Lucene search
+L

261 matches found

cve
cve
added 2023/05/08 12:33 p.m.54 views

CVE-2023-2573

The CVE-2023-2573 issue affects Advantech EKI-1521/1522/1524 devices up to firmware 1.21. The vulnerability is a command injection in the NTP server input field that can be triggered by authenticated users via a crafted POST request, exposing confidentiality, integrity, and availability (CVSS v3....

8.8CVSS8.7AI score0.04751EPSS
Exploits3References6Affected Software1
cvelist
cvelist
added 2023/05/08 12:33 p.m.30 views

CVE-2023-2573 Authenticated Command Injection

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request...

8.8CVSS8.8AI score0.04751EPSS
Exploits3References6
osv
osv
added 2023/04/28 9:15 p.m.6 views

CVE-2023-2391

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=timezone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site...

4.8CVSS3.7AI score0.00649EPSS
Exploits1References3
redhatcve
redhatcve
added 2023/04/13 1:31 p.m.57 views

CVE-2023-26554

An out-of-bounds write flaw was found in the ntp package. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

5.6CVSS5.5AI score0.00645EPSS
Exploits0References4
redhatcve
redhatcve
added 2023/04/13 1:31 p.m.43 views

CVE-2023-26553

An out-of-bounds write flaw was found in the ntp package. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

5.6CVSS5.5AI score0.00703EPSS
Exploits0References4
redhatcve
redhatcve
added 2023/04/13 1:31 p.m.44 views

CVE-2023-26552

An out-of-bounds write flaw was found in the ntp package. A remote attacker may trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

5.6CVSS5.5AI score0.00645EPSS
Exploits0References4
redhatcve
redhatcve
added 2023/04/13 1:0 p.m.56 views

CVE-2023-26551

An out-of-bounds write flaw was found in the ntp package. A remote attacker can trigger this vulnerability by sending malicious data packets to the ntp server. An adversary may be able to attack a client ntpq process, but cannot attack ntpd...

5.6CVSS5.5AI score0.0067EPSS
Exploits0References4
f5
f5
added 2023/02/21 6:15 p.m.40 views

K17527: NTP vulnerability CVE-2015-7705

Security Advisory Description The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. CVE-2015-7705 Impact An attacker with the ability to spoof multiple client requests may be able to...

9.8CVSS6.6AI score0.12351EPSS
Exploits0Affected Software20
oraclelinux
oraclelinux
added 2022/11/15 12:0 a.m.44 views

dnsmasq security and bug fix update

2.79-24 - Prevent endless loop in forwardquery 2120357 2.79-23 - Add IPv6 ntp-server suboptions support 2049691 2.79-22 - Prevent use after free in dhcp6norelay CVE-2022-0934...

7.5CVSS0.6AI score0.01499EPSS
Exploits0
prion
prion
added 2022/10/13 7:15 p.m.19 views

Command injection

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the systemtimetimezone parameter at function SetNTPServerSettings...

6.5CVSS9AI score0.02729EPSS
Exploits1References2Affected Software3
vulnrichment
vulnrichment
added 2022/10/13 12:0 a.m.9 views

CVE-2022-42160

D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the systemtimetimezone parameter at function SetNTPServerSettings...

9AI score0.02729EPSS
Exploits1References2
osv
osv
added 2022/05/02 2:15 p.m.7 views

CVE-2022-28573

D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the systemtimetimezone parameter...

9.8CVSS7.5AI score0.27462EPSS
Exploits1References2
cve
cve
added 2022/05/02 1:6 p.m.76 views

CVE-2022-28573

CVE-2022-28573 concerns D-Link DIR-823-Pro firmware v1.0.2 where the vulnerable function is SetNTPserverSeting(). The issue allows an attacker to trigger a command injection via the system_time_timezone parameter, enabling arbitrary command execution. Multiple connected sources (NVD, Red Hat, CVE...

10CVSS9.9AI score0.27462EPSS
Exploits1References2Affected Software1
attackerkb
attackerkb
added 2022/03/18 9:15 p.m.4 views

CVE-2022-25457

Tenda AC6 v15.03.05.09multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function...

10CVSS7.2AI score0.01665EPSS
Exploits1References2
osv
osv
added 2022/03/15 10:15 p.m.5 views

CVE-2022-27000

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the hprimaryntpserver, hbackupntpserver, and htimezone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.8CVSS7.5AI score0.03453EPSS
Exploits1References1
cve
cve
added 2022/03/15 9:56 p.m.81 views

CVE-2022-27000

Arris TR3300 v1.0.13 is affected by a command-injection vulnerability in the time and time zone function, exploitable via h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. The issue allows arbitrary command execution and is described across multiple sources (NVD/Red Hat/CNVD/...

10CVSS9.8AI score0.03453EPSS
Exploits1References1Affected Software1
attackerkb
attackerkb
added 2022/03/10 5:47 p.m.3 views

CVE-2022-25555

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service DoS via the ntpServer parameter...

7.8CVSS5.5AI score0.01219EPSS
Exploits1References2
osv
osv
added 2021/09/17 8:15 p.m.5 views

CVE-2021-41383

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...

7.2CVSS7.3AI score0.01601EPSS
Exploits1References1
cvelist
cvelist
added 2021/09/17 7:53 p.m.28 views

CVE-2021-41383

setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...

7.6AI score0.01601EPSS
Exploits1References1
cve
cve
added 2021/09/17 7:53 p.m.65 views

CVE-2021-41383

CVE-2021-41383 affects NETGEAR R6020 router firmware 1.0.0.48. Vulnerability arises from lack of validation/filtering in setup.cgi ntp_server field, allowing an administrator to inject shell commands and execute arbitrary commands on the device. Exploitation details are not provided in the availa...

9CVSS7.4AI score0.01601EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder