Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-29245 A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthentica... | 8.1 | HIGH | β | 0 |
| CVE-2022-47557 Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-32649 A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unaut... | 7.5 | HIGH | β | 0 |
| CVE-2022-47553 Incorrect authorisation in ekorCCP and ekorRCI, which could allow a remote attacker to obtain resources with sensitive information for the organisation, without being authenticated within the web serv... | 8.6 | HIGH | β | 0 |
| CVE-2022-47554 Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, wi... | 8.2 | HIGH | β | 0 |
| CVE-2022-47555 Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-47556 Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly valid... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-47558 Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allo... | 9.4 | CRITICAL | β | 0 |
| CVE-2023-23957 An authenticated user can see and modify the value for βnextβ query parameter in Symantec Identity Portal 14.4 | 5.4 | MEDIUM | β | 0 |
| CVE-2023-41834 Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response s... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-4092 SQL injection vulnerability in Arconte Γurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/updat... | 8.8 | HIGH | β | 0 |
| CVE-2022-47559 Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, priva... | 8.6 | HIGH | β | 0 |
| CVE-2023-31808 Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Adm... | 7.2 | HIGH | β | 0 |
| CVE-2023-47165 Improper conditions check in the Intel(R) Data Center GPU Max Series 1100 and 1550 products may allow an privileged user to potentially enable denial of service via local access. | 6.0 | MEDIUM | β | 0 |
| CVE-2023-4093 Reflected and persistent XSS vulnerability in Arconte Γurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the ... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-4094 ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In add... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-4095 User enumeration vulnerability in Arconte Γurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the n... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-4096 Weak password recovery mechanism vulnerability in Fujitsu Arconte Γurea version 1.5.0.0,Β which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order t... | 8.6 | HIGH | β | 0 |
| CVE-2023-3892 Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to tak... | 5.6 | MEDIUM | β | 0 |
| CVE-2023-41890 Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issue... | 7.5 | HIGH | β | 0 |
| CVE-2025-57911 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Adverts adverts-click-tracker allows DOM-Based XSS.This issue affects Adverts: from n/a ... | N/A | NONE | β | 0 |
| CVE-2023-42444 phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-... | 8.6 | HIGH | β | 0 |
| CVE-2023-42447 blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, t... | 8.6 | HIGH | β | 0 |
| CVE-2023-32182 A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfi... | 5.9 | MEDIUM | β | 0 |
| CVE-2023-38351 MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | HIGH | β | 0 |
| CVE-2023-38352 MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | HIGH | β | 0 |
| CVE-2023-38353 MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-38354 MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | HIGH | β | 0 |
| CVE-2023-42450 Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary d... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-42451 Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain ... | 7.4 | HIGH | β | 0 |
| CVE-2023-42452 Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse ... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-43566 In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration | 3.5 | LOW | β | 0 |
| CVE-2023-40931 A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-40932 A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the ... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-40933 A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sen... | 8.8 | HIGH | β | 0 |
| CVE-2023-40934 A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL command... | 7.2 | HIGH | β | 0 |
| CVE-2020-24089 An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS). | 5.5 | MEDIUM | β | 0 |
| CVE-2023-36319 File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file. | 8.8 | HIGH | β | 0 |
| CVE-2023-39575 A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-25525 NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may b... | 7.5 | HIGH | β | 0 |
| CVE-2023-25527 NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to... | 7.8 | HIGH | β | 0 |
| CVE-2023-25528 NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted netwo... | 8.8 | HIGH | β | 0 |
| CVE-2023-25529 NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another userβs session token by observing timing discrepanci... | 8.0 | HIGH | β | 0 |
| CVE-2023-25530 NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of... | 8.0 | HIGH | β | 0 |
| CVE-2023-25531 NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial ... | 7.6 | HIGH | β | 0 |
| CVE-2023-25532 NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-32827 In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interact... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-25533 NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code e... | 8.3 | HIGH | β | 0 |
| CVE-2023-25534 NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, e... | 5.7 | MEDIUM | β | 0 |
| CVE-2023-31008 NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, ... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.