CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-29376 Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the direct... | 8.8 | HIGH | — | 0 |
| CVE-2022-29362 A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Parent... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-34663 A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCO... | 8.0 | HIGH | — | 0 |
| CVE-2021-3670 MaxQueryDuration not honoured in Samba AD DC LDAP | 6.5 | MEDIUM | — | 0 |
| CVE-2023-33027 Transient DOS in WLAN Firmware while parsing rsn ies. | 7.5 | HIGH | — | 0 |
| CVE-2020-36794 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | N/A | NONE | — | 0 |
| CVE-2022-1615 In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-32743 Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | 7.5 | HIGH | — | 0 |
| CVE-2022-2433 The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3.... | 7.5 | HIGH | — | 0 |
| CVE-2022-39158 A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCO... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-20920 A vulnerability in the SSH implementation of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due... | 7.7 | HIGH | — | 0 |
| CVE-2009-1354 Directory traversal vulnerability in Mongoose 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | N/A | NONE | — | 0 |
| CVE-2009-1355 Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename. | N/A | NONE | — | 0 |
| CVE-2009-1356 Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file. | N/A | NONE | — | 0 |
| CVE-2022-3109 An issue was discovered in the FFmpeg package, where vp3_decode_frame in libavcodec/vp3.c lacks check of the return value of av_malloc() and will cause a null pointer dereference, impacting availabili... | 7.5 | HIGH | — | 0 |
| CVE-2020-10650 A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.... | 8.1 | HIGH | — | 0 |
| CVE-2020-36795 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | N/A | NONE | — | 0 |
| CVE-2006-7238 Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2022-3341 A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avfor... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-25613 An LDAP Injection vulnerability exists in the LdapIdentityBackend of Apache Kerby before 2.0.3. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19692 Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-19695 Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-20868 NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-31746 There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0. An unauthenticated attacker can exploit the vulnerability to execute system commands as the root us... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-21629 Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. | 6.8 | MEDIUM | — | 0 |
| CVE-2023-21631 Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. | 7.5 | HIGH | — | 0 |
| CVE-2023-21633 Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. | 6.7 | MEDIUM | — | 0 |
| CVE-2023-22386 Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. | 7.8 | HIGH | — | 0 |
| CVE-2023-22387 Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. | 7.8 | HIGH | — | 0 |
| CVE-2023-22667 Memory Corruption in Audio while allocating the ion buffer during the music playback. | 8.4 | HIGH | — | 0 |
| CVE-2023-24851 Memory Corruption in WLAN HOST while parsing QMI response message from firmware. | 7.8 | HIGH | — | 0 |
| CVE-2023-24854 Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. | 7.8 | HIGH | — | 0 |
| CVE-2023-28541 Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. | 7.8 | HIGH | — | 0 |
| CVE-2023-28542 Memory Corruption in WLAN HOST while fetching TX status information. | 7.8 | HIGH | — | 0 |
| CVE-2020-25969 gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest(). | 9.8 | CRITICAL | — | 0 |
| CVE-2023-36390 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX15... | 8.8 | HIGH | — | 0 |
| CVE-2023-39269 A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCO... | 7.5 | HIGH | — | 0 |
| CVE-2023-37847 novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-41080 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 throu... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-28831 The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. ... | 7.5 | HIGH | — | 0 |
| CVE-2023-21673 Improper Access to the VM resource manager can lead to Memory Corruption. | 8.7 | HIGH | — | 0 |
| CVE-2023-22385 Memory Corruption in Data Modem while making a MO call or MT VOLTE call. | 8.2 | HIGH | — | 0 |
| CVE-2023-33028 Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24843 Transient DOS in Modem while triggering a camping on an 5G cell. | 7.5 | HIGH | — | 0 |
| CVE-2023-24847 Transient DOS in Modem while allocating DSM items. | 7.5 | HIGH | — | 0 |
| CVE-2023-24848 Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. | 8.2 | HIGH | — | 0 |
| CVE-2023-24849 Information Disclosure in data Modem while parsing an FMTP line in an SDP message. | 8.2 | HIGH | — | 0 |
| CVE-2023-24850 Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. | 7.8 | HIGH | — | 0 |
| CVE-2023-24855 Memory corruption in Modem while processing security related configuration before AS Security Exchange. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-28539 Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | 6.6 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.