Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26034 | 1 Zoneminder | 1 Zoneminder | 2023-03-07 | N/A | 8.8 HIGH |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution. | |||||
| CVE-2023-26035 | 1 Zoneminder | 1 Zoneminder | 2023-03-07 | N/A | 9.8 CRITICAL |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33. | |||||
| CVE-2023-23080 | 1 Tenda | 10 Cp3, Cp3 Firmware, Cp7 and 7 more | 2023-03-07 | N/A | 9.8 CRITICAL |
| Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT7-LCS<=V2209020914 and Tenda IT7-PRS Tenda IT7-PRS<=V2209020908. | |||||
| CVE-2021-32302 | 1 Irz | 2 Ruh2, Ruh2 Firmware | 2023-03-07 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. | |||||
| CVE-2023-24206 | 1 Davinci Project | 1 Davinci | 2023-03-07 | N/A | 9.8 CRITICAL |
| Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. | |||||
| CVE-2022-34910 | 1 Aremis | 1 Aremis 4 Nomads | 2023-03-07 | N/A | 5.5 MEDIUM |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device. | |||||
| CVE-2022-34909 | 1 Aremis | 1 Aremis 4 Nomads | 2023-03-07 | N/A | 9.1 CRITICAL |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database. | |||||
| CVE-2023-26036 | 1 Zoneminder | 1 Zoneminder | 2023-03-07 | N/A | 9.8 CRITICAL |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33. | |||||
| CVE-2023-26037 | 1 Zoneminder | 1 Zoneminder | 2023-03-07 | N/A | 9.8 CRITICAL |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33. | |||||
| CVE-2023-26038 | 1 Zoneminder | 1 Zoneminder | 2023-03-07 | N/A | 6.5 MEDIUM |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33. | |||||
| CVE-2022-34908 | 1 Aremis | 1 Aremis 4 Nomads | 2023-03-07 | N/A | 7.5 HIGH |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data. | |||||
| CVE-2023-26039 | 1 Zoneminder | 1 Zoneminder | 2023-03-07 | N/A | 8.8 HIGH |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33. | |||||
| CVE-2023-25816 | 1 Nextcloud | 1 Nextcloud Server | 2023-03-07 | N/A | 6.5 MEDIUM |
| Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available. | |||||
| CVE-2023-26550 | 1 Bmc | 1 Control-m | 2023-03-07 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field. | |||||
| CVE-2023-0887 | 1 Tftpd64 Project | 1 Tftpd64 | 2023-03-07 | N/A | 7.8 HIGH |
| A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical. This issue affects some unknown processing of the file tftpd64_svc.exe. The manipulation leads to unquoted search path. An attack has to be approached locally. The associated identifier of this vulnerability is VDB-221351. | |||||
| CVE-2023-1070 | 1 Teampass | 1 Teampass | 2023-03-07 | N/A | 7.1 HIGH |
| External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. | |||||
| CVE-2016-15024 | 1 Doomsider Shadow Project | 1 Doomsider Shadow | 2023-03-07 | N/A | 5.5 MEDIUM |
| A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-3329 | 1 Zephyrproject | 1 Zephyr | 2023-03-07 | N/A | 6.5 MEDIUM |
| Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stack | |||||
| CVE-2023-23109 | 1 Crasm Project | 1 Crasm | 2023-03-07 | N/A | 7.5 HIGH |
| In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv. | |||||
| CVE-2021-42553 | 1 St | 1 Stm32 Mw Usb Host | 2023-03-07 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs. | |||||