Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-39341 "FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versi... | 3.3 | LOW | — | 0 |
| CVE-2023-39910 The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal ... | 7.5 | HIGH | — | 0 |
| CVE-2023-48758 Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.2.4. | 7.1 | HIGH | — | 0 |
| CVE-2023-38751 Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the info... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-38752 Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster ... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-27524 Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-2905 Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap... | 8.8 | HIGH | — | 0 |
| CVE-2023-26310 There is a command injection problem in the old version of the mobile phone backup app. | 7.4 | HIGH | — | 0 |
| CVE-2023-37855 In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt brow... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-37856 In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dia... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-37857 In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to ... | 3.8 | LOW | — | 0 |
| CVE-2023-37858 In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an en... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-37859 In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string t... | 7.2 | HIGH | — | 0 |
| CVE-2023-37860 In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon. | 7.5 | HIGH | — | 0 |
| CVE-2023-37861 In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a ce... | 8.8 | HIGH | — | 0 |
| CVE-2023-37862 In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-co... | 8.2 | HIGH | — | 0 |
| CVE-2023-37863 In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. | 7.2 | HIGH | — | 0 |
| CVE-2023-37864 In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. | 7.2 | HIGH | — | 0 |
| CVE-2023-24477 In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authen... | 7.0 | HIGH | — | 0 |
| CVE-2023-24471 An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-38207 Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arb... | 7.5 | HIGH | — | 0 |
| CVE-2023-38208 Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Inje... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-38209 Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass.... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-22378 A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL statements... | 8.8 | HIGH | — | 0 |
| CVE-2023-22843 An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and c... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-38211 Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user i... | 7.8 | HIGH | — | 0 |
| CVE-2023-38212 Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue req... | 7.8 | HIGH | — | 0 |
| CVE-2023-38213 Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations ... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-3632 Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Hom... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-23903 An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return a... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-24015 A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-48581 A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for th... | 8.8 | HIGH | — | 0 |
| CVE-2023-31448 A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving di... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-31449 A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor in... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-31450 A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into beh... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-31452 A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provide... | 8.8 | HIGH | — | 0 |
| CVE-2023-32781 A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write ne... | 7.2 | HIGH | — | 0 |
| CVE-2023-32782 A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new fil... | 7.2 | HIGH | — | 0 |
| CVE-2023-33953 gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the fol... | 7.5 | HIGH | — | 0 |
| CVE-2023-34545 A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3953 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-4273 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries fr... | 6.0 | MEDIUM | — | 0 |
| CVE-2022-48582 A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allo... | 8.8 | HIGH | — | 0 |
| CVE-2023-39969 uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual addre... | 9.0 | CRITICAL | — | 0 |
| CVE-2023-3518 HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1. | 7.4 | HIGH | — | 0 |
| CVE-2023-40012 uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-39531 Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access ... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-48580 A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows... | 8.8 | HIGH | — | 0 |
| CVE-2022-48583 A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows ... | 8.8 | HIGH | — | 0 |
| CVE-2022-48584 A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.