Search Results (21053 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-50985 1 Tenda 2 I29, I29 Firmware 2024-11-21 9.8 Critical
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function.
CVE-2023-50984 1 Tenda 2 I29, I29 Firmware 2024-11-21 9.8 Critical
Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function.
CVE-2023-50965 1 Starnight 1 Micro Http Server 2024-11-21 9.8 Critical
In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in lib/middleware.c allows a stack-based buffer overflow and potentially remote code execution via a long URI.
CVE-2023-50466 1 Weintek 2 Cmt2078x, Cmt2078x Firmware 2024-11-21 8.8 High
An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter.
CVE-2023-50445 2 Gl-inet, Gl.inet 36 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 33 more 2024-11-21 7.8 High
Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.
CVE-2023-50147 1 Totolink 2 A3700r, A3700r Firmware 2024-11-21 9.8 Critical
There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.
CVE-2023-50002 1 Tenda 2 W30e, W30e Firmware 2024-11-21 9.8 Critical
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode.
CVE-2023-50001 1 Tenda 2 W30e, W30e Firmware 2024-11-21 9.8 Critical
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline.
CVE-2023-50000 1 Tenda 2 W30e, W30e Firmware 2024-11-21 9.8 Critical
Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode.
CVE-2023-4949 2 Gnu, Xen 2 Grub, Xen 2024-11-21 8.1 High
An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.
CVE-2023-4756 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4754 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.
CVE-2023-4744 1 Tenda 2 Ac8, Ac8 Firmware 2024-11-21 9.8 Critical
A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has been declared as critical. Affected by this vulnerability is the function formSetDeviceName. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238633 was assigned to this vulnerability.
CVE-2023-4711 1 Dlink 2 Dar-8000-10, Dar-8000-10 Firmware 2024-11-21 5 Medium
A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4685 1 Deltaww 2 Cncsoft-b, Dopsoft 2024-11-21 7.8 High
Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code.
CVE-2023-4601 2 Microsoft, Ni 2 Windows, System Configuration 2024-11-21 8.1 High
A stack-based buffer overflow vulnerability exists in NI System Configuration that could result in information disclosure and/or arbitrary code execution. Successful exploitation requires that an attacker can provide a specially crafted response. This affects NI System Configuration 2023 Q3 and all previous versions.
CVE-2023-4542 1 Dlink 2 Dar-8000-10, Dar-8000-10 Firmware 2024-11-21 6.3 Medium
A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4464 1 Poly 8 Ccx 400, Ccx 400 Firmware, Ccx 600 and 5 more 2024-11-21 7.2 High
A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.
CVE-2023-4412 1 Totolink 2 Ex1200l, Ex1200l Firmware 2024-11-21 6.3 Medium
A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-4411 1 Totolink 2 Ex1200l, Ex1200l Firmware 2024-11-21 6.3 Medium
A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.