CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-25487 Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-24486 A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-24487 Arbitrary file read in Citrix ADC and Citrix Gateway | 6.3 | MEDIUM | — | 0 |
| CVE-2023-24488 Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting | 6.1 | MEDIUM | — | 0 |
| CVE-2023-34432 A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure. | 7.8 | HIGH | — | 0 |
| CVE-2023-3606 A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command ... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-41896 Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication... | 7.1 | HIGH | — | 0 |
| CVE-2023-3607 A vulnerability was found in kodbox 1.26. It has been declared as critical. This vulnerability affects the function Execute of the file webconsole.php.txt of the component WebConsole Plug-In. The mani... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-24490 Users with only access to launch VDA applications can launch an unauthorized desktop | 6.3 | MEDIUM | — | 0 |
| CVE-2023-30956 A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment.... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-30960 A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of jo... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-30963 A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Found... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-3608 A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command inject... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-37191 A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Descripti... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-37189 A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into ... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-37190 A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name an... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-31405 SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modificatio... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-33987 An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, ... | 8.6 | HIGH | — | 0 |
| CVE-2023-33988 In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-33989 An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Data from confide... | 8.7 | HIGH | — | 0 |
| CVE-2023-33990 SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local syst... | 7.8 | HIGH | — | 0 |
| CVE-2023-33992 The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose u... | 4.5 | MEDIUM | — | 0 |
| CVE-2023-35781 Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-35870 When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leadin... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-35871 The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KER... | 7.7 | HIGH | — | 0 |
| CVE-2023-35872 The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthent... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-35873 The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenti... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-35874 SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.8... | 6.0 | MEDIUM | — | 0 |
| CVE-2023-36917 SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, ... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-36918 In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenti... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-36919 In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated a... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-36921 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On ... | 7.2 | HIGH | — | 0 |
| CVE-2023-36922 Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an unprotected... | 9.1 | CRITICAL | — | 0 |
| CVE-2022-31810 A vulnerability has been identified in SiPass integrated (All versions < V2.90.3.8). Affected server applications improperly check the size of data packets received for the configuration client login,... | 7.5 | HIGH | — | 0 |
| CVE-2023-36924 While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin priv... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-36925 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on con... | 7.2 | HIGH | — | 0 |
| CVE-2023-23792 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-23791 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-23803 Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-45823 Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-40657 A reflected XSS vulnerability was discovered in the Joomdoc component for Joomla. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-1936 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, wh... | 3.5 | LOW | — | 0 |
| CVE-2023-23704 Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-23731 Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-23997 Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <= 1.2.7 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-24421 Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-25051 Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <= 1.4 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-25468 Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-22302 A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 a... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-23777 An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may... | 7.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.