Search
Search Results (9909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40479 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 8.8 High |
| NETGEAR RAX30 UPnP Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19704. | ||||
| CVE-2023-40478 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 6.8 Medium |
| NETGEAR RAX30 Telnet CLI passwd Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the telnet CLI service, which listens on TCP port 23. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20009. | ||||
| CVE-2024-27923 | 1 Getgrav | 1 Grav | 2025-01-02 | 8.8 High |
| Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue. | ||||
| CVE-2022-41081 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-01-02 | 8.1 High |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2022-41038 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-01-02 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-41037 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-01-02 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-41036 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-01-02 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-41034 | 1 Microsoft | 1 Visual Studio Code | 2025-01-02 | 7.8 High |
| Visual Studio Code Remote Code Execution Vulnerability | ||||
| CVE-2022-41031 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-01-02 | 7.8 High |
| Microsoft Word Remote Code Execution Vulnerability | ||||
| CVE-2022-38053 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2025-01-02 | 8.8 High |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | ||||
| CVE-2022-38049 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-01-02 | 7.8 High |
| Microsoft Office Graphics Remote Code Execution Vulnerability | ||||
| CVE-2022-38048 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-01-02 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2022-38047 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-01-02 | 8.1 High |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2022-38040 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-01-02 | 8.8 High |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | ||||
| CVE-2022-38031 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-01-02 | 8.8 High |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2022-38000 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2025-01-02 | 8.1 High |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2022-37982 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-01-02 | 8.8 High |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2022-33635 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-01-02 | 7.8 High |
| Windows GDI+ Remote Code Execution Vulnerability | ||||
| CVE-2022-33634 | 1 Microsoft | 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more | 2025-01-02 | 8.1 High |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2022-30198 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2025-01-02 | 8.1 High |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | ||||