CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-21984 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker wi... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-21985 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attack... | 7.7 | HIGH | — | 0 |
| CVE-2023-21986 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 ... | 5.7 | MEDIUM | — | 0 |
| CVE-2023-21987 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulner... | 7.8 | HIGH | — | 0 |
| CVE-2023-21988 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerab... | 3.8 | LOW | — | 0 |
| CVE-2023-21989 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerab... | 6.0 | MEDIUM | — | 0 |
| CVE-2023-21990 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerab... | 8.2 | HIGH | — | 0 |
| CVE-2023-21991 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerab... | 3.2 | LOW | — | 0 |
| CVE-2023-21992 Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Administer Workforce). The supported version that is affected is 9.2. Easily exploitable vulne... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-21993 Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications (component: Forms). The supported version that is affected is 5.4.0.2. Easily exploitable vuln... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-21996 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily expl... | 7.5 | HIGH | — | 0 |
| CVE-2023-21997 Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerab... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-21998 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerab... | 4.6 | MEDIUM | — | 0 |
| CVE-2023-21999 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulner... | 3.6 | LOW | — | 0 |
| CVE-2024-20819 Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. | 6.6 | MEDIUM | — | 0 |
| CVE-2023-22000 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerab... | 4.6 | MEDIUM | — | 0 |
| CVE-2023-22001 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerab... | 4.6 | MEDIUM | — | 0 |
| CVE-2023-22002 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerab... | 6.0 | MEDIUM | — | 0 |
| CVE-2023-22003 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attack... | 3.3 | LOW | — | 0 |
| CVE-2023-25552 A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Devic... | 8.1 | HIGH | — | 0 |
| CVE-2022-43378 A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-25547 A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Affected products: ... | 8.8 | HIGH | — | 0 |
| CVE-2023-25548 A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged user... | 8.8 | HIGH | — | 0 |
| CVE-2023-25549 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. ... | 7.2 | HIGH | — | 0 |
| CVE-2023-25550 A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname synta... | 7.2 | HIGH | — | 0 |
| CVE-2023-25551 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-25553 A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-25554 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciou... | 7.8 | HIGH | — | 0 |
| CVE-2023-25555 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute u... | 5.6 | MEDIUM | — | 0 |
| CVE-2023-26048 Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `Htt... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-26049 Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tamp... | 2.4 | LOW | — | 0 |
| CVE-2023-28003 A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out ... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-28440 Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout... | 2.7 | LOW | — | 0 |
| CVE-2023-28839 Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. The module Shoppingfeed for PrestaShop is vulnerable to SQL injection between version 1.4.0 and 1.8.2 due... | 9.4 | CRITICAL | — | 0 |
| CVE-2023-28856 Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected ve... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-29411 A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29297 Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability tha... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-29412 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote code execution when manipulating internal methods throug... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29413 A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. | 7.5 | HIGH | — | 0 |
| CVE-2023-28004 A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-29002 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include da... | 7.2 | HIGH | — | 0 |
| CVE-2023-2131 Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. | 10.0 | CRITICAL | — | 0 |
| CVE-2023-29196 Discourse is an open source platform for community discussion. This vulnerability is not exploitable on the default install of Discourse. A custom feature must be enabled for it to work at all, and th... | 4.2 | MEDIUM | — | 0 |
| CVE-2023-29410 A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided ov... | 7.2 | HIGH | — | 0 |
| CVE-2023-30538 Discourse is an open source platform for community discussion. Due to the improper sanitization of SVG files, an attacker can execute arbitrary JavaScript on the users’ browsers by uploading a crafted... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-30606 Discourse is an open source platform for community discussion. In affected versions a user logged as an administrator can call arbitrary methods on the `SiteSetting` class, notably `#clear_cache!` and... | 4.2 | MEDIUM | — | 0 |
| CVE-2022-47435 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin <= 1.1.3 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-29510 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also ... | 9.9 | CRITICAL | — | 0 |
| CVE-2023-29512 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, P... | 9.9 | CRITICAL | — | 0 |
| CVE-2023-29513 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribu... | 5.0 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.