Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-30736 Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required. | 4.4 | MEDIUM | β | 0 |
| CVE-2023-30737 Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | 4.0 | MEDIUM | β | 0 |
| CVE-2023-30738 An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SM... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-3038 SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5368 On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-5369 Before correction, theΒ copy_file_rangeΒ system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equiva... | 7.1 | HIGH | β | 0 |
| CVE-2023-5370 On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-44272 A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-5375 Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-5377 Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. | 7.1 | HIGH | β | 0 |
| CVE-2023-1584 A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user d... | 7.5 | HIGH | β | 0 |
| CVE-2023-25489 Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <=Β 2.0.0 versions. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-25788 Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <=Β 1.8.13 versions. | 6.3 | MEDIUM | β | 0 |
| CVE-2023-25980 Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <=Β 5.1 versions. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-2422 A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a prop... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-2809 Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. Th... | 7.8 | HIGH | β | 0 |
| CVE-2024-32436 Cross-Site Request Forgery (CSRF) vulnerability in Codemenschen Gift Vouchers.This issue affects Gift Vouchers: from n/a through 4.4.0. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-3512 Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files... | 7.5 | HIGH | β | 0 |
| CVE-2023-3701 Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-4586 A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) a... | 7.4 | HIGH | β | 0 |
| CVE-2022-4132 A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page). | 5.9 | MEDIUM | β | 0 |
| CVE-2023-22618 If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for ... | 8.1 | HIGH | β | 0 |
| CVE-2023-3037 Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve persona... | 8.6 | HIGH | β | 0 |
| CVE-2023-3153 A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-3361 A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline serve... | 7.7 | HIGH | β | 0 |
| CVE-2023-4037 Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially c... | 9.9 | CRITICAL | β | 0 |
| CVE-2023-4090 Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker t... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-4491 Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4492 Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) o... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-4493 Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-4494 Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request res... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-4495 Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-4496 Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in t... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-4497 Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-40561 Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <=Β 3.7.1 versions. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-5373 A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument... | 7.3 | HIGH | β | 0 |
| CVE-2022-43906 IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897. | 3.1 | LOW | β | 0 |
| CVE-2023-1832 An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected ... | 6.8 | MEDIUM | β | 0 |
| CVE-2023-25025 Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <=Β 3.1.0 versions. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-27433 Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-40376 IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to i... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-40684 IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI ... | 4.6 | MEDIUM | β | 0 |
| CVE-2023-5374 A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipu... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-3665 A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-3971 An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a com... | 7.3 | HIGH | β | 0 |
| CVE-2023-40559 Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <=Β 2.4.0 versions. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-43838 An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. | 7.8 | HIGH | β | 0 |
| CVE-2023-4237 A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch t... | 7.3 | HIGH | β | 0 |
| CVE-2023-4380 A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credent... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-5113 Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.