CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-47560 The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in. | 5.7 | MEDIUM | — | 0 |
| CVE-2022-47561 The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all... | 7.3 | HIGH | — | 0 |
| CVE-2022-47562 Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition. | 7.5 | HIGH | — | 0 |
| CVE-2023-22644 A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead ... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-41374 Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Ko... | 7.8 | HIGH | — | 0 |
| CVE-2023-41375 Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kos... | 7.8 | HIGH | — | 0 |
| CVE-2022-45447 M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, ret... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-34047 A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An ap... | 3.1 | LOW | — | 0 |
| CVE-2023-4853 A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This iss... | 8.1 | HIGH | — | 0 |
| CVE-2023-5084 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. | 3.9 | LOW | — | 0 |
| CVE-2012-4695 LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service ... | N/A | NONE | — | 0 |
| CVE-2022-45448 M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically creat... | 3.5 | LOW | — | 0 |
| CVE-2023-0829 Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrat... | 8.8 | HIGH | — | 0 |
| CVE-2023-43477 The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, ... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-4236 A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused u... | 7.5 | HIGH | — | 0 |
| CVE-2019-19450 paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar c... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1438 A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability. | 6.4 | MEDIUM | — | 0 |
| CVE-2023-27617 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-0118 An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-0462 An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. | 8.0 | HIGH | — | 0 |
| CVE-2023-41902 An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. | 7.8 | HIGH | — | 0 |
| CVE-2023-43196 D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43197 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43198 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43199 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43201 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43202 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands v... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43203 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43204 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manua... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43206 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary comman... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43207 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands v... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43478 fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allo... | 8.8 | HIGH | — | 0 |
| CVE-2022-3916 A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and ... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-42464 A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dic... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43630 PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not so... | 8.8 | HIGH | — | 0 |
| CVE-2023-43635 Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulti... | 8.8 | HIGH | — | 0 |
| CVE-2023-43375 Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, a... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-43636 In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing the encrypted data located in the vault. As per the “measured boot” design, the PCR values calculated at diffe... | 8.8 | HIGH | — | 0 |
| CVE-2023-2262 A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remo... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-2508 The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-5074 Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | 9.8 | CRITICAL | — | 0 |
| CVE-2023-40043 In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transf... | 7.2 | HIGH | — | 0 |
| CVE-2023-39052 An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-42656 In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identifi... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-42660 In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transf... | 8.8 | HIGH | — | 0 |
| CVE-2023-43494 Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build histo... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-43495 Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnera... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-43497 In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permis... | 8.1 | HIGH | — | 0 |
| CVE-2023-43498 In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissi... | 8.1 | HIGH | — | 0 |
| CVE-2023-43499 Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able ... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.