Search Results (366571 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-52042 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.
CVE-2023-52040 1 Totolink 2 X6000r, X6000r Firmware 2024-11-21 9.8 Critical
An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function.
CVE-2023-51972 1 Tenda 2 Ax1803, Ax1803 Firmware 2024-11-21 9.8 Critical
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp.
CVE-2023-51961 1 Tenda 2 Ax1803, Ax1803 Firmware 2024-11-21 9.8 Critical
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.
CVE-2023-51958 1 Tenda 2 Ax1803, Ax1803 Firmware 2024-11-21 9.8 Critical
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv.
CVE-2023-51957 1 Tenda 2 Ax1803, Ax1803 Firmware 2024-11-21 9.8 Critical
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv.
CVE-2023-51888 1 Ctan 1 Mathtex 2024-11-21 7.5 High
Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL.
CVE-2023-51782 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 7.0 High
An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.
CVE-2023-51781 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 7.0 High
An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.
CVE-2023-51780 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-11-21 7.0 High
An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
CVE-2023-51777 2 Jungo, Mitsubishielectric 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more 2024-11-21 5.5 Medium
Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error.
CVE-2023-51772 1 Oneidentity 1 Password Manager 2024-11-21 8.8 High
One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM.
CVE-2023-51765 3 Freebsd, Redhat, Sendmail 3 Freebsd, Enterprise Linux, Sendmail 2024-11-21 5.3 Medium
sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not. This is resolved in 8.18 and later versions with 'o' in srv_features.
CVE-2023-51750 2 Microsoft, Scalefusion 2 Windows, Scalefusion 2024-11-21 4.6 Medium
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."
CVE-2023-51749 1 Scalefusion 1 Scalefusion 2024-11-21 8.8 High
ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."
CVE-2023-51746 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 7.8 High
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process.
CVE-2023-51740 1 Skyworthdigital 2 Cm5100, Cm5100 Firmware 2024-11-21 7.5 High
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim’s network traffic to extract username and password from the web interface (Login Page) of the vulnerable targeted system.
CVE-2023-51734 1 Skyworthdigital 2 Cm5100, Cm5100 Firmware 2024-11-21 6.9 Medium
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVE-2023-51733 1 Skyworthdigital 2 Cm5100, Cm5100 Firmware 2024-11-21 6.9 Medium
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.
CVE-2023-51728 1 Skyworthdigital 2 Cm5100, Cm5100 Firmware 2024-11-21 6.9 Medium
This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.