Lucene search
K

16601 matches found

Cvelist
Cvelist
added 2023/07/06 2:53 p.m.32 views

CVE-2023-22653

An OS command injection vulnerability exists in the vtyshubus tcpdumpstartcb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS9AI score0.06834EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.37 views

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS9AI score0.01285EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.7 views

CVE-2023-25123

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.3AI score0.01318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.19 views

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

8.8CVSS7AI score0.01285EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.13 views

CVE-2023-25123

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.13 views

CVE-2023-25124

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8AI score0.01405EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.44 views

CVE-2023-25123

Milesight UR32L v32.3.0.5 is affected by CVE-2023-25123 due to multiple buffer overflow vulnerabilities in the vtysh_ubus binary. The root cause is an unsafe sprintf usage that concatenates user-controlled data into vtysh_command_buffer, triggered through high-privilege HTTP requests to the OpenV...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/06 2:53 p.m.40 views

CVE-2023-24018

CVE-2023-24018 affects Milesight UR32L v32.3.0.5. Talos reports a stack-based buffer overflow in the libzebra.so.0.0.0 security_decrypt_password function used to decrypt user passwords during configuration (e.g., via the yruo_usermanagement path). The vulnerability arises from decrypting an arbit...

8.8CVSS9AI score0.01285EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.21 views

CVE-2023-25124

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01405EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.7 views

CVE-2023-25120

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.37 views

CVE-2023-25118

CVE-2023-25118 affects Milesight UR32L v32.3.0.5. The issue stems from multiple buffer overflow vulnerabilities in the vtysh_ubus binary, caused by using an unsafe sprintf pattern when handling user-controlled data (e.g., username/password) in OpenVPN-related functions. A specially crafted HTTP r...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.10 views

CVE-2023-25122

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.6AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.21 views

CVE-2023-25121

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.9 views

CVE-2023-25112

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.3AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.15 views

CVE-2023-25120

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.18 views

CVE-2023-25118

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.8AI score0.01318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.12 views

CVE-2023-25114

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.25 views

CVE-2023-25112

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.57 views

CVE-2023-25121

CVE-2023-25121 affects Milesight UR32L v32.3.0.5. The vulnerability is a buffer overflow in the vtysh_ubus binary caused by unsafe sprintf usage with the secrets_local variable in set_ike_profile, allowing an unauthenticated attacker with high privileges to trigger via crafted HTTP requests and e...

7.2CVSS7.4AI score0.01318EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.11 views

CVE-2023-25116

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References1
Rows per page
Query Builder