Total
34396 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51079 | 2 Mvel, Redhat | 2 Mvel, Apache Camel Spring Boot | 2024-11-21 | 5.3 Medium |
| A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because "the only thing that you could expect is that the parser will take a crazy amount of time to complete its task." | ||||
| CVE-2023-51027 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘apcliAuthMode’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | ||||
| CVE-2023-51026 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi. | ||||
| CVE-2023-51025 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi. | ||||
| CVE-2023-51024 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘tz’ parameter of the setNtpCfg interface of the cstecgi .cgi. | ||||
| CVE-2023-51023 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi. | ||||
| CVE-2023-51022 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi. | ||||
| CVE-2023-51021 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘merge’ parameter of the setRptWizardCfg interface of the cstecgi .cgi. | ||||
| CVE-2023-51019 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘key5g’ parameter of the setWiFiExtenderConfig interface of the cstecgi .cgi. | ||||
| CVE-2023-51017 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi. | ||||
| CVE-2023-51015 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINX EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘enable parameter’ of the setDmzCfg interface of the cstecgi .cgi | ||||
| CVE-2023-51014 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi | ||||
| CVE-2023-51013 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanNetmask parameter’ of the setLanConfig interface of the cstecgi .cgi. | ||||
| CVE-2023-51012 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanGateway parameter’ of the setLanConfig interface of the cstecgi .cgi. | ||||
| CVE-2023-51011 | 1 Totolink | 2 Ex1800t, Ex1800t Firmware | 2024-11-21 | 9.8 Critical |
| TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanPriDns parameter’ of the setLanConfig interface of the cstecgi .cgi | ||||
| CVE-2023-51010 | 1 Qd-metro | 1 Qingdao Metro | 2024-11-21 | 5.3 Medium |
| An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking. | ||||
| CVE-2023-51006 | 1 Zhwnl | 1 Chinese Perpetual Calendar | 2024-11-21 | 7.5 High |
| An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors. | ||||
| CVE-2023-50980 | 1 Cryptopp | 1 Crypto\+\+ | 2024-11-21 | 7.5 High |
| gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing. | ||||
| CVE-2023-50950 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 3.7 Low |
| IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709. | ||||
| CVE-2023-50918 | 1 Misp | 1 Misp | 2024-11-21 | 9.8 Critical |
| app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. | ||||