Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-5165 Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching ... | 7.1 | HIGH | β | 0 |
| CVE-2023-39408 DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 7.5 | HIGH | β | 0 |
| CVE-2023-39409 DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 7.5 | HIGH | β | 0 |
| CVE-2023-41294 The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41295 Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. | 5.3 | MEDIUM | β | 0 |
| CVE-2023-41296 Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality. | 9.1 | CRITICAL | β | 0 |
| CVE-2023-41297 Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41298 Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2023-41299 DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 7.5 | HIGH | β | 0 |
| CVE-2022-48605 Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-41293 Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2023-41300 Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 7.5 | HIGH | β | 0 |
| CVE-2023-41301 Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally. | 7.5 | HIGH | β | 0 |
| CVE-2023-41302 Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally. | 7.5 | HIGH | β | 0 |
| CVE-2023-41303 Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified. | 7.5 | HIGH | β | 0 |
| CVE-2023-43256 A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-43131 General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5166 Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. | 8.0 | HIGH | β | 0 |
| CVE-2023-43456 Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and las... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0625 Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. | 8.0 | HIGH | β | 0 |
| CVE-2023-0626 Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. | 8.0 | HIGH | β | 0 |
| CVE-2023-0627 Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. | 6.7 | MEDIUM | β | 0 |
| CVE-2023-0633 In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0. | 7.2 | HIGH | β | 0 |
| CVE-2023-23567 A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can prov... | 8.1 | HIGH | β | 0 |
| CVE-2023-3226 The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e... | 4.8 | MEDIUM | β | 0 |
| CVE-2023-3664 The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. | 7.2 | HIGH | β | 0 |
| CVE-2023-43141 TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-43339 Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Po... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-43382 Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. | 8.8 | HIGH | β | 0 |
| CVE-2023-4892 Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in... | 5.7 | MEDIUM | β | 0 |
| CVE-2023-5156 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. | 7.5 | HIGH | β | 0 |
| CVE-2023-5158 A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-4156 A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. | 4.4 | MEDIUM | β | 0 |
| CVE-2023-39640 UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-40581 yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. ... | 8.3 | HIGH | β | 0 |
| CVE-2023-41863 Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin <=Β 1.7.0 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-41867 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <=Β 8.6.2 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-41868 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <=Β 2.3.7 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-41871 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <=Β 4.7.0 versions. | 7.1 | HIGH | β | 0 |
| CVE-2023-42817 Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including β%sβ (from β%suggest%) is parsed by sprintf() even though itβs supposed to be output litera... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-43319 Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username para... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-4137 A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Key... | 8.1 | HIGH | β | 0 |
| CVE-2022-4245 A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command stri... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-42753 An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the pri... | 7.0 | HIGH | β | 0 |
| CVE-2022-4318 A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. | 7.8 | HIGH | β | 0 |
| CVE-2023-43458 Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description para... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-43642 snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing... | 7.5 | HIGH | β | 0 |
| CVE-2023-43644 Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user auth... | 9.1 | CRITICAL | β | 0 |
| CVE-2023-42426 Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-43457 An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.