CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2014-125082 A vulnerability was found in nivit redports. It has been declared as critical. This vulnerability affects unknown code of the file redports-trac/redports/model.py. The manipulation leads to sql inject... | 5.5 | MEDIUM | — | 0 |
| CVE-2015-10066 A vulnerability was found in tynx wuersch and classified as critical. Affected by this issue is the function packValue/getByCustomQuery of the file backend/base/Store.class.php. The manipulation leads... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-38469 An unauthorized user with network access and the decryption key could decrypt sensitive data, such as usernames and passwords. | 7.5 | HIGH | — | 0 |
| CVE-2022-39429 Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create ... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-43494 An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | 7.5 | HIGH | — | 0 |
| CVE-2022-46331 An unauthorized user could possibly delete any file on the system. | 7.5 | HIGH | — | 0 |
| CVE-2022-46660 An unauthorized user could alter or write files with full control over the path and content of the file. | 7.5 | HIGH | — | 0 |
| CVE-2023-21824 Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component: Customer, Config, Pricing Manager). Supported versions that are affe... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-21825 Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Supplier Management). Supported versions that are affected are 12.2.6-12.2.8. Easily exploitable vulnerabil... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-21826 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily explo... | 7.6 | HIGH | — | 0 |
| CVE-2022-47911 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allo... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-21827 Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-21828 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). The supported version that is affected is 9.1.0. Easily explo... | 8.1 | HIGH | — | 0 |
| CVE-2023-21829 Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged ... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-21830 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-21831 Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). The supported version that is affected is 9.2. Easily exploitable vulnerab... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-48023 Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-21832 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 5.9.0.0.0, 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable v... | 8.8 | HIGH | — | 0 |
| CVE-2023-21834 Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workflow, Approval, Work Force Management). Supported versions that are affected are 12.2.3-12.... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-21835 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; O... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-21836 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.31 and prior. Easily exploitable vulnerability allows high privileged ... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-21837 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable ... | 7.5 | HIGH | — | 0 |
| CVE-2022-47917 Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to several modules and services of the software... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-21838 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable ... | 7.5 | HIGH | — | 0 |
| CVE-2023-21840 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 5.7.40 and prior. Easily exploitable vulnerability allows high privileged a... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-21841 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable ... | 7.5 | HIGH | — | 0 |
| CVE-2023-21842 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exp... | 7.5 | HIGH | — | 0 |
| CVE-2023-21843 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.1... | 3.7 | LOW | — | 0 |
| CVE-2018-9400 In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-32515 A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate... | 8.6 | HIGH | — | 0 |
| CVE-2022-32516 A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request ... | 7.5 | HIGH | — | 0 |
| CVE-2022-32517 A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an uninte... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-32518 A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique... | 8.0 | HIGH | — | 0 |
| CVE-2022-32519 A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Prod... | 8.0 | HIGH | — | 0 |
| CVE-2022-32520 A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique... | 8.0 | HIGH | — | 0 |
| CVE-2022-32521 A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Prod... | 7.1 | HIGH | — | 0 |
| CVE-2022-32522 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32523 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32524 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32525 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32526 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-54012 Deserialization of Untrusted Data vulnerability in info@welcart Welcart e-Commerce usc-e-shop allows Object Injection.This issue affects Welcart e-Commerce: from n/a through <= 2.11.16. | N/A | NONE | — | 0 |
| CVE-2022-32527 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32528 A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read specific files in the IGSS project report directory, potentially leading to... | 8.6 | HIGH | — | 0 |
| CVE-2022-32529 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-32747 A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the loca... | 8.0 | HIGH | — | 0 |
| CVE-2022-32748 A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could l... | 7.9 | HIGH | — | 0 |
| CVE-2023-22389 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any u... | 5.7 | MEDIUM | — | 0 |
| CVE-2022-4041 Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in f... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-4441 Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in f... | 7.6 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.