Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24150 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-24154 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | |||||
| CVE-2023-24156 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-0685 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.. | |||||
| CVE-2023-0684 | 1 Wickedplugins | 1 Wicked Folders | 2023-02-09 | N/A | 4.3 MEDIUM |
| The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin. | |||||
| CVE-2023-23087 | 1 Mojojson Project | 1 Mojojson | 2023-02-09 | N/A | 9.8 CRITICAL |
| An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function. | |||||
| CVE-2023-24157 | 1 Totolink | 2 T8, T8 Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | |||||
| CVE-2023-0638 | 1 Trendnet | 2 Tew-811dru, Tew-811dru Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-0639 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2023-02-09 | N/A | 6.1 MEDIUM |
| A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. | |||||
| CVE-2023-0640 | 1 Trendnet | 2 Tew-652brp, Tew-652brp Firmware | 2023-02-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020. | |||||
| CVE-2022-43665 | 1 Estsoft | 1 Alyac | 2023-02-09 | N/A | 5.5 MEDIUM |
| A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-34138 | 1 Biltema | 4 Baby Camera, Baby Camera Firmware, Ip Camera and 1 more | 2023-02-09 | N/A | 7.5 HIGH |
| Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. | |||||
| CVE-2022-48074 | 1 Nomachine | 1 Nomachine | 2023-02-09 | N/A | 5.3 MEDIUM |
| An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. | |||||
| CVE-2023-0124 | 1 Deltaww | 1 Dopsoft | 2023-02-09 | N/A | 7.8 HIGH |
| Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | |||||
| CVE-2023-0123 | 1 Deltaww | 1 Dopsoft | 2023-02-09 | N/A | 7.8 HIGH |
| Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | |||||
| CVE-2022-4634 | 1 Deltaww | 2 Cncsoft, Screeneditor | 2023-02-09 | N/A | 7.8 HIGH |
| All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2022-3625 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-02-09 | N/A | 7.8 HIGH |
| A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability. | |||||
| CVE-2017-5547 | 1 Linux | 1 Linux Kernel | 2023-02-09 | 7.2 HIGH | 7.8 HIGH |
| drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist. | |||||
| CVE-2017-7187 | 1 Linux | 1 Linux Kernel | 2023-02-09 | 7.2 HIGH | 7.8 HIGH |
| The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through 4.10.4 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. | |||||
| CVE-2017-7184 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-02-09 | 7.2 HIGH | 7.8 HIGH |
| The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52. | |||||