Page 148 of 35157 results (0.060 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0

Deserialization of Untrusted Data vulnerability in Apache Seata.  When developers disable authentication on the Seata-Server and do not use the Seata client SDK dependencies, they may construct uncontrolled serialized malicious requests by directly sending bytecode based on the Seata private protocol. This issue affects Apache Seata: 2.0.0, from 1.0.0 through 1.8.0. Users are recommended to upgrade to version 2.1.0/1.8.1, which fixes the issue. • https://lists.apache.org/thread/91nzzlxyj4nmks85gbzwkkjtbmnmlkc4 • CWE-502: Deserialization of Untrusted Data •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Mattermost Desktop App versions <=5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine. • https://mattermost.com/security-updates • CWE-427: Uncontrolled Search Path Element •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8082-f1687-1.html https://www.twcert.org.tw/en/cp-139-8083-a299e-2.html • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device. • https://www.twcert.org.tw/tw/cp-132-8080-7f494-1.html https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html • CWE-121: Stack-based Buffer Overflow •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An unauthenticated attacker can get RCE as root by exploiting this vulnerability. • https://wr3nchsr.github.io/zte-multiple-routers-httpd-vulnerabilities-advisory • CWE-121: Stack-based Buffer Overflow •