Vulnerabilities (CVE)

Total 21356 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4702 1 Yepas 1 Digital Yepas 2023-09-29 N/A 9.1 CRITICAL
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.
CVE-2023-43869 1 Dlink 2 Dir-619l, Dir-619l Firmware 2023-09-29 N/A 9.8 CRITICAL
D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function.
CVE-2023-42462 1 Glpi-project 1 Glpi 2023-09-29 N/A 9.1 CRITICAL
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
CVE-2023-5175 1 Mozilla 1 Firefox 2023-09-29 N/A 9.8 CRITICAL
During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.
CVE-2022-23121 1 Netatalk 1 Netatalk 2023-09-29 N/A 9.8 CRITICAL
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.
CVE-2022-23124 1 Netatalk 1 Netatalk 2023-09-29 N/A 9.8 CRITICAL
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.
CVE-2022-0194 1 Netatalk 1 Netatalk 2023-09-29 N/A 9.8 CRITICAL
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.
CVE-2022-23122 1 Netatalk 1 Netatalk 2023-09-29 N/A 9.8 CRITICAL
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.
CVE-2018-1160 3 Debian, Netatalk, Synology 7 Debian Linux, Netatalk, Diskstation Manager and 4 more 2023-09-29 10.0 HIGH 9.8 CRITICAL
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVE-2022-23123 1 Netatalk 1 Netatalk 2023-09-29 N/A 9.8 CRITICAL
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.
CVE-2022-43634 1 Netatalk 1 Netatalk 2023-09-29 N/A 9.8 CRITICAL
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.
CVE-2023-40455 1 Apple 1 Macos 2023-09-29 N/A 10.0 CRITICAL
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.
CVE-2023-35071 1 Mrv 1 Logging Administration Panel 2023-09-28 N/A 9.8 CRITICAL
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 .
CVE-2023-41449 1 Phpkobo 1 Ajaxnewsticker 2023-09-28 N/A 9.8 CRITICAL
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.
CVE-2020-24147 1 Xylusthemes 1 Wp Smart Import 2023-09-28 6.4 MEDIUM 9.1 CRITICAL
Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field.
CVE-2023-40764 1 Phpjabbers 1 Car Rental Script 2023-09-28 N/A 9.8 CRITICAL
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
CVE-2023-4845 1 Razormist 1 Simple Membership System 2023-09-28 N/A 9.8 CRITICAL
A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability.
CVE-2021-42169 1 Simple Payroll System With Dynamic Tax Bracket Project 1 Simple Payroll System With Dynamic Tax Bracket 2023-09-28 7.5 HIGH 9.8 CRITICAL
The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
CVE-2023-44206 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2023-09-28 N/A 9.1 CRITICAL
Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.
CVE-2023-43187 1 Nodebb 1 Nodebb 2023-09-28 N/A 9.8 CRITICAL
A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.