Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-34123 An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39001 A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a cra... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-23757 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39023 university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploite... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-27603 In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path,Β This is a Zip Slip issue, which will lead to aΒ potential RCE vulnerability. We recommen... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39022 oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an uncheck... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33308 A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remo... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39021 wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unc... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39004 Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39020 stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39018 FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argumen... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39017 quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39010 BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38992 jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37754 PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39015 webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39013 Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37214 Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-31465 An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38604 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40041 TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to cont... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38598 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40042 TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37285 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be a... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-36495 An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ve... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37714 Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37715 Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37716 Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fr... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37717 Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fr... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37718 Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37719 Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37721 Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37722 Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37723 Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-34425 The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ve... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-51050 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38942 Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-27523 An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37384 RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-32090 Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47532 FileRun 20220519 allows SQL Injection via the "dir" parameter in a /?module=users§ion=cpanel&page=list request. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37791 D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33745 TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (withou... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33744 TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-33743 TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-47003 An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38336 netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-39122 BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37793 WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-37794 WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.