Lucene search
K

343 matches found

Cvelist
Cvelist
added 2024/05/03 2:14 a.m.19 views

CVE-2023-50211 D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link G416 httpd API-AUTH Timestamp Processing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this...

8.8CVSS9.2AI score0.00637EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/03 2:14 a.m.37 views

CVE-2023-44448 TP-Link Archer A54 libcmm.so dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability

TP-Link Archer A54 libcmm.so dmfillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A54 routers. Authentication is required to exploit this...

6.8CVSS7.3AI score0.00583EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 2:13 a.m.62 views

CVE-2023-44404

CVE-2023-44404 affects D-Link DAP-1325: a stack-based buffer overflow in get_value_from_app via the HNAP1 SOAP endpoint handling of XML data. The flaw is due to insufficient validation of user-supplied data length before copying to a fixed-length stack buffer, allowing network-adjacent attackers ...

8.8CVSS9AI score0.0075EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/03 2:12 a.m.67 views

CVE-2023-41218

The CVE-2023-41218 entry details a stack-based buffer overflow in D-Link DIR-3040 Prog.cgi (SetWan3Settings) vulnerable when processing HNAP requests to the lighttpd webserver on ports 80/443. The flaw stems from insufficient validation of a user-supplied string copied into a fixed-size stack buf...

6.8CVSS7.2AI score0.00705EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/05/03 1:59 a.m.56 views

CVE-2023-39461

Product and vulnerability context: Triangle MicroWorks SCADA Data Gateway. The issue is an arbitrary file write vulnerability in the handling of event logs, caused by improper sanitization of log output. The weakness can allow an attacker to write arbitrary files and, in combination with other vu...

4.4CVSS5AI score0.01028EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/03 1:58 a.m.21 views

CVE-2023-37326 D-Link DAP-2622 DDP Set Wireless Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set Wireless Info Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.00637EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/03 1:58 a.m.13 views

CVE-2023-37318 D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Secondary DNS Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS7.8AI score0.00637EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/03 1:58 a.m.17 views

CVE-2023-37316 D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability

D-Link DAP-2622 DDP Set IPv6 Address Default Gateway Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

8.8CVSS9.1AI score0.00637EPSS
Exploits0References2
CVE
CVE
added 2024/05/03 1:57 a.m.61 views

CVE-2023-35744

The CVE-2023-35744 entry concerns D-Link DAP-2622 devices with a stack-based buffer overflow in the DDP Configuration Restore Server’s IPv6 address handling. The flaw arises from inadequate validation of user-supplied data length before copying to a fixed-length stack buffer, enabling network-adj...

8.8CVSS9.1AI score0.02447EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/05/03 1:57 a.m.27 views

CVE-2023-34281 D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability

D-Link DIR-2150 GetFirmwareStatus Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, t...

6.8CVSS7.5AI score0.0176EPSS
Exploits0References1
CVE
CVE
added 2024/05/03 1:56 a.m.315 views

CVE-2023-32154

CVE-2023-32154 affects MikroTik RouterOS and its Router Advertisement Daemon (RADVD). The vulnerability is an out-of-bounds write caused by insufficient validation of user-supplied data, enabling network-adjacent attackers to execute code with root privileges. Exploitation requires no authenticat...

7.5CVSS7.9AI score0.0061EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/04/27 11:15 p.m.4 views

CVE-2022-48685

An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file cleansecbioldlogs is writable by all users and is executed as root, leading to privilege escalation...

7.7CVSS5.2AI score0.00166EPSS
Exploits0References2
CVE
CVE
added 2024/04/27 12:0 a.m.53 views

CVE-2022-48685

Logpoint 7.1 before 7.1.2 exposes a privilege-escalation issue: the daily cron file clean_secbi_old_logs is writable by all users and runs as root. Affected: Logpoint before 7.1.2. Impact: local privilege escalation. Mitigation: upgrade to 7.1.2 or later; as a temporary workaround, restrict permi...

7.7CVSS6.8AI score0.00166EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/27 12:0 a.m.5 views

PT-2024-11776 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions 7.1 through 7.1.1 Logpoint version 7.1.2 is not affected, so the range can be simplified to versions prior to 7.1.2. Description: An issue was discovered in Logpoint where the daily executed cron file clean secbi old logs is...

7.7CVSS7.2AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2024/03/31 2:15 a.m.5 views

CVE-2023-46808

An file upload vulnerability in Ivanti ITSM before 2023.4, allows an authenticated remote user to perform file writes to the server. Successful exploitation may lead to execution of commands in the context of non-root user...

9.9CVSS5.9AI score0.02001EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/02/09 12:0 a.m.30 views

X.Org Server DisableDevice Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DisableDevice...

7.8CVSS7.5AI score0.0142EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2024/02/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2019-15846

Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash...

10CVSS7.8AI score0.35736EPSS
Exploits3References1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.2 views

VulnCheck KEV: CVE-2020-17505

Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform...

9CVSS7.3AI score0.82165EPSS
Exploits4References1
OSV
OSV
added 2024/01/01 6:15 p.m.33 views

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

8.8CVSS9AI score0.1354EPSS
Exploits2References8
CNNVD
CNNVD
added 2023/11/01 12:0 a.m.2 views

Red Hat Insights Security Vulnerabilities

Red Hat Insights is a data collection and analytics framework from Red Hat, built for scalability and rapid development. Red Hat Insights has a security vulnerability that stems from the presence of a local elevation of privilege vulnerability. An attacker can exploit the vulnerability by creatin...

7.8CVSS7.1AI score0.00257EPSS
Exploits0References10
Rows per page
Query Builder