Lucene search

K

Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX2 Series, Jetson TX2 NX Security Vulnerabilities

cve
cve

CVE-2023-49913

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.8AI Score

0.0004EPSS

2024-04-09 03:15 PM
23
cve
cve

CVE-2023-49910

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.8AI Score

0.0005EPSS

2024-04-09 03:15 PM
23
nvd
nvd

CVE-2023-49906

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.4AI Score

0.0005EPSS

2024-04-09 03:15 PM
nvd
nvd

CVE-2023-49133

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests...

8.1CVSS

8.3AI Score

0.001EPSS

2024-04-09 03:15 PM
cve
cve

CVE-2023-49907

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.8AI Score

0.0005EPSS

2024-04-09 03:15 PM
24
cve
cve

CVE-2023-49134

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests...

8.1CVSS

8.2AI Score

0.001EPSS

2024-04-09 03:15 PM
24
nvd
nvd

CVE-2023-49907

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.4AI Score

0.0005EPSS

2024-04-09 03:15 PM
nvd
nvd

CVE-2023-49908

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.4AI Score

0.0005EPSS

2024-04-09 03:15 PM
nvd
nvd

CVE-2023-49134

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests...

8.1CVSS

8.3AI Score

0.001EPSS

2024-04-09 03:15 PM
cve
cve

CVE-2023-49906

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.8AI Score

0.0005EPSS

2024-04-09 03:15 PM
25
cve
cve

CVE-2023-49133

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests...

8.1CVSS

8.2AI Score

0.001EPSS

2024-04-09 03:15 PM
27
cve
cve

CVE-2023-49908

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.8AI Score

0.0005EPSS

2024-04-09 03:15 PM
26
nvd
nvd

CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...

7.4CVSS

7.3AI Score

0.0005EPSS

2024-04-09 03:15 PM
cve
cve

CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...

7.4CVSS

7.8AI Score

0.0005EPSS

2024-04-09 03:15 PM
25
nvd
nvd

CVE-2023-6320

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this...

9.1CVSS

9.3AI Score

0.0004EPSS

2024-04-09 02:15 PM
1
cve
cve

CVE-2023-6319

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to...

9.1CVSS

7.2AI Score

0.0004EPSS

2024-04-09 02:15 PM
48
nvd
nvd

CVE-2023-6319

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to...

9.1CVSS

9.3AI Score

0.0004EPSS

2024-04-09 02:15 PM
cve
cve

CVE-2023-6320

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this...

9.1CVSS

7.2AI Score

0.0004EPSS

2024-04-09 02:15 PM
48
nvd
nvd

CVE-2023-6318

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger...

9.1CVSS

9.3AI Score

0.0004EPSS

2024-04-09 02:15 PM
cve
cve

CVE-2023-6318

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger...

9.1CVSS

7.2AI Score

0.0004EPSS

2024-04-09 02:15 PM
47
cvelist
cvelist

CVE-2023-49074

A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of network requests can lead to reset to factory settings. An attacker can send a sequence of unauthenticated...

7.4CVSS

7.5AI Score

0.0005EPSS

2024-04-09 02:12 PM
cvelist
cvelist

CVE-2023-49134

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests...

8.1CVSS

8.5AI Score

0.001EPSS

2024-04-09 02:12 PM
cvelist
cvelist

CVE-2023-49133

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926 and Tp-Link N300 Wireless Access Point (EAP115 V4) v5.0.4 Build 20220216. A specially crafted series of network requests...

8.1CVSS

8.5AI Score

0.001EPSS

2024-04-09 02:12 PM
1
cvelist
cvelist

CVE-2023-49906

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.6AI Score

0.0005EPSS

2024-04-09 02:12 PM
cvelist
cvelist

CVE-2023-49911

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.6AI Score

0.0005EPSS

2024-04-09 02:12 PM
cvelist
cvelist

CVE-2023-49909

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.6AI Score

0.0005EPSS

2024-04-09 02:12 PM
cvelist
cvelist

CVE-2023-49908

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.6AI Score

0.0005EPSS

2024-04-09 02:12 PM
cvelist
cvelist

CVE-2023-49907

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.6AI Score

0.0005EPSS

2024-04-09 02:12 PM
1
cvelist
cvelist

CVE-2023-49910

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.6AI Score

0.0005EPSS

2024-04-09 02:12 PM
cvelist
cvelist

CVE-2023-49913

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.6AI Score

0.0004EPSS

2024-04-09 02:12 PM
cvelist
cvelist

CVE-2023-49912

A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...

7.2CVSS

7.6AI Score

0.0005EPSS

2024-04-09 02:12 PM
cvelist
cvelist

CVE-2023-6320 Command injection in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint

A command injection vulnerability exists in the com.webos.service.connectionmanager/tv/setVlanStaticAddress endpoint on webOS versions 5 and 6. A series of specially crafted requests can lead to command execution as the dbus user. An attacker can make authenticated requests to trigger this...

