CVE-2023-50219

CVE-2023-50219 affects Inductive Automation Ignition, specifically the RunQuery deserialization pathway. The flaw permits deserialization of untrusted data due to inadequate validation in the RunQuery class, enabling remote code execution with SYSTEM privileges. Authentication is required to expl...

CVE-2023-50218

CVE-2023-50218 affects Inductive Automation Ignition, specifically the ModuleInvoke class, where unvalidated user-supplied data can be deserialized, enabling remote code execution with SYSTEM privileges. The vulnerability is network-accessible (attack vector: NETWORK) with low initial access requ...

CVE-2023-44448 TP-Link Archer A54 libcmm.so dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability

TP-Link Archer A54 libcmm.so dmfillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A54 routers. Authentication is required to exploit this...

CVE-2023-44412

The CVE-2023-44412 issue affects D-Link D-View’s addDv7Probe function, where improper restriction of XML External Entity (XXE) references allows an unauthenticated attacker to cause the XML parser to access a crafted URI and embed its contents, enabling information disclosure in the SYSTEM contex...

CVE-2023-42130 A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability

A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability. This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2023-42130

The CVE-2023-42130 issue affects A10 Thunder ADC, specifically the FileMgmtExport class, where improper validation of a user-supplied path enables a directory traversal that can read and delete arbitrary files. The vulnerability context is authenticated use, with the impact described as read/dele...

CVE-2023-42129 A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability

A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw...

CVE-2023-42129

CVE-2023-42129 affects A10 Networks’ Thunder ADC ; the vulnerability is in the ShowTechDownloadView class, caused by a lack of validation for a user-supplied path used in file operations. This directory traversal could allow an attacker to disclose sensitive information with authentication requir...

CVE-2023-42120

CVE-2023-42120 affects Control Web Panel via the dns_zone_editor module, where improper validation of a user-supplied string before a system call enables remote code execution with root privileges. Impact is high (RCE, root, network exploit) and requires authentication to exploit. The entry is co...

CVE-2023-41226

Summary of CVE-2023-41226 (D-Link DIR-3040): The vulnerability is a stack-based overflow in the prog.cgi binary that handles HNAP requests to the lighttpd webserver (ports 80/443). Lack of proper validation of a user-supplied string allows a network-adjacent attacker to trigger a remote code exec...

CVE-2023-41227 D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-41223 D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-41223

D-Link DIR-3040: prog.cgi SetQuickVPNSettings PSK stack-based buffer overflow allows network-adjacent attackers to execute code with root privileges via HNAP requests to lighttpd on ports 80/443. Root cause: improper validation/copy to a fixed-size stack buffer in the PSK handling. Affected versi...

CVE-2023-41220 D-Link DIR-3040 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

D-Link DIR-3040 prog.cgi SetSysEmailSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this...

CVE-2023-41218

The CVE-2023-41218 entry details a stack-based buffer overflow in D-Link DIR-3040 Prog.cgi (SetWan3Settings) vulnerable when processing HNAP requests to the lighttpd webserver on ports 80/443. The flaw stems from insufficient validation of a user-supplied string copied into a fixed-size stack buf...

CVE-2023-40507

The provided sources confirm a concrete vulnerability in LG Simple Editor: an XML External Entity (XXE) handling flaw in the copyContent command. A crafted document with a URI causes the XML parser to fetch the URI and embed its contents back into the XML, allowing a remote attacker to disclose i...

CVE-2023-40493 LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability

LG Simple Editor copySessionFolder Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists...

CVE-2023-39473

The CVE-2023-39473 entry concerns Inductive Automation Ignition's AbstractGatewayFunction deserialization vulnerability. The flaw stems from insufficient validation of user-supplied data, enabling deserialization of untrusted input and remote code execution. Exploitation requires authentication a...

CVE-2023-38124 Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

CVE-2023-35728

CVE-2023-35728 affects D-Link DAP-2622 routers. The root cause is a stack-based buffer overflow in the DDP service caused by inadequate validation of user-supplied data length before copying to a fixed-length stack buffer. This leads to remote code execution in the root context with network-adjac...