Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24143 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-10 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. | |||||
| CVE-2023-24142 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-10 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. | |||||
| CVE-2023-24141 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-10 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. | |||||
| CVE-2023-0671 | 1 Froxlor | 1 Froxlor | 2023-02-10 | N/A | 8.8 HIGH |
| Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | |||||
| CVE-2023-24140 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-10 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. | |||||
| CVE-2023-24139 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-10 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. | |||||
| CVE-2023-24138 | 1 Totolink | 2 Ca300-poe, Ca300-poe Firmware | 2023-02-10 | N/A | 9.8 CRITICAL |
| TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. | |||||
| CVE-2023-24153 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-10 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2022-3560 | 3 Fedoraproject, Pesign Project, Redhat | 3 Fedora, Pesign, Enterprise Linux | 2023-02-10 | N/A | 5.5 MEDIUM |
| A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. | |||||
| CVE-2023-25014 | 1 In2code | 1 Femanager | 2023-02-10 | N/A | 7.5 HIGH |
| An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users. | |||||
| CVE-2023-25013 | 1 In2code | 1 Femanager | 2023-02-10 | N/A | 7.5 HIGH |
| An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users. | |||||
| CVE-2022-48113 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2023-02-10 | N/A | 9.8 CRITICAL |
| A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. | |||||
| CVE-2022-22549 | 1 Dell | 1 Emc Powerscale Onefs | 2023-02-10 | 6.8 MEDIUM | 8.1 HIGH |
| Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials. | |||||
| CVE-2023-22369 | 2023-02-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-25011. Reason: This candidate is a duplicate of CVE-2023-25011. Notes: All CVE users should reference CVE-2023-25011 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2019-13590 | 1 Sound Exchange Project | 1 Sound Exchange | 2023-02-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. | |||||
| CVE-2023-0637 | 1 Trendnet | 2 Tew-811dru, Tew-811dru Firmware | 2023-02-09 | N/A | 6.5 MEDIUM |
| A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability. | |||||
| CVE-2023-23477 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2023-02-09 | N/A | 9.8 CRITICAL |
| IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. | |||||
| CVE-2023-24198 | 1 Raffle Draw System Project | 1 Raffle Draw System | 2023-02-09 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. | |||||
| CVE-2023-24197 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2023-02-09 | N/A | 6.1 MEDIUM |
| Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. | |||||
| CVE-2021-36426 | 1 Phpwcms | 1 Phpwcms | 2023-02-09 | N/A | 8.8 HIGH |
| File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. | |||||