Total
10917 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-46527 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 was discovered to contain a stack overflow via the function bindRequestHandle. | |||||
| CVE-2023-46526 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. | |||||
| CVE-2023-46525 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. | |||||
| CVE-2023-46523 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. | |||||
| CVE-2023-46522 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-LINK device TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin and TL-WDR7660 2.0.30 were discovered to contain a stack overflow via the function deviceInfoRegister. | |||||
| CVE-2023-46521 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. | |||||
| CVE-2023-46520 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. | |||||
| CVE-2023-46518 | 1 Mercurycom | 2 A15, A15 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB. | |||||
| CVE-2023-46373 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. | |||||
| CVE-2023-46371 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TP-Link device TL-WDR7660 2.0.30 and TL-WR886N 2.0.12 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. | |||||
| CVE-2023-46369 | 1 Tenda | 2 W18e, W18e Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. | |||||
| CVE-2023-46332 | 1 Webassembly | 1 Webassembly Binary Toolkit | 2024-11-21 | N/A | 5.5 MEDIUM |
| WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault. | |||||
| CVE-2023-46284 | 1 Siemens | 4 Opcenter Quality, Simatic Pcs Neo, Sinumerik Integrate Runmyhmi \/automotive and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash. | |||||
| CVE-2023-46261 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46259 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46258 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46257 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46256 | 1 Dronecode | 1 Px4 Drone Autopilot | 2024-11-21 | N/A | 4.4 MEDIUM |
| PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available. | |||||
| CVE-2023-46225 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2024-11-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||