Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23466 | 1 Teler Project | 1 Teler | 2022-12-09 | N/A | 5.4 MEDIUM |
| teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting (XSS) in the teler dashboard. When teler requests messages from the event stream on the `/events` endpoint, the log data displayed on the dashboard are not sanitized. This only affects authenticated users and can only be exploited based on detected threats if the log contains a DOM scripting payload. This vulnerability has been fixed on version `v2.0.0-rc.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2017-16343 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-09 | 8.0 HIGH | 9.9 CRITICAL |
| An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow. | |||||
| CVE-2017-16347 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-09 | 8.0 HIGH | 9.9 CRITICAL |
| An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow. | |||||
| CVE-2017-16344 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-09 | 8.0 HIGH | 9.9 CRITICAL |
| An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the s_url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. The destination can also be shifted by using an sn_speaker parameter between "0" and "3". | |||||
| CVE-2017-16342 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-09 | 8.0 HIGH | 9.9 CRITICAL |
| An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c254 the value for the s_vol_dim_delta key is copied using strcpy to the buffer at 0xa0000514. This buffer is 4 bytes large, sending anything longer will cause a buffer overflow. | |||||
| CVE-2017-16340 | 1 Insteon | 2 Hub, Hub Firmware | 2022-12-09 | 8.0 HIGH | 9.9 CRITICAL |
| An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c0e8 the value for the s_dport key is copied using strcpy to the buffer at 0xa000180c. This buffer is 6 bytes large, sending anything longer will cause a buffer overflow. | |||||
| CVE-2022-45525 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the downaction parameter at /goform/CertListInfo. | |||||
| CVE-2022-45524 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the opttype parameter at /goform/IPSECsave. | |||||
| CVE-2022-45520 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/qossetting. | |||||
| CVE-2022-45519 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the Go parameter at /goform/SafeMacFilter. | |||||
| CVE-2022-45518 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SetIpBind. | |||||
| CVE-2022-45523 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/L7Im. | |||||
| CVE-2022-45522 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeClientFilter. | |||||
| CVE-2022-45521 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/SafeUrlFilter. | |||||
| CVE-2022-45517 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer. | |||||
| CVE-2022-45516 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the page parameter at /goform/NatStaticSetting. | |||||
| CVE-2022-45510 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the mit_ssid_index parameter at /goform/AdvSetWrlsafeset. | |||||
| CVE-2022-45509 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the account parameter at /goform/addUserName. | |||||
| CVE-2022-45508 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the new_account parameter at /goform/editUserName. | |||||
| CVE-2022-45507 | 1 Tenda | 2 W30e, W30e Firmware | 2022-12-09 | N/A | 7.5 HIGH |
| Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow via the editNameMit parameter at /goform/editFileName. | |||||