CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 13, 2024. 03:00:39 UTC
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-25525 | NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure. | September 22, 2023. 13:46:00 | [nvidia.custhelp.com] |
| CVE-2023-23362 | An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | September 22, 2023. 13:24:00 | [www.qnap.com] |
| CVE-2023-39043 | An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | September 22, 2023. 13:22:00 | [ykc.com][github.com] |
| CVE-2023-43242 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel. | September 22, 2023. 02:20:00 | [www.dlink.com][github.com] |
| CVE-2023-43236 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. | September 22, 2023. 02:19:00 | [www.dlink.com][github.com] |
| CVE-2023-43237 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. | September 22, 2023. 02:19:00 | [www.dlink.com][github.com] |
| CVE-2023-43238 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi. | September 22, 2023. 02:19:00 | [www.dlink.com][github.com] |
| CVE-2023-43239 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. | September 22, 2023. 02:19:00 | [www.dlink.com][github.com] |
| CVE-2023-43240 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. | September 22, 2023. 02:19:00 | [github.com][www.dlink.com] |
| CVE-2023-43241 | D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity. | September 22, 2023. 02:19:00 | [www.dlink.com][github.com] |
| CVE-2023-43235 | D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings. | September 22, 2023. 02:18:00 | [www.dlink.com][github.com] |
| CVE-2023-43274 | Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. | September 22, 2023. 02:15:00 | [github.com] |
| CVE-2023-43309 | There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload. | September 22, 2023. 02:15:00 | [github.com] |
| CVE-2023-43135 | There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | September 22, 2023. 02:14:00 | [github.com] |
| CVE-2023-43138 | TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | September 22, 2023. 02:12:00 | [github.com] |
| CVE-2023-36109 | Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. | September 22, 2023. 02:12:00 | [github.com][github.com] |
| CVE-2023-42335 | Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. | September 22, 2023. 02:11:00 | [0xhunter20.medium.com] |
| CVE-2023-43134 | There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | September 22, 2023. 02:11:00 | [github.com] |
| CVE-2023-43137 | TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | September 22, 2023. 02:11:00 | [github.com] |
| CVE-2023-42334 | An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. | September 22, 2023. 02:10:00 | [0xhunter20.medium.com] |
Page 794 of 1342
