Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-41746 Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41748 Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39685 An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string. | 7.5 | HIGH | — | 0 |
| CVE-2023-46188 Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-41749 Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) ... | 7.5 | HIGH | — | 0 |
| CVE-2023-41750 Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-41751 Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-4299 Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment. | 9.0 | CRITICAL | — | 0 |
| CVE-2023-4688 Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-40187 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_... | 7.3 | HIGH | — | 0 |
| CVE-2023-40574 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-40575 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_B... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-40576 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This O... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-4481 An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of... | 7.5 | HIGH | — | 0 |
| CVE-2023-4695 Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 8.1 | HIGH | — | 0 |
| CVE-2023-4696 Improper Access Control in GitHub repository usememos/memos prior to 0.13.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4697 Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2. | 8.8 | HIGH | — | 0 |
| CVE-2023-4698 Improper Input Validation in GitHub repository usememos/memos prior to 0.13.2. | 7.5 | HIGH | — | 0 |
| CVE-2023-24674 Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. | 7.8 | HIGH | — | 0 |
| CVE-2023-24675 Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL. | 4.8 | MEDIUM | — | 0 |
| CVE-2023-41364 In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4704 External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | 4.9 | MEDIUM | — | 0 |
| CVE-2022-46527 ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser. | 7.5 | HIGH | — | 0 |
| CVE-2022-4343 An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in whic... | 5.0 | MEDIUM | — | 0 |
| CVE-2023-0120 An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to imp... | 3.5 | LOW | — | 0 |
| CVE-2023-1279 An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was... | 2.6 | LOW | — | 0 |
| CVE-2023-1555 An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespac... | 2.7 | LOW | — | 0 |
| CVE-2023-24412 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25042 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25044 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25477 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <= 1.3.12 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25488 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <= 1.0.1.1 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-37994 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration Shortcode plugin <= 1.5.6 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-3915 An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an e... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-3950 An information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audi... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-40239 Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version spe... | 7.5 | HIGH | — | 0 |
| CVE-2023-40969 Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-40970 Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. | 8.8 | HIGH | — | 0 |
| CVE-2023-39370 StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79) | 8.8 | HIGH | — | 0 |
| CVE-2023-4018 An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-4378 An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A ma... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-22305 An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-34011 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-37893 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-37986 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin <= 1.1.3 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-39371 StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601) | 8.8 | HIGH | — | 0 |
| CVE-2023-37997 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh Patel Post List With Featured Image plugin <= 1.2 versions. | 7.1 | HIGH | — | 0 |
| CVE-2023-37826 A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into t... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-37827 A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into t... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-37828 A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into t... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.