HTTP POST Request cross-site request forgery

Description: A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure. Es wurde eine problematische Schwachstelle in Allegro RomPager 4.01 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei usertable.htm?action=delete der Komponente HTTP POST Request Handler. Mit der Manipulation des Arguments username mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Ein Aktualisieren auf die Version 4.30 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.

CVSS: MEDIUM (4.3)

EPSS Score: 0.05%

SSVC Exploitation: none

Source: CVE

June 3rd, 2025 (12 days ago)

CVE-2024-0505

ZhongFuCheng3y Austin Upload Material Menu MaterialController.java getFile unrestricted upload

Description: A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619. Eine kritische Schwachstelle wurde in ZhongFuCheng3y Austin 1.0 gefunden. Hierbei geht es um die Funktion getFile der Datei com/java3y/austin/web/controller/MaterialController.java der Komponente Upload Material Menu. Mittels Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: MEDIUM (5.5)

EPSS Score: 0.09%

SSVC Exploitation: poc

Source: CVE

June 3rd, 2025 (12 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-21647	HTTP Request/Response Smuggling in puma Description: Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8. CVSS: MEDIUM (5.9) EPSS Score: 1.79% SSVC Exploitation: none Source: CVE June 3rd, 2025 (12 days ago)
CVE-2024-21597	Junos OS: MX Series: In an AF scenario traffic can bypass configured lo0 firewall filters Description: An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. CVSS: MEDIUM (5.3) EPSS Score: 0.03% SSVC Exploitation: none Source: CVE June 3rd, 2025 (12 days ago)
CVE-2024-21594	Junos OS: SRX 5000 Series: Repeated execution of a specific CLI command causes a flowd crash Description: A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node.fpc.pic. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. CVSS: MEDIUM (5.5) EPSS Score: 0.02% SSVC Exploitation: none Source: CVE June 3rd, 2025 (12 days ago)
CVE-2024-21587	Junos OS: MX Series: Memory leak in bbe-smgd process if BFD liveness detection for DHCP subscribers is enabled Description: An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue. Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation. user@junos> show system processes extensive \| match bbe-smgd 13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd} 13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd} ... user@junos> show system processes extensive \| match bbe-smgd 13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd} 13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd} ... This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * ... CVSS: MEDIUM (6.5) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 3rd, 2025 (12 days ago)
CVE-2024-0546	EasyFTP LIST Command denial of service Description: A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715. Eine Schwachstelle wurde in EasyFTP 1.7.0 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Komponente LIST Command Handler. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.3) EPSS Score: 0.05% SSVC Exploitation: poc Source: CVE June 3rd, 2025 (12 days ago)
CVE-2024-0540	Tenda W9 httpd formOfflineSet stack-based overflow Description: A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine kritische Schwachstelle in Tenda W9 1.0.0.7(4456) ausgemacht. Es betrifft die Funktion formOfflineSet der Komponente httpd. Durch das Beeinflussen des Arguments ssidIndex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.3) EPSS Score: 0.1% SSVC Exploitation: none Source: CVE June 3rd, 2025 (12 days ago)
CVE-2024-0530	CXBSoft Post-Office HTTP POST Request reg_go.php sql injection Description: A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_reg leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250700. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in CXBSoft Post-Office bis 1.0 gefunden. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /apps/reg_go.php der Komponente HTTP POST Request Handler. Durch Beeinflussen des Arguments username_reg mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.5) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 3rd, 2025 (12 days ago)
CVE-2024-0527	CXBSoft Url-shorting HTTP POST Request update_go.php sql injection Description: A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250697 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Eine Schwachstelle wurde in CXBSoft Url-shorting bis 1.3.1 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /admin/pages/update_go.php der Komponente HTTP POST Request Handler. Durch das Manipulieren des Arguments version mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.3) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 3rd, 2025 (12 days ago)
CVE-2024-0522	Allegro RomPager HTTP POST Request cross-site request forgery Description: A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure. Es wurde eine problematische Schwachstelle in Allegro RomPager 4.01 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei usertable.htm?action=delete der Komponente HTTP POST Request Handler. Mit der Manipulation des Arguments username mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Ein Aktualisieren auf die Version 4.30 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. CVSS: MEDIUM (4.3) EPSS Score: 0.05% SSVC Exploitation: none Source: CVE June 3rd, 2025 (12 days ago)
CVE-2024-0505	ZhongFuCheng3y Austin Upload Material Menu MaterialController.java getFile unrestricted upload Description: A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619. Eine kritische Schwachstelle wurde in ZhongFuCheng3y Austin 1.0 gefunden. Hierbei geht es um die Funktion getFile der Datei com/java3y/austin/web/controller/MaterialController.java der Komponente Upload Material Menu. Mittels Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.5) EPSS Score: 0.09% SSVC Exploitation: poc Source: CVE June 3rd, 2025 (12 days ago)