Search Results (366625 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29841 1 Westerndigital 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more 2025-01-24 8 High
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.
CVE-2022-29842 1 Westerndigital 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more 2025-01-24 9.8 Critical
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119.
CVE-2023-32080 1 Pterodactyl 1 Wings 2025-01-24 9.1 Critical
Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to modify an server's install script or the install script executes code supplied by the user (either through environment variables, or commands that execute commands based off of user data). This vulnerability has been resolved in version `v1.11.6` of Wings, and has been back-ported to the 1.7 release series in `v1.7.5`. Anyone running `v1.11.x` should upgrade to `v1.11.6` and anyone running `v1.7.x` should upgrade to `v1.7.5`. There are no workarounds aside from upgrading. Running Wings with a rootless container runtime may mitigate the severity of any attacks, however the majority of users are using container runtimes that run as root as per the Wings documentation. SELinux may prevent attackers from performing certain operations against the host system, however privileged containers have a lot of freedom even on systems with SELinux enabled. It should be noted that this was a known attack vector, for attackers to easily exploit this attack it would require compromising an administrator account on a Panel. However, certain eggs (the data structure that holds the install scripts that get passed to Wings) have an issue where they are unknowingly executing shell commands with escalated privileges provided by untrusted user data.
CVE-2023-31919 1 Jerryscript 1 Jerryscript 2025-01-24 5.5 Medium
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.
CVE-2023-31918 1 Jerryscript 1 Jerryscript 2025-01-24 5.5 Medium
Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c.
CVE-2023-31914 1 Jerryscript 1 Jerryscript 2025-01-24 5.5 Medium
Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.
CVE-2023-31913 1 Jerryscript 1 Jerryscript 2025-01-24 5.5 Medium
Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.
CVE-2023-30330 1 Softexpert 1 Excellence Suite 2025-01-24 9.8 Critical
SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php.
CVE-2023-30247 1 Storage Unit Rental Management System Project 1 Storage Unit Rental Management System 2025-01-24 9.8 Critical
File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.
CVE-2023-29790 1 Kodcloud 1 Kodbox 2025-01-24 7.5 High
kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.
CVE-2023-29657 1 Extplorer 1 Extplorer 2025-01-24 8.8 High
eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions.
CVE-2023-27823 1 Optoma 1 1080pstx 2025-01-24 9.8 Critical
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.
CVE-2023-27237 1 Lavalite 1 Lavalite 2025-01-24 6.1 Medium
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.
CVE-2023-25428 1 Soft-o 1 Free Password Manager 2025-01-24 7.8 High
A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution.
CVE-2023-25009 1 Autodesk 1 3ds Max Usd 2025-01-24 7.8 High
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.
CVE-2023-25008 1 Autodesk 1 3ds Max Usd 2025-01-24 7.8 High
A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.
CVE-2023-25007 1 Autodesk 1 3ds Max Usd 2025-01-24 7.8 High
A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.
CVE-2023-25006 1 Autodesk 1 3ds Max Usd 2025-01-24 7.8 High
A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.
CVE-2023-20709 2 Google, Mediatek 52 Android, Mt6580, Mt6731 and 49 more 2025-01-24 4.4 Medium
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576951; Issue ID: ALPS07576951.
CVE-2023-20708 2 Google, Mediatek 52 Android, Mt6580, Mt6731 and 49 more 2025-01-24 6.7 Medium
In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655.