9.1CVSS

9.4AI Score

0.0004EPSS

2024-04-09 01:43 PM
cvelist
cvelist

CVE-2023-6319 Command injection in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service

A command injection vulnerability exists in the getAudioMetadata method from the com.webos.service.attachedstoragemanager service on webOS version 4 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to...

9.1CVSS

9.5AI Score

0.0004EPSS

2024-04-09 01:42 PM
cvelist
cvelist

CVE-2023-6318 Command injection in the processAnalyticsReport method from the com.webos.service.cloudupload service

A command injection vulnerability exists in the processAnalyticsReport method from the com.webos.service.cloudupload service on webOS version 5 through 7. A series of specially crafted requests can lead to command execution as the root user. An attacker can make authenticated requests to trigger...

9.1CVSS

9.5AI Score

0.0004EPSS

2024-04-09 01:41 PM
malwarebytes
malwarebytes

35-year long identity theft leads to imprisonment for victim

Sometimes the consequences of a stolen identity exceed anything you could have imagined. Matthew David Keirans, a 58-year-old former hospital employee has pleaded guilty to assuming another man’s identity since 1988. He was convicted of one count of making a false statement to a National Credit...

7AI Score

2024-04-09 10:52 AM
10
cvelist
cvelist

CVE-2023-1083 Welotec: improper access control in TK500v1 router series

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware...

9.8CVSS

9.9AI Score

0.001EPSS

2024-04-09 08:25 AM
cvelist
cvelist

CVE-2023-1082 Welotec: Command injection vulnerability in TK500v1 router series

An remote attacker with low privileges can perform a command injection which can lead to root...

8.8CVSS

9.2AI Score

0.001EPSS

2024-04-09 08:25 AM
talos
talos

tddpd enable_test_mode command execution vulnerability

Talos Vulnerability Report TALOS-2023-1862 tddpd enable_test_mode command execution vulnerability April 9, 2024 CVE Number CVE-2023-49133,CVE-2023-49134 SUMMARY A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access...

8.1CVSS

7.9AI Score

0.001EPSS

2024-04-09 12:00 AM
7
nessus
nessus

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2024-12272)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12272 advisory. [5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug:...

8.4AI Score

EPSS

2024-04-09 12:00 AM
23
talos
talos

Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) TDDP denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1861 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) TDDP denial of service vulnerability April 9, 2024 CVE Number CVE-2023-49074 SUMMARY A denial of service vulnerability exists in the TDDP functionality of Tp-Link AC1350 Wireless MU-MIMO...

7.4CVSS

7.6AI Score

0.0005EPSS

2024-04-09 12:00 AM
7
talos
talos

Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface Radio Scheduling stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1888 Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point (EAP225 V3) web interface Radio Scheduling stack-based buffer overflow vulnerability April 9, 2024 CVE Number...

7.2CVSS

8.2AI Score

0.0005EPSS

2024-04-09 12:00 AM
9
thn
thn

Google Sues App Developers Over Fake Crypto Investment App Scam

Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of...

7.1AI Score

2024-04-08 05:25 AM
27
oraclelinux
oraclelinux

Unbreakable Enterprise kernel security update

[5.15.0-205.149.5.1] - KVM: x86: Add BHI_NO (Daniel Sneddon) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Mitigate KVM by default (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Add BHI mitigation knob (Pawan Gupta) [Orabug: 36384802] {CVE-2024-2201} - x86/bhi: Enumerate Branch...

8.2AI Score

EPSS

2024-04-08 12:00 AM
28
rocky
rocky

grafana-pcp security and bug fix update

An update is available for grafana-pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...

7.5CVSS

7.5AI Score

0.0005EPSS

2024-04-05 02:56 PM
12
osv
osv

Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA...

7.5CVSS

7.7AI Score

0.0005EPSS

2024-04-05 02:56 PM
4
jvn
jvn

JVN#82074338: Multiple vulnerabilities in NEC Aterm series

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource (CWE-732) CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control...

8.6AI Score

0.0004EPSS

2024-04-05 12:00 AM
11
nessus
nessus

Rocky Linux 8 : curl (RLSA-2024:1601)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1601 advisory. An information disclosure vulnerability exists in...

6.5CVSS

8.1AI Score

0.001EPSS

2024-04-05 12:00 AM
8
arista
arista

Security Advisory 0094

Security Advisory 0094 PDF Date: April 5, 2024 Revision | Date | Changes ---|---|--- 1.0 | April 3, 2024 | Initial release 1.1 | April 5, 2024 | Update required configuration for exploitation and mitigation Description Arista Networks is providing this security update in response to the...

7.5CVSS

6AI Score

0.005EPSS

2024-04-05 12:00 AM
32
Total number of security vulnerabilities32740