Export limit exceeded: 349422 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10282 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50214 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 nodered tar File Handling Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21808. | ||||
| CVE-2023-50206 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 flupl query_type edit Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21299. | ||||
| CVE-2023-50205 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 awsfile chmod Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21298. | ||||
| CVE-2023-50201 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 cfgsave upusb Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21289. | ||||
| CVE-2023-50198 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 cfgsave Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21286. | ||||
| CVE-2023-50207 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 flupl filename Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21300. | ||||
| CVE-2023-50208 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 ovpncfg Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21441. | ||||
| CVE-2023-50209 | 1 Dlink | 2 G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 cfgsave Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21442. | ||||
| CVE-2024-5295 | 2 D-link, Dlink | 3 G416 Firmware, G416, G416 Firmware | 2025-03-10 | 8.8 High |
| D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21294. | ||||
| CVE-2023-22751 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 9.8 Critical |
| There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22750 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 9.8 Critical |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22749 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 9.8 Critical |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22748 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 9.8 Critical |
| There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22754 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 8.1 High |
| There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22755 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 8.1 High |
| There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22756 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 8.1 High |
| There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-22757 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 8.1 High |
| There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2023-26779 | 1 Yf-exam Project | 1 Yf-exam | 2025-03-06 | 9.8 Critical |
| CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE). | ||||
| CVE-2023-38547 | 1 Veeam | 1 One | 2025-03-06 | 9.8 Critical |
| A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. | ||||
| CVE-2023-24776 | 1 Funadmin | 1 Funadmin | 2025-03-06 | 9.8 Critical |
| Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. | ||||