Total
232568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6581 | 2023-12-07 | N/A | N/A | ||
| A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6580 | 2023-12-07 | N/A | N/A | ||
| A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2020-35857 | 1 Trust-dns-server Project | 1 Trust-dns-server | 2023-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption. | |||||
| CVE-2023-6579 | 2023-12-07 | N/A | N/A | ||
| A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-48815 | 1 Keking | 1 Kkfileview | 2023-12-07 | N/A | 6.1 MEDIUM |
| kkFileView v4.3.0 is vulnerable to Incorrect Access Control. | |||||
| CVE-2023-38174 | 2023-12-07 | N/A | 4.3 MEDIUM | ||
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-36880 | 2023-12-07 | N/A | 4.8 MEDIUM | ||
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | |||||
| CVE-2023-6576 | 2023-12-07 | N/A | N/A | ||
| A vulnerability was found in Beijing Baichuo S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6577 | 2023-12-07 | N/A | N/A | ||
| A vulnerability was found in Beijing Baichuo PatrolFlow 2530Pro up to 20231126. It has been rated as problematic. This issue affects some unknown processing of the file /log/mailsendview.php. The manipulation of the argument file with the input /boot/phpConfig/tb_admin.txt leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-50164 | 2023-12-07 | N/A | N/A | ||
| An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | |||||
| CVE-2023-35618 | 2023-12-07 | N/A | 9.6 CRITICAL | ||
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-6578 | 2023-12-07 | N/A | N/A | ||
| A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-41613 | 2 Ezviz, Microsoft | 2 Ezviz Studio, Windows | 2023-12-07 | N/A | 7.8 HIGH |
| EzViz Studio v2.2.0 is vulnerable to DLL hijacking. | |||||
| CVE-2023-49462 | 2023-12-07 | N/A | N/A | ||
| libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. | |||||
| CVE-2023-49468 | 2023-12-07 | N/A | N/A | ||
| Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. | |||||
| CVE-2023-49463 | 2023-12-07 | N/A | N/A | ||
| libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. | |||||
| CVE-2023-49460 | 2023-12-07 | N/A | N/A | ||
| libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. | |||||
| CVE-2023-6574 | 2023-12-07 | N/A | N/A | ||
| A vulnerability was found in Beijing Baichuo Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4486 | 2023-12-07 | N/A | N/A | ||
| Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to version 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. | |||||
| CVE-2023-6575 | 2023-12-07 | N/A | N/A | ||
| A vulnerability was found in Beijing Baichuo S210 up to 20231121. It has been classified as critical. This affects an unknown part of the file /Tool/repair.php of the component HTTP POST Request Handler. The manipulation of the argument txt leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||