Search Results (364785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-40848 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "sub_7D858."
CVE-2023-40847 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check.
CVE-2023-40846 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.
CVE-2023-40845 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks.
CVE-2023-40844 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.'
CVE-2023-40843 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "sub_73004."
CVE-2023-40842 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "R7WebsSecurityHandler."
CVE-2023-40841 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "add_white_node,"
CVE-2023-40840 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "fromGetWirelessRepeat."
CVE-2023-40839 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands.
CVE-2023-40838 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability.
CVE-2023-40837 1 Tenda 2 Ac6, Ac6 Firmware 2024-11-21 9.8 Critical
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands.
CVE-2023-40834 1 Opencart 1 Opencart 2024-11-21 9.8 Critical
OpenCart CMS v4.0.2.2 was discovered to lack a protective mechanism on its login page against excessive login attempts, allowing unauthenticated attackers to gain access to the application via a brute force attack to the password parameter.
CVE-2023-40833 1 Thecosy 1 Icecms 2024-11-21 9.8 Critical
An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting.
CVE-2023-40829 1 Tencent 1 Enterprise Wechat Privatization 2024-11-21 7.5 High
There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000.
CVE-2023-40828 1 Pf4j Project 1 Pf4j 2024-11-21 7.5 High
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.
CVE-2023-40827 1 Pf4j Project 1 Pf4j 2024-11-21 7.5 High
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.
CVE-2023-40826 1 Pf4j Project 1 Pf4j 2024-11-21 7.5 High
An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.
CVE-2023-40825 1 Perfree 1 Perfreeblog 2024-11-21 7.2 High
An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.
CVE-2023-40817 1 Opencrx 1 Opencrx 2024-11-21 6.1 Medium
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field.