CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2023-34477 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38044 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38045 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-4012 ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). | 7.5 | HIGH | — | 0 |
| CVE-2023-4199 A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagory_data.php. The manipulation of the argu... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-36054 lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs becaus... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-36499 Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. | 8.8 | HIGH | — | 0 |
| CVE-2023-38412 Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. | 8.8 | HIGH | — | 0 |
| CVE-2023-38591 Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. | 8.8 | HIGH | — | 0 |
| CVE-2023-38921 Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameter... | 8.8 | HIGH | — | 0 |
| CVE-2023-38922 Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth functio... | 8.8 | HIGH | — | 0 |
| CVE-2023-38924 Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-38925 Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. | 8.8 | HIGH | — | 0 |
| CVE-2023-38926 Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. | 8.8 | HIGH | — | 0 |
| CVE-2023-38928 Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38929 Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38930 Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the a... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38931 Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38932 Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38933 Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38934 Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38935 Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the f... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38936 Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were disco... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-1695 A potential security vulnerability has been identified in the HP Application Enabling Software Driver for certain HP PC products, which might allow escalation of privilege. HP is releasing software up... | 5.7 | MEDIUM | — | 0 |
| CVE-2023-38937 Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38938 Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38939 Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38940 Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-33993 B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful explo... | 7.1 | HIGH | — | 0 |
| CVE-2023-39349 Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-... | 8.1 | HIGH | — | 0 |
| CVE-2023-39363 Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-39550 Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function... | 8.8 | HIGH | — | 0 |
| CVE-2023-4200 A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of ... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-36923 SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. ... | 7.8 | HIGH | — | 0 |
| CVE-2023-38704 import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifie... | 8.1 | HIGH | — | 0 |
| CVE-2023-39524 PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-4201 A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-39523 ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-39525 PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a sp... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-39526 PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-39527 PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5,... | 8.3 | HIGH | — | 0 |
| CVE-2023-39528 PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project i... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-39529 PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-39530 PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this iss... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-4537 IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket. | 7.5 | HIGH | — | 0 |
| CVE-2023-36926 Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions.... | 3.7 | LOW | — | 0 |
| CVE-2023-37483 SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37484 SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-37486 Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successfu... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-37487 SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impa... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.