Lucene search
K

16601 matches found

CVE
CVE
added 2023/07/06 2:53 p.m.45 views

CVE-2023-25101

Milesight UR32L (v32.3.0.5) is affected by CVE-2023-25101 due to buffer overflow in the vtysh_ubus set_dmvpn path (gre_key) caused by unsafe sprintf usage. A high-privilege attacker can trigger via specially crafted HTTP requests to the /vtysh_ubus interface, potentially leading to arbitrary code...

7.2CVSS7.4AI score0.01318EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.12 views

CVE-2023-25101

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.3AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.23 views

CVE-2023-25109

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.25 views

CVE-2023-25110

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.15 views

CVE-2023-25111

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.21 views

CVE-2023-25108

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.13 views

CVE-2023-25102

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.01318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.11 views

CVE-2023-25103

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8AI score0.01318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.10 views

CVE-2023-25110

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.1AI score0.01318EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.56 views

CVE-2023-25102

Milesight UR32L v32.3.0.5 is affected by a set of buffer overflow vulnerabilities in the vtysh_ubus binary, as detailed in TALOS-2023-1716. The root cause is an unsafe sprintf pattern used to compose commands, notably in functions including set_dmvpn, and in various VPN/openvpn related handlers. ...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/06 2:53 p.m.10 views

CVE-2023-25104

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS8.2AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.17 views

CVE-2023-25111

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.19 views

CVE-2023-25107

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.48 views

CVE-2023-25110

Milesight UR32L (v32.3.0.5) is affected by multiple buffer-overflow vulnerabilities in the vtysh_ubus binary caused by unsafe use of sprintf; a specially crafted HTTP request can trigger a remote code-execution path in set_gre and related code paths that format commands via vtysh_command_buffer. ...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/06 2:53 p.m.46 views

CVE-2023-25103

CVE-2023-25103 concerns Milesight UR32L firmware (v32.3.0.5). The Red Hat/Cisco Talos advisories and vendor data describe multiple buffer-overflow vulnerabilities in the vtysh_ubus/DMVPN set_dmvpn code path, triggered by specially crafted HTTP requests. The overflow arises from unsafe use of spri...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.24 views

CVE-2023-25105

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.32 views

CVE-2023-25101

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.22 views

CVE-2023-25102

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/07/06 2:53 p.m.21 views

CVE-2023-25092

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

7.2CVSS7.7AI score0.01318EPSS
Exploits1References1
CVE
CVE
added 2023/07/06 2:53 p.m.54 views

CVE-2023-25099

Milesight UR32L v32.3.0.5 is affected by CVE-2023-25099 due to multiple buffer overflow vulnerabilities in the vtysh_ubus binary triggered by unsafe sprintf usage. The flaws reside in various vtysh_ubus command construction paths (e.g., set_qos, firewall/ACL, VPN and OpenVPN related commands) tha...

7.2CVSS7.5AI score0.01318EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder