Page 12 of 38550 results (0.102 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Running a curl command against a local instance of OpenCTI will result in a limited error message. ... Bypassing this restriction allows the attacker to gather a wealth of information about the GraphQL endpoint functionality that can be used to perform actions and/or read data without authorization. These queries can also be weaponized to conduct a Denial of Service (DoS) attack if sent repeatedly. ... Estas consultas también pueden utilizarse como arma para llevar a cabo un ataque de denegación de servicio (DoS) si se envían repetidamente. • https://github.com/OpenCTI-Platform/opencti/blob/6343b82b0b0a5d3ded3b30d08ce282328a556268/opencti-platform/opencti-graphql/src/graphql/graphql.js#L83-L94 https://github.com/OpenCTI-Platform/opencti/commit/f87d96918c63b0c3d3ebfbea6c789d48e2f56ad5 https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-4mvw-j8r9-xcgc • CWE-284: Improper Access Control •

CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0

A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0

A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0

A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •

CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. • https://cert.vde.com/en/advisories/VDE-2024-047 • CWE-306: Missing Authentication for Critical Function •