Export limit exceeded: 19553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43893 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | 9.8 Critical |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | ||||
| CVE-2023-43890 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | 8.8 High |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. | ||||
| CVE-2023-43886 | 1 Tenda | 2 Rx9 Pro, Rx9 Pro Firmware | 2024-11-21 | 7.1 High |
| A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory. | ||||
| CVE-2023-43869 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function. | ||||
| CVE-2023-43868 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function. | ||||
| CVE-2023-43867 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function. | ||||
| CVE-2023-43866 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function. | ||||
| CVE-2023-43865 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function. | ||||
| CVE-2023-43864 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function. | ||||
| CVE-2023-43863 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function. | ||||
| CVE-2023-43862 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function. | ||||
| CVE-2023-43861 | 2 D-link, Dlink | 3 Dir-619l, Dir-619l, Dir-619l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function. | ||||
| CVE-2023-43860 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function. | ||||
| CVE-2023-43752 | 1 Elecom | 6 Wrc-x3000gs2-b, Wrc-x3000gs2-b Firmware, Wrc-x3000gs2-w and 3 more | 2024-11-21 | 8.0 High |
| OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | ||||
| CVE-2023-43744 | 1 Zultys | 12 Mx-e, Mx-e Firmware, Mx-se and 9 more | 2024-11-21 | 7.2 High |
| An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command. | ||||
| CVE-2023-43632 | 2 Lfedge, Linuxfoundation | 2 Eve, Edge Virtualization Engine | 2024-11-21 | 9 Critical |
| As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using protobuf, and the data is comprised of 2 parts: 1. Header 2. Data When a connection is made, the server is waiting for 4 bytes of data, which will be the header, and these 4 bytes would be parsed as uint32 size of the actual data to come. Then, in the function “handleRequest” this size is then used in order to allocate a payload on the stack for the incoming data. As this payload is allocated on the stack, this will allow overflowing the stack size allocated for the relevant process with freely controlled data. * An attacker can crash the system. * An attacker can gain control over the system, specifically on the “vtpm_server” process which has very high privileges. | ||||
| CVE-2023-43338 | 1 Cesanta | 1 Mjs | 2024-11-21 | 9.8 Critical |
| Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. | ||||
| CVE-2023-43252 | 1 Xnview | 1 Nconvert | 2024-11-21 | 7.8 High |
| XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. | ||||
| CVE-2023-43242 | 1 Dlink | 3 Dir-816 A2 Firmware, Dir-816a2, Dir-816a2 Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel. | ||||
| CVE-2023-43241 | 2 D-link, Dlink | 3 Dir-823g, Dir-823g, Dir-823g Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity. | ||||