Security Vulnerabilities - CVEs Published In December 2023
Tenda AX9 V22.03.01.46 is vulnerable to command injection.
CVSS Score
9.8
EPSS Score
0.044
Published
2023-12-07
Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
CVSS Score
9.8
EPSS Score
0.044
Published
2023-12-07
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-12-07
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-12-07
Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-12-07
Offline mode is always enabled, even if permission disallows it, in
Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and
earlier. This allows an attacker with access to the Workspace
application to access credentials when offline.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-12-07
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-07
Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-07
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
CVSS Score
9.8
EPSS Score
0.026
Published
2023-12-07
Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
CVSS Score
9.8
EPSS Score
0.02
Published
2023-12-07