Buffalo 漏洞与 CVE 列表(61)

产品(CPE): — CVE 数: 61

Buffalo 漏洞概览

汇总 Buffalo 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

已披露问题常与 路径处理缺陷、跨站脚本与缓冲区溢出 相关,可能在 软件部署与生产负载 场景中带来 应用崩溃与内存损坏 等暴露风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 12061 CVE 数
«« 第一页 « 上一页 第 1 / 4 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-45779 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time [email protected] 9.3 0.48% 2026-06-05 2026-06-17
CVE-2026-45778 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in the victim's browser, potentially leading to credential capture and Open XDMoD account takeover. All deployments of Open XDMoD prior to 11.0.3 are imp [email protected] 8.6 0.15% 2026-06-05 2026-06-17
CVE-2026-45777 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was re [email protected] 9.3 0.39% 2026-06-05 2026-06-17
CVE-2026-45776 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD includes the optional Job Performance (SUPReMM) module, an attacker could bypass intended data access restrictions and view other users' compute job efficiency metrics. All deployments of Open XDMoD prior [email protected] 5.3 0.24% 2026-06-05 2026-06-17
CVE-2026-33366 Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication. [email protected] 6.9 0.34% 2026-03-27 2026-06-17
CVE-2026-33280 Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands. [email protected] 8.6 0.38% 2026-03-27 2026-06-17
CVE-2026-32678 Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication. [email protected] 8.7 0.32% 2026-03-27 2026-06-17
CVE-2026-32669 Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products. [email protected] 8.7 0.27% 2026-03-27 2026-06-17
CVE-2026-27650 OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products. [email protected] 8.6 0.92% 2026-03-27 2026-06-17
CVE-2024-26023 OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands. [email protected] 4.2 0.55% 2024-04-15 2026-06-17
CVE-2024-23486 Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials. [email protected] 9.8 0.56% 2024-04-15 2026-06-17
CVE-2023-49038 Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root. [email protected] 7.2 1.77% 2024-01-29 2026-06-17
CVE-2023-51073 An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. [email protected] 8.1 1.31% 2024-01-10 2026-06-17
CVE-2023-51363 VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated attacker who can access the product's web management page to obtain sensitive information. [email protected] 6.5 0.29% 2023-12-26 2026-06-17
CVE-2023-46711 VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. [email protected] 4.6 0.23% 2023-12-26 2026-06-17
CVE-2023-46681 Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command. [email protected] 7.8 0.25% 2023-12-26 2026-06-17
CVE-2023-45741 VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands. [email protected] 6.8 0.33% 2023-12-26 2026-06-17
CVE-2023-39620 An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function. [email protected] 7.5 0.71% 2023-09-07 2026-06-17
CVE-2023-26588 Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0. [email protected] 7.5 0.57% 2023-04-11 2026-06-17
CVE-2023-24544 Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware [email protected] 8.1 0.29% 2023-04-11 2026-06-17
«« 第一页 « 上一页 第 1 / 4 页 下一页 »
cvelogic Threat Intelligence