The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-51073 | An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. | -- | Jan 11, 2024 | n/a |
| CVE-2023-51074 | json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method. | -- | Dec 27, 2023 | n/a |
| CVE-2023-51075 | hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters. | -- | Dec 27, 2023 | n/a |
| CVE-2023-51079 | A long execution time can occur in the ParseTools.subCompileExpression method in MVEL 2.5.0.Final because of many Java class lookups. NOTE: the vendor disputes this because the only thing that you could expect is that the parser will take a crazy amount of time to complete its task. | -- | Dec 27, 2023 | n/a |
| CVE-2023-51080 | The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow. | -- | Dec 27, 2023 | n/a |
| CVE-2023-51084 | hyavijava v6.0.07.1 was discovered to contain a stack overflow via the ResultConverter.convert2Xml method. | -- | Dec 27, 2023 | n/a |
| CVE-2023-51090 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51091 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51092 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51093 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51094 | Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51095 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51097 | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51098 | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . | -- | Dec 26, 2023 | n/a |
| CVE-2023-51099 | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . | -- | Dec 26, 2023 | n/a |
| CVE-2023-51100 | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . | -- | Dec 26, 2023 | n/a |
| CVE-2023-51101 | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51102 | Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51103 | A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51104 | A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51105 | A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51106 | A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51107 | A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. NOTE: this is disputed by the supplier because there was not reasonable evidence to determine the existence of a vulnerability or identify the affected product. | -- | Dec 26, 2023 | n/a |
| CVE-2023-51123 | An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. | -- | Jan 11, 2024 | n/a |
| CVE-2023-51126 | Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. | -- | Jan 11, 2024 | n/a |
| CVE-2023-51127 | FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. | -- | Jan 11, 2024 | n/a |
| CVE-2023-51133 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. | -- | Jan 1, 2024 | n/a |
| CVE-2023-51135 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. | -- | Jan 1, 2024 | n/a |
| CVE-2023-51136 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. | -- | Jan 1, 2024 | n/a |
| CVE-2023-51141 | An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component | -- | Apr 11, 2024 | n/a |
| CVE-2023-51142 | An issue in ZKTeco BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information. | -- | Apr 11, 2024 | n/a |
| CVE-2023-51146 | Buffer Overflow vulnerability in TRENDnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_add_user action. | -- | Mar 26, 2024 | n/a |
| CVE-2023-51147 | Buffer Overflow vulnerability in TRENDnet Trendnet AC1200 TEW-821DAP with firmware version 3.00b06 allows an attacker to execute arbitrary code via the adm_mod_pwd action. | -- | Mar 26, 2024 | n/a |
| CVE-2023-51148 | An issue in TRENDnet Trendnet AC1200 Dual Band PoE Indoor Wireless Access Point TEW-821DAP v.3.00b06 allows an attacker to execute arbitrary code via the \'mycli\' command-line interface component. | -- | Mar 26, 2024 | n/a |
| CVE-2023-51154 | Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. | -- | Jan 4, 2024 | n/a |
| CVE-2023-51195 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Jan 10, 2024 | n/a |
| CVE-2023-51197 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability. | -- | Jan 30, 2024 | n/a |
| CVE-2023-51198 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability. | -- | Jan 30, 2024 | n/a |
| CVE-2023-51199 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability. | -- | Jan 23, 2024 | n/a |
| CVE-2023-51200 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability. | -- | Jan 23, 2024 | n/a |
| CVE-2023-51201 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability. | -- | Jan 23, 2024 | n/a |
| CVE-2023-51202 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability. | -- | Jan 30, 2024 | n/a |
| CVE-2023-51204 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability. | -- | Jan 30, 2024 | n/a |
| CVE-2023-51208 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability. | -- | Jan 23, 2024 | n/a |
| CVE-2023-51210 | SQL injection vulnerability in Webkul Bundle Product 6.0.1 allows a remote attacker to execute arbitrary code via the id_product parameters in the UpdateProductQuantity function. | -- | Jan 23, 2024 | n/a |
| CVE-2023-51217 | An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component. | -- | Jan 18, 2024 | n/a |
| CVE-2023-51219 | A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user\'s account and read her/his chat messages. | -- | Jun 4, 2024 | n/a |
| CVE-2023-51246 | A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. | -- | Jan 9, 2024 | n/a |
| CVE-2023-51252 | PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing. | -- | Jan 10, 2024 | n/a |
| CVE-2023-51254 | Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. | -- | Apr 29, 2024 | n/a |
