Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24165 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter. | |||||
| CVE-2022-24164 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter. | |||||
| CVE-2022-24169 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter. | |||||
| CVE-2022-24168 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters. | |||||
| CVE-2022-24121 | 2 Centos, Unifiedoffice | 2 Centos, Total Connect Now | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter. | |||||
| CVE-2022-24167 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter. | |||||
| CVE-2021-32024 | 1 Blackberry | 1 Qnx Software Development Platform | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process. | |||||
| CVE-2021-45994 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter. | |||||
| CVE-2022-24172 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter. | |||||
| CVE-2021-45991 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter. | |||||
| CVE-2021-45989 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters. | |||||
| CVE-2022-24171 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters. | |||||
| CVE-2022-24170 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters. | |||||
| CVE-2021-45988 | 1 Tendacn | 4 G1, G1 Firmware, G3 and 1 more | 2022-02-08 | 7.8 HIGH | 7.5 HIGH |
| Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter. | |||||
| CVE-2020-27978 | 1 Shibboleth | 1 Identity Provider | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session. | |||||
| CVE-2021-42640 | 1 Printerlogic | 1 Web Stack | 2022-02-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to reassign drivers for any printer. | |||||
| CVE-2022-23873 | 1 Victor Cms Project | 1 Victor Cms | 2022-02-08 | 6.5 MEDIUM | 8.8 HIGH |
| Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'user_firstname' parameter. | |||||
| CVE-2021-42641 | 1 Printerlogic | 1 Web Stack | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users. | |||||
| CVE-2021-42642 | 1 Printerlogic | 1 Web Stack | 2022-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the plaintext console username and password for a printer. | |||||
| CVE-2021-42639 | 1 Printerlogic | 1 Web Stack | 2022-02-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization. | |||||