Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-47115 | 1 Tenda | 2 A15, A15 Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. | |||||
| CVE-2022-46589 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_option parameter in the tools_netstat (sub_41E730) function. | |||||
| CVE-2022-46588 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | |||||
| CVE-2022-46586 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the qcawifi.wifi%d_vap%d.maclist parameter in the kick_ban_wifi_mac_allow (sub_415B00) function. | |||||
| CVE-2022-46594 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the update_file_name parameter in the auto_up_fw (sub_420A04) function. | |||||
| CVE-2022-46593 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the do_sta_enrollee_wifi function. | |||||
| CVE-2022-46592 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the set_sta_enrollee_pin_5g function. | |||||
| CVE-2022-46591 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the reject_url parameter in the reject (sub_41BD60) function. | |||||
| CVE-2022-46590 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.netstat_rsname parameter in the tools_netstat (sub_41E730) function. | |||||
| CVE-2022-46596 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the del_num parameter in the icp_delete_img (sub_41DEDC) function. | |||||
| CVE-2022-46598 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_5g function. | |||||
| CVE-2022-46597 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a command injection vulnerability via the sys_service parameter in the setup_wizard_mydlink (sub_4104B8) function. | |||||
| CVE-2022-46600 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_24g function. | |||||
| CVE-2022-46599 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2023-01-04 | N/A | 9.8 CRITICAL |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the setlogo_num parameter in the icp_setlogo_img (sub_41DBF4) function. | |||||
| CVE-2022-23544 | 1 Metersphere | 1 Metersphere | 2023-01-04 | N/A | 6.1 MEDIUM |
| MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in `IssueProxyResourceService::getMdImageByUrl` allows an attacker to access internal resources, as well as executing JavaScript code in the context of Metersphere's origin by a victim of a reflected XSS. This vulnerability has been fixed in v2.5.0. There are no known workarounds. | |||||
| CVE-2021-38561 | 1 Golang | 1 Text | 2023-01-04 | N/A | 7.5 HIGH |
| golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack. | |||||
| CVE-2021-44856 | 1 Mediawiki | 1 Mediawiki | 2023-01-04 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value. | |||||
| CVE-2022-41767 | 1 Mediawiki | 1 Mediawiki | 2023-01-04 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup. | |||||
| CVE-2021-39369 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2023-01-04 | N/A | 6.5 MEDIUM |
| In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root. | |||||
| CVE-2022-44015 | 1 Simmeth | 1 Lieferantenmanager | 2023-01-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure. | |||||