CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2023-30448 IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-30449 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439. | 7.5 | HIGH | β | 0 |
| CVE-2023-30765 βDelta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege e... | 8.8 | HIGH | β | 0 |
| CVE-2023-34316 βAn attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-28073 SolarWinds Serv-U was found to be susceptible to a Directory Traversal Remote Code Vulnerability. This vulