• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2018-3868
Computer-insel
Photoline
2023-02-03
N/A
7.8 HIGH
A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution.
CVE-2018-3876
Samsung
Phone, S9+_firmware, S9+, S10_firmware, S10, Xcover_4_firmware, Xcover_4, Scx-824_firmware, Scx-824, Galaxy_s6_edge_firmware
2023-02-03
N/A
8.8 HIGH
An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability.
CVE-2022-46835
Identityiq, Sailpoint
Desktop_password_reset, Identityiq
2023-02-08
N/A
7.5 HIGH
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950.
CVE-2023-23127
Connectwise
Automate, Automate_api, Connectwise_automate, Control, Manage, Manageditsync
2023-02-08
N/A
5.3 MEDIUM
** DISPUTED **In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.
CVE-2023-23128
Connectwise
Automate, Automate_api, Connectwise_automate, Control, Manage, Manageditsync
2023-02-08
N/A
6.1 MEDIUM
** DISPUTED **Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.
CVE-2023-23119
Af-2x Firmware, Ui
Aircam_firmware, Aircam, Unifi_video_controller, Er-x_firmware, Er-x, Er-x-sfp_firmware, Er-x-sfp, Ep-r6_firmware, Ep-r6, Erlite-3_firmware
2023-02-10
N/A
5.9 MEDIUM
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.
CVE-2023-23120
Trendnet
Securview_wireless_internet_camera, Securview_wireless_internet_camera_activex_control, Teg-30102ws, Teg-30102ws_firmware, Tew-632brp, Tew-632brp_firmware, Tew-651br, Tew-651br_firmware, Tew-652br, Tew-652br_firmware
2023-02-09
N/A
5.9 MEDIUM
The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification.
CVE-2022-4634
Cncsoft, Deltaww
Asda_soft, Cncsoft, Cncsoft-b, Cncsoft_screeneditor, Cnssoft_screeneditor, Commgr, Dcisoft, Delta_industrial_automation_dopsoft, Delta_industrial_automation_pmsoft, Delta_industrial_automation_screen_editor
2023-02-10
N/A
7.8 HIGH
All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-0123
Deltaww, Dopsoft
Asda_soft, Cncsoft, Cncsoft-b, Cncsoft_screeneditor, Cnssoft_screeneditor, Commgr, Dcisoft, Delta_industrial_automation_dopsoft, Delta_industrial_automation_pmsoft, Delta_industrial_automation_screen_editor
2023-02-10
N/A
7.8 HIGH
Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
CVE-2023-0124
Deltaww, Dopsoft
Asda_soft, Cncsoft, Cncsoft-b, Cncsoft_screeneditor, Cnssoft_screeneditor, Commgr, Dcisoft, Delta_industrial_automation_dopsoft, Delta_industrial_automation_pmsoft, Delta_industrial_automation_screen_editor
2023-02-10
N/A
7.8 HIGH
Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software.
« Previous 1 … 11,255 11,256 11,257 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE