Total
21356 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44016 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | |||||
| CVE-2023-44014 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters. | |||||
| CVE-2023-44017 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | |||||
| CVE-2023-44015 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function. | |||||
| CVE-2023-44018 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function. | |||||
| CVE-2023-44021 | 1 Tendacn | 2 Ac10u, Ac10u Firmware | 2023-09-27 | N/A | 9.8 CRITICAL |
| Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function. | |||||
| CVE-2023-40436 | 1 Apple | 1 Macos | 2023-09-27 | N/A | 9.1 CRITICAL |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. | |||||
| CVE-2023-39375 | 1 Siberiancms | 1 Siberiancms | 2023-09-27 | N/A | 9.8 CRITICAL |
| SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges | |||||
| CVE-2021-38243 | 1 Xunruicms | 1 Xunruicms | 2023-09-27 | N/A | 9.8 CRITICAL |
| xunruicms <=4.5.1 is vulnerable to Remote Code Execution. | |||||
| CVE-2023-38586 | 1 Apple | 1 Macos | 2023-09-27 | N/A | 10.0 CRITICAL |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2023-44172 | 1 Seacms | 1 Seacms | 2023-09-27 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. | |||||
| CVE-2023-44171 | 1 Seacms | 1 Seacms | 2023-09-27 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. | |||||
| CVE-2023-44170 | 1 Seacms | 1 Seacms | 2023-09-27 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. | |||||
| CVE-2023-44169 | 1 Seacms | 1 Seacms | 2023-09-27 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. | |||||
| CVE-2023-43222 | 1 Seacms | 1 Seacms | 2023-09-27 | N/A | 9.8 CRITICAL |
| SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | |||||
| CVE-2023-43216 | 1 Seacms | 1 Seacms | 2023-09-27 | N/A | 9.8 CRITICAL |
| SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | |||||
| CVE-2023-4737 | 2023-09-27 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2. | |||||
| CVE-2023-41910 | 1 Lldpd Project | 1 Lldpd | 2023-09-27 | N/A | 9.8 CRITICAL |
| An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. | |||||
| CVE-2022-22536 | 1 Sap | 3 Content Server, Netweaver Application Server Abap, Web Dispatcher | 2023-09-27 | 10.0 HIGH | 10.0 CRITICAL |
| SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. | |||||
| CVE-2023-39640 | 1 Uplight | 1 Cookie Law | 2023-09-26 | N/A | 9.8 CRITICAL |
| UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). | |||||