Export limit exceeded: 19553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3991 | 1 Freshtomato | 1 Freshtomato | 2024-11-21 | 10 Critical |
| An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2023-3975 | 2 Diagrams, Jgraph | 2 Drawio, Drawio | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. | ||||
| CVE-2023-3974 | 2 Diagrams, Jgraph | 2 Drawio, Drawio | 2024-11-21 | 9.8 Critical |
| OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. | ||||
| CVE-2023-3939 | 2024-11-21 | 10 Critical | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in ZkTeco-based OEM devices allows OS Command Injection. Since all the found command implementations are executed from the superuser, their impact is the maximum possible. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with the ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other. | ||||
| CVE-2023-3894 | 1 Fasterxml | 1 Jackson-dataformats-text | 2024-11-21 | 5.8 Medium |
| Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | ||||
| CVE-2023-3825 | 1 Kepware | 1 Kepserverex | 2024-11-21 | 7.5 High |
| PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed. | ||||
| CVE-2023-3767 | 1 Easyphp | 1 Webserver | 2024-11-21 | 9.8 Critical |
| An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter. | ||||
| CVE-2023-3633 | 1 Bitdefender | 1 Engines | 2024-11-21 | 8.1 High |
| An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower. | ||||
| CVE-2023-3608 | 1 Ruijienetworks | 2 Bcr810w, Bcr810w Firmware | 2024-11-21 | 4.7 Medium |
| A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233477 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3607 | 1 Kodcloud | 1 Kodbox | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in kodbox 1.26. It has been declared as critical. This vulnerability affects the function Execute of the file webconsole.php.txt of the component WebConsole Plug-In. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3606 | 1 Tamronos | 1 Tamronos | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233475. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3596 | 1 Rockwellautomation | 6 1756-en4tr, 1756-en4tr Firmware, 1756-en4trk and 3 more | 2024-11-21 | 7.5 High |
| Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages. | ||||
| CVE-2023-3595 | 1 Rockwellautomation | 24 1756-en2f Series A, 1756-en2f Series A Firmware, 1756-en2f Series B and 21 more | 2024-11-21 | 9.8 Critical |
| Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device. | ||||
| CVE-2023-3573 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 8.8 High |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. | ||||
| CVE-2023-3572 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 10 Critical |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. | ||||
| CVE-2023-3571 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 8.8 High |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device. | ||||
| CVE-2023-3570 | 1 Phoenixcontact | 12 Wp 6070-wvps, Wp 6070-wvps Firmware, Wp 6101-wxps and 9 more | 2024-11-21 | 8.8 High |
| In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device. | ||||
| CVE-2023-3495 | 1 Hitachi | 1 Eh-view | 2024-11-21 | 7.8 High |
| ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (KeypadDesigner) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-3487 | 1 Silabs | 1 Gecko Bootloader | 2024-11-21 | 7.7 High |
| An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | ||||
| CVE-2023-3463 | 1 Ge | 1 Cimplicity | 2024-11-21 | 6.6 Medium |
| All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code. | ||||