Search Results (362833 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24147 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2025-03-26 7.5 High
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini.
CVE-2023-24146 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2025-03-26 9.8 Critical
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function.
CVE-2023-24145 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2025-03-26 9.8 Critical
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function.
CVE-2023-24144 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2025-03-26 9.8 Critical
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function.
CVE-2023-24143 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2025-03-26 9.8 Critical
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function.
CVE-2023-24142 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2025-03-26 9.8 Critical
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function.
CVE-2023-24141 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2025-03-26 9.8 Critical
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function.
CVE-2023-24140 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2025-03-26 9.8 Critical
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function.
CVE-2023-24139 1 Totolink 2 Ca300-poe, Ca300-poe Firmware 2025-03-26 9.8 Critical
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function.
CVE-2023-24029 1 Progress 1 Ws Ftp Server 2025-03-26 7.2 High
In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.
CVE-2023-23636 1 Jellyfin 1 Jellyfin 2025-03-26 5.4 Medium
In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.
CVE-2023-23635 1 Jellyfin 1 Jellyfin 2025-03-26 5.4 Medium
In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim.
CVE-2023-23333 1 Contec 2 Solarview Compact, Solarview Compact Firmware 2025-03-26 9.8 Critical
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
CVE-2023-23120 1 Trendnet 2 Tv-ip651wi, Tv-ip651wi Firmware 2025-03-26 5.9 Medium
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.
CVE-2023-23119 1 Ui 2 Af-2x, Af-2x Firmware 2025-03-26 5.9 Medium
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.
CVE-2023-23088 1 Json-parser Project 1 Json-parser 2025-03-26 9.8 Critical
Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function.
CVE-2023-23087 1 Mojojson Project 1 Mojojson 2025-03-26 9.8 Critical
An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.
CVE-2023-23086 1 Mojojson Project 1 Mojojson 2025-03-26 9.8 Critical
Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function.
CVE-2023-20619 2 Google, Mediatek 25 Android, Mt6761, Mt6762 and 22 more 2025-03-26 6.7 Medium
In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159.
CVE-2023-20618 2 Google, Mediatek 25 Android, Mt6761, Mt6762 and 22 more 2025-03-26 6.7 Medium
In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184.