2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50992 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50992

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a stack overflow via the ip parameter in the setPing function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50990 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50990

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the rebootTime parameter in the sysScheduleRebootSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50989 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50989

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 77VNDTendaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50988 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50988

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the bandwidth parameter in the wifiRadioSetIndoor function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50987 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50987

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysTimeInfoSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50986 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50986

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the time parameter in the sysLogin function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 120CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50985 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50985

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the lanGw parameter in the lanCfgSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
728 × 90 / responsive · programmatic ad slot
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50984 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50984

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a buffer overflow via the ip parameter in the spdtstConfigAndStart function. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 787VNDTendaTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-20
2023-12-20 22:15Z
CRIT

CVE-2023-50983 — Tenda I29_firmware: i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50983

Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function. CVSSv3.1 9.8 (CRITICAL) · EPSS 81th percentile

CWECWE 77VNDTendaTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-12-18
2023-12-18 16:15Z
MED

CVE-2023-48795 — Openbsd Openssh: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extension CVSSv3.1 5.9 (MEDIUM) · EPSS 98th percentile

CWECWE 354VNDPuttyVNDFilezilla ProjectVNDPanicTYPVulnerability
5.9
CVSS v3.1
96
Edit Score
2023-12-15
2023-12-15 18:15Z
CRIT

CVE-2023-50918 — Misp-project Misp: app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-50918

app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. CVSSv3.1 9.8 (CRITICAL) · EPSS 51th percentile

VNDMispVNDMisp ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-15
2023-12-15 11:15Z
CRIT

CVE-2023-6553 — Backupbliss Backup_migration: The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6553

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server. CVSSv3.1 9.8 (CRITICAL) · EPSS 100th percentile

CWECWE 94VNDBackupblissVNDBackupTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-12-13
2023-12-13 14:15Z
HIGH

CVE-2023-47326 — Silverpeas Silverpeas: Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-47326

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. CVSSv3.1 8.8 (HIGH) · EPSS 31th percentile

CWECWE 352VNDSilverpeasTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-12-13
2023-12-13 14:15Z
HIGH

CVE-2023-47322 — Silverpeas Silverpeas: The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-47322

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. If an administrator goes to a malicious URL while being authenticated to the Silverpeas application, the CSRF with execute making the attacker an administrator user in the application. CVSSv3.1 8.8 (HIGH) · EPSS 32th percentile

CWECWE 352VNDSilverpeasTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-12-13
2023-12-13 14:15Z
HIGH

CVE-2023-47320 — Silverpeas Silverpeas: Core 6.3.1 is vulnerable to Incorrect Access Control.

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-47320

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode" due to broken access control. This makes the application unavailable to all users. This affects Silverpeas Core 6.3.1 and below. CVSSv3.1 8.1 (HIGH) · EPSS 50th percentile

CWECWE 863VNDSilverpeasTYPVulnerability
8.1
CVSS v3.1
91
Edit Score
2023-12-07
2023-12-07 18:15Z
HIGH

CVE-2023-33413 — Supermicro M11sdv-4c-ln4f_firmware: The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-33413

The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. CVSSv3.1 8.8 (HIGH) · EPSS 59th percentile

CWECWE 798VNDSupermicroVNDIntelligentTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-12-07
2023-12-07 18:15Z
HIGH

CVE-2023-33412 — Supermicro M11sdv-4c-ln4f_firmware: The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC)

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-33412

The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints. CVSSv3.1 8.8 (HIGH) · EPSS 65th percentile

VNDSupermicroVNDIntelligentTYPVulnerability
8.8
CVSS v3.1
94
Edit Score
2023-12-07
2023-12-07 07:15Z
HIGH

CVE-2023-43303 — Linecorp Line: An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-43303

An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token (via captured network traffic). CVSSv3.1 8.2 (HIGH) · EPSS 41th percentile

VNDLinecorpTYPVulnerability
8.2
CVSS v3.1
91
Edit Score
2023-12-01
2023-12-01 14:15Z
CRIT

CVE-2023-5636 — Arslansoft_education_portal_project Arslansoft_education_portal: Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5636

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection. This issue affects Education Portal: before v1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 66th percentile

CWECWE 434VNDArslansoft Education Portal ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-12-01
2023-12-01 14:15Z
CRIT

CVE-2023-5634 — Arslansoft_education_portal_project Arslansoft_education_portal: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-5634

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection. This issue affects Education Portal: before v1.1. CVSSv3.1 9.8 (CRITICAL) · EPSS 30th percentile

CWECWE 89VNDArslansoft Education Portal ProjectTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-11-30
2023-11-30 15:15Z
MED

CVE-2023-40600 — Ewww Image_optimizer: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-40600

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exactly WWW EWWW Image Optimizer. It works only when debug.log is turned on.This issue affects EWWW Image Optimizer: from n/a through 7.2.0. CVSSv3.1 5.3 (MEDIUM) · EPSS 98th percentile

CWECWE 200VNDEwwwTYPVulnerability
5.3
CVSS v3.1
95
Edit Score
2023-11-29
2023-11-29 01:15Z
CRIT

CVE-2023-23325 — Zumtobel Netlink_ccd_firmware: Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-23325

Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter. CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile

CWECWE 78VNDZumtobelTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-11-29
2023-11-29 01:15Z
CRIT

CVE-2023-23324 — Zumtobel Netlink_ccd_firmware: Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-23324

Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account. CVSSv3.1 9.8 (CRITICAL) · EPSS 54th percentile

CWECWE 798VNDZumtobelTYPVulnerability
9.8
CVSS v3.1
99
Edit Score
2023-11-28
2023-11-28 21:15Z
CRIT

CVE-2023-48193 — Fit2cloud Jumpserver: Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-48193

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. NOTE: this is disputed because command filtering is not intended to restrict what code can be run by authorized users who are allowed to execute files. CVSSv3.1 9.8 (CRITICAL) · EPSS 78th percentile

VNDFit2cloudTYPVulnerability
9.8
CVSS v3.1
100
Edit Score
2023-11-28
2023-11-28 12:15Z
HIGH

CVE-2023-6201 — Univera Panorama: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability

NVD (auto-promoted CVEs)·nvd.nist.govCVE-2023-6201

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection. This issue affects Panorama: before 8.0. CVSSv3.1 8.8 (HIGH)

CWECWE 78VNDUniveraTYPVulnerability
8.8
CVSS v3.1
94
Edit Score