Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22807 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2023-02-24 | N/A | 9.8 CRITICAL |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol. | |||||
| CVE-2022-3843 | 1 Wago | 2 852-111\/000-001, 852-111\/000-001 Firmware | 2023-02-24 | N/A | 9.1 CRITICAL |
| In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a limited set of parameters. | |||||
| CVE-2022-43969 | 1 Ricoh | 154 Im 2500, Im 2500 Firmware, Im 2702 and 151 more | 2023-02-24 | N/A | 9.1 CRITICAL |
| Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. | |||||
| CVE-2022-38731 | 1 Qaelum | 1 Dose | 2023-02-24 | N/A | 4.3 MEDIUM |
| Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. (Only images are displayed to the attacker. All other files are loaded but not displayed.) The Content-Type response header reflects the actual content type of the file being requested. This allows an attacker to enumerate files on the local system. Additionally, remote resources can be requested via a UNC path, allowing an attacker to coerce authentication out from the server to the attackers machine. | |||||
| CVE-2023-0862 | 1 Netmodule | 1 Netmodule Router Software | 2023-02-24 | N/A | 8.8 HIGH |
| The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authenticated users could gain remote command execution with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. | |||||
| CVE-2023-0860 | 1 Modoboa | 1 Installer | 2023-02-24 | N/A | 7.5 HIGH |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | |||||
| CVE-2023-0861 | 1 Netmodule | 1 Netmodule Router Software | 2023-02-24 | N/A | 8.8 HIGH |
| NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. This issue affects NSRW: from 4.3.0.0 before 4.3.0.119, from 4.4.0.0 before 4.4.0.118, from 4.6.0.0 before 4.6.0.105, from 4.7.0.0 before 4.7.0.103. | |||||
| CVE-2023-0662 | 1 Php | 1 Php | 2023-02-24 | N/A | 7.5 HIGH |
| In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. | |||||
| CVE-2023-0850 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2023-02-24 | N/A | 7.5 HIGH |
| A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221153 was assigned to this vulnerability. | |||||
| CVE-2023-0849 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2023-02-24 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221152. | |||||
| CVE-2023-0848 | 1 Netgear | 2 Wndr3700, Wndr3700 Firmware | 2023-02-24 | N/A | 7.5 HIGH |
| A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221147. | |||||
| CVE-2023-25192 | 1 Ami | 1 Megarac Sp-x | 2023-02-24 | N/A | 5.3 MEDIUM |
| AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. | |||||
| CVE-2022-40016 | 1 Media-server Project | 1 Media-server | 2023-02-24 | N/A | 7.5 HIGH |
| Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service. | |||||
| CVE-2023-22855 | 1 Kardex | 1 Kardex Control Center | 2023-02-24 | N/A | 9.8 CRITICAL |
| Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code. | |||||
| CVE-2023-25191 | 1 Ami | 1 Megarac Sp-x | 2023-02-24 | N/A | 7.5 HIGH |
| AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The fixed versions are SPx_12-update-7.00 and SPx_13-update-5.00. | |||||
| CVE-2020-23226 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2023-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. | |||||
| CVE-2022-46892 | 1 Amperecomputing | 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more | 2023-02-24 | N/A | 9.8 CRITICAL |
| In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex. | |||||
| CVE-2021-3671 | 3 Debian, Netapp, Samba | 5 Debian Linux, Management Services For Element Software, Management Services For Netapp Hci and 2 more | 2023-02-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An authenticated user could use this flaw to crash the samba server. | |||||
| CVE-2021-28021 | 3 Debian, Fedoraproject, Stb Project | 3 Debian Linux, Fedora, Stb | 2023-02-24 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. | |||||
| CVE-2022-45586 | 1 Xpdfreader | 1 Xpdf | 2023-02-24 | N/A | 5.5 MEDIUM |
| Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. | |||||