Latest CVE Feed
-
9.8
CRITICALCVE-2017-8366
The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilt... Read more
Affected Products : ettercap- Published: Apr. 30, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7819
A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7801
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thund... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7800
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3,... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43696
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. ... Read more
- Published: Oct. 09, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43668
Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, some sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile".... . Users ar... Read more
Affected Products : inlong- Published: Oct. 16, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5522
Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4, 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving WFS get feature requests.... Read more
- Published: Mar. 15, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5472
A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. This vulnerability affects Firef... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5380
A potential use-after-free found through fuzzing during DOM manipulation of SVG content. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51.... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43454
An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.... Read more
- Published: Dec. 01, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43364
main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution.... Read more
Affected Products : searchor- Published: Dec. 12, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43371
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.... Read more
Affected Products : hoteldruid- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43373
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.... Read more
Affected Products : hoteldruid- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43478
fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on th... Read more
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43374
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.... Read more
Affected Products : hoteldruid- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43239
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.... Read more
- Published: Sep. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43242
D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.... Read more
- Published: Sep. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43202
D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name para... Read more
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43196
D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.... Read more
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-43375
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.... Read more
Affected Products : hoteldruid- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024