11233 matches found
CVE-2023-52028
TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the setTracerouteCfg function...
CVE-2023-52030
The CVE-2023-52030 issue affects TOTOLINK A3700R, specifically v9.1.2u.5822_B20200513, where the setOpModeCfg function permits remote command execution (RCE). Public sources describe a command-injection path through setOpModeCfg, enabling arbitrary command execution on the device. The vulnerabili...
CVE-2023-52031
The CVE-2023-52031 issue affects TOTOLINK A3700R v9.1.2u.5822_B20200513. The root cause is a failure to properly filter characters/commands in the UploadFirmwareFile method, enabling an attacker to perform arbitrary command execution (RCE). Multiple sources corroborate a command injection path in...
CVE-2023-52032
CVE-2023-52032 affects TOTOLINK EX1200T (firmware v4.1.2cu.5232_B20210713). Multiple sources describe a remote command execution via the main() function , caused by improper filtering of constructed command characters. Reported as a command injection/RCE vulnerability with potential for arbitrary...
CVE-2023-52028
CVE-2023-52028 affects TOTOLINK A3700R devices (v9.1.2u.5822_B20200513). The vulnerability is a remote command execution via the setTracerouteCfg function, stemming from insufficient filtering of constructed command characters, allowing an attacker to execute arbitrary commands remotely. Public d...
Patch now! First patch Tuesday of 2024 is here
Microsoft has issued patches for 48 security vulnerabilities in the first Patch Tuesday of 2024. With a relatively low number of patches—and only two of them critical—this makes it a relatively quiet month, which is certainly not the norm in January. The Common Vulnerabilities and Exposures CVE...
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...
GHSA-449P-3H89-PW88 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Impact A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the...
CVE-2023-48266
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...
CVE-2023-48262
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...
CVE-2023-48263
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...
CVE-2023-48257
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution RCE with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticate...
CVE-2023-48266
CVE-2023-48266 affects Bosch Nexo devices (notably NEXO-OS) and is described across sources as an unauthenticated, remote DoS vector with potential RCE via a crafted network request. The root cause is a stack-based buffer overflow in NEXO-OS. Exploitation status is not detailed in the provided do...
CVE-2023-48266
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...
CVE-2023-48265
CVE-2023-48265 affects Bosch Nexo Cordless Nutrunner (and related NEXO OS components) with an unauthenticated remote attacker able to trigger a DoS or, potentially, remote code execution via a crafted network request. The connected sources confirm a stack-related overflow/vector in the NEXO OS st...
CVE-2023-48264
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...
CVE-2023-48264
CVE-2023-48264 affects Bosch Nexo cordless nutrunner family. Connected sources describe an unauthenticated remote attacker exploit leveraging a stack-buffer overflow via a crafted network request, causing DoS and potentially remote code execution. The issue is tied to Bosch’s Nexo line (including...
CVE-2023-48263
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service DoS attack or, possibly, obtain Remote Code Execution RCE via a crafted network request...
CVE-2023-48263
CVE-2023-48263 affects Bosch Nexo cordless nutrunner family. A buffer overflow in dynamic memory reportedly enables an unauthenticated remote attacker to perform a DoS and, possibly, obtain RCE via a crafted network request. Public details in connected sources indicate affected versions are not s...
CVE-2023-48262
CVE-2023-48262 relates to Bosch Nexo cordless nutrunner devices. Connected sources specify a buffer overflow in the NEXO-OS stack that can be exploited by an unauthenticated, remote attacker to cause a Denial-of-Service and, potentially, Remote Code Execution via a crafted network request. The vu...