Export limit exceeded: 74705 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74705 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9567 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-09 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. This issue affects the function formAdvFirewall of the file /goform/formAdvFirewall. The manipulation of the argument curTime leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9570 | 1 Dlink | 2 Dir-619l, Dir-619l Firmware | 2024-10-09 | 8.8 High |
| A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formEasySetTimezone of the file /goform/formEasySetTimezone. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-20381 | 1 Cisco | 3 Ios Xr, Network Services Orchestrator, Small Business Rv Series Router Firmware | 2024-10-08 | 8.8 High |
| A vulnerability in the JSON-RPC API feature in Cisco Crosswork Network Services Orchestrator (NSO) and ConfD that is used by the web-based management interfaces of Cisco Optical Site Manager and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to modify the configuration of an affected application or device. This vulnerability is due to improper authorization checks on the API. An attacker with privileges sufficient to access the affected application or device could exploit this vulnerability by sending malicious requests to the JSON-RPC API. A successful exploit could allow the attacker to make unauthorized modifications to the configuration of the affected application or device, including creating new user accounts or elevating their own privileges on an affected system. | ||||
| CVE-2024-20436 | 1 Cisco | 1 Ios Xe | 2024-10-08 | 8.6 High |
| A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature is enabled could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a null pointer dereference when accessing specific URLs. An attacker could exploit this vulnerability by sending crafted HTTP traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, causing a DoS condition on the affected device. | ||||
| CVE-2024-9565 | 2 D-link, Dlink | 3 Dir-650l, Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9564 | 2 D-link, Dlink | 3 Dir-650l, Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9563 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9562 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability classified as critical was found in D-Link DIR-605L 2.13B01 BETA. This vulnerability affects the function formSetWizard1/formSetWizard2. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9561 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability classified as critical has been found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetWAN_Wizard51/formSetWAN_Wizard52. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9559 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability was found in D-Link DIR-605L 2.13B01 BETA. It has been classified as critical. Affected is the function formWlanSetup of the file /goform/formWlanSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9557 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This vulnerability affects the function formSetWanPPPoE of the file /goform/formSetWanPPPoE. The manipulation of the argument webpage leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9556 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. This affects the function formSetEnableWizard of the file /goform/formSetEnableWizard. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9558 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability was found in D-Link DIR-605L 2.13B01 BETA and classified as critical. This issue affects the function formSetWanPPTP of the file /goform/formSetWanPPTP. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-9555 | 1 Dlink | 2 Dir-605l, Dir-605l Firmware | 2024-10-08 | 8.8 High |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. Affected by this issue is the function formSetEasy_Wizard of the file /goform/formSetEasy_Wizard. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-37868 | 2 Emiloimagtolis, Online Discussion Forum Project | 2 Online Discussion Forum, Online Discussion Forum | 2024-10-08 | 8.8 High |
| File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. | ||||
| CVE-2024-37869 | 2 Emiloimagtolis, Online Discussion Forum Project | 2 Online Discussion Forum, Online Discussion Forum | 2024-10-08 | 8.8 High |
| File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable | ||||
| CVE-2022-49038 | 1 Synology | 2 Drive, Drive Client | 2024-10-08 | 7.8 High |
| Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component in Synology Drive Client before 3.3.0-15082 allows local users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2023-52946 | 1 Synology | 2 Drive, Drive Client | 2024-10-08 | 8.2 High |
| Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. | ||||
| CVE-2024-42417 | 1 Deltaww | 1 Diaenergie | 2024-10-08 | 8.8 High |
| Delta Electronics DIAEnergie is vulnerable to an SQL injection in the script Handler_CFG.ashx. An authenticated attacker may be able to exploit this issue to cause delay in the targeted product. | ||||
| CVE-2024-44015 | 1 Userscontrol | 1 Users Control | 2024-10-08 | 7.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Users Control allows PHP Local File Inclusion.This issue affects Users Control: from n/a through 1.0.16. | ||||