Summary
Detail | |||
---|---|---|---|
Vendor | Sharp | First view | 2024-10-25 |
Product | Dx-c381 Firmware | Last view | 2024-10-25 |
Version | Type | Os | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
CPE Name | Affected CVE |
---|---|
cpe:2.3:o:sharp:dx-c381_firmware:-:*:*:*:*:*:*:* | 9 |
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.8 | 2024-10-25 | CVE-2024-48870 | Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users. |
6.1 | 2024-10-25 | CVE-2024-47801 | Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. |
6.1 | 2024-10-25 | CVE-2024-47549 | Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. |
9.8 | 2024-10-25 | CVE-2024-47406 | Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. |
8.1 | 2024-10-25 | CVE-2024-47005 | Sharp and Toshiba Tec MFPs provide configuration related APIs. They are expected to be called by administrative users only, but insufficiently restricted. A non-administrative user may execute some configuration APIs. |
5.3 | 2024-10-25 | CVE-2024-45842 | Sharp and Toshiba Tec MFPs improperly process URI data in HTTP PUT requests resulting in a path Traversal vulnerability. Unintended internal files may be retrieved when processing crafted HTTP requests. |
7.5 | 2024-10-25 | CVE-2024-45829 | Sharp and Toshiba Tec MFPs provide the web page to download data, where query parameters in HTTP requests are improperly processed and resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. |
7.5 | 2024-10-25 | CVE-2024-43424 | Sharp and Toshiba Tec MFPs improperly process HTTP request headers, resulting in an Out-of-bounds Read vulnerability. Crafted HTTP requests may cause affected products crashed. |
7.5 | 2024-10-25 | CVE-2024-42420 | Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper processing of keyword search input and improper processing of SOAP messages. Crafted HTTP requests may cause affected products crashed. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
37% (3) | CWE-125 | Out-of-bounds Read |
25% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
12% (1) | CWE-306 | Missing Authentication for Critical Function |
12% (1) | CWE-116 | Improper Encoding or Escaping of Output |
12% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |