Export limit exceeded: 21069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21069 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5494 | 1 Byzoro | 2 Smart S45f, Smart S45f Firmware | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-241646 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5372 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2024-11-21 | 7.2 High |
| The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands by sending a crafted query parameter attached to the URL of an affected device’s web management interface. | ||||
| CVE-2023-5301 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 4.7 Medium |
| A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940. | ||||
| CVE-2023-5180 | 1 Opendesign | 1 Drawings Sdk | 2024-11-21 | 7.8 High |
| An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. A corrupted value of number of sectors used by the Fat structure in a crafted DGN file leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process. | ||||
| CVE-2023-5055 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.3 High |
| Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. | ||||
| CVE-2023-5037 | 1 Hanwhavision | 366 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 363 more | 2024-11-21 | 7.2 High |
| badmonkey, a Security Researcher has found a flaw that allows for a authenticated command injection on the camera. An attacker could inject malicious into request packets to execute command. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2023-52314 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | 9.6 Critical |
| PaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system. | ||||
| CVE-2023-52309 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | 8.2 High |
| Heap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | ||||
| CVE-2023-52277 | 1 Royalapps | 1 Royaltsx | 2024-11-21 | 7.8 High |
| Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing in RAPortCheck.createNWConnection. | ||||
| CVE-2023-52174 | 1 Xnview | 1 Xnview Classic | 2024-11-21 | 9.8 Critical |
| XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. | ||||
| CVE-2023-52173 | 1 Xnview | 1 Xnview Classic | 2024-11-21 | 9.8 Critical |
| XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. | ||||
| CVE-2023-51961 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. | ||||
| CVE-2023-51958 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. | ||||
| CVE-2023-51957 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. | ||||
| CVE-2023-51136 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. | ||||
| CVE-2023-51135 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. | ||||
| CVE-2023-51133 | 1 Totolink | 2 X2000r, X2000r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. | ||||
| CVE-2023-51102 | 1 Tenda | 2 W9, W9 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet. | ||||
| CVE-2023-51100 | 1 Tenda | 2 W9, W9 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . | ||||
| CVE-2023-51099 | 1 Tenda | 2 W9, W9 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | ||||