Vuldb Updates

A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2024-12988. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

A vulnerability was found in Dahua IPC-HDW1X2X, IPC-HFW1X2X, IPC-HDW2X2X, IPC-HFW2X2X, IPC-HDW4X2X, IPC-HFW4X2X, IPC-HDBW4X2X, IPC-HDW5X2X and IPC-HFW5X2X. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation as part of Packet leads to information disclosure (IP Address). This vulnerability is handled as CVE-2019-9680. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component. Our investigation indicates that a second CVE-2024-13131 was assigned to this entry.

A vulnerability classified as problematic has been found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-13131. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling. The analysis of our data team indicates that this CVE might be a duplicate of CVE-2019-9680.

A vulnerability was found in Siemens SIMATIC S7-1200 CPU 1211C AC, DC, Rly, SIMATIC S7-1200 CPU 1211C DC, SIMATIC S7-1200 CPU 1212C AC, SIMATIC S7-1200 CPU 1212C DC, SIMATIC S7-1200 CPU 1212FC DC, SIMATIC S7-1200 CPU 1214C AC, SIMATIC S7-1200 CPU 1214C DC, SIMATIC S7-1200 CPU 1214FC DC, SIMATIC S7-1200 CPU 1215C AC, SIMATIC S7-1200 CPU 1215C DC, SIMATIC S7-1200 CPU 1215FC DC, SIMATIC S7-1200 CPU 1217C DC, SIPLUS S7-1200 CPU 1212 AC, RLY, SIPLUS S7-1200 CPU 1212 DC, SIPLUS S7-1200 CPU 1212C DC, DC RAIL, SIPLUS S7-1200 CPU 1214 AC, SIPLUS S7-1200 CPU 1214 DC, SIPLUS S7-1200 CPU 1214C DC, SIPLUS S7-1200 CPU 1214FC DC, SIPLUS S7-1200 CPU 1215 AC, SIPLUS S7-1200 CPU 1215 DC, SIPLUS S7-1200 CPU 1215C DC and SIPLUS S7-1200 CPU 1215FC DC up to 4.6. It has been classified as problematic. This affects an unknown part of the component Web Interface. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-47100. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Siemens Industrial Edge Management OS and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-45385. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Siemens Mendix LDAP up to 1.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to ldap injection. This vulnerability is known as CVE-2024-56841. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in YS STEALTHONE D220 and STEALTHONE D340 up to 6.03.02. This issue affects some unknown processing of the component Web Management Page. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-20620. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as critical was found in YS STEALTHONE D220 and STEALTHONE D340 up to 6.03.02. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2025-20055. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in YS STEALTHONE D220, STEALTHONE D340 and STEALTHONE D440. This affects an unknown part of the component Web Management Page. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2025-20016. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Event Monster Plugin up to 1.4.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Visitors List Export. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-11396. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in OMRON Machine Automation Controller NJ-series and Machine Automation Controller NX-series. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to path traversal. This vulnerability was named CVE-2024-12083. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in OMRON Programable Terminals NB-Designer up to 1.63. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. The identification of this vulnerability is CVE-2024-12298. An attack has to be approached locally. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in MonetDB Server 11.47.11. This issue affects the function atom_get_int of the component SQL Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-57619. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in MonetDB Server 11.47.11. Affected is the function trimchars of the component SQL Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-57620. Access to the local network is required for this attack. There is no exploit available.

A vulnerability has been found in MonetDB Server 11.47.11 and classified as problematic. Affected by this vulnerability is the function GDKanalytical_correlation. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-57621. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in MonetDB Server 11.49.1 and classified as problematic. Affected by this issue is the function exp_bin of the component SQL Handler. The manipulation leads to denial of service. This vulnerability is handled as CVE-2024-57622. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in MonetDB Server 11.49.1. It has been classified as problematic. This affects the function HEAP_malloc. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-57623. The attack can only be done within the local network. There is no exploit available.

A vulnerability was found in MonetDB Server 11.49.1. It has been declared as problematic. This vulnerability affects the function exp_atom of the component SQL Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2024-57624. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability was found in MonetDB Server 11.49.1. It has been rated as problematic. This issue affects the function merge_table_prune_and_unionize of the component SQL Handler. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2024-57625. The attack needs to be done within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in MonetDB Server 11.49.1. Affected is the function mat_join2 of the component SQL Handler. The manipulation leads to denial of service. This vulnerability is traded as CVE-2024-57626. The attack needs to be initiated within the local network. There is no exploit available.