| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. |
| A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. |
| A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. |
| A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. |
| The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. |
| Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. |
| A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities. |
| In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header. |
| A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request. |
| A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine. |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker. |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker. |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker. |
| A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker. |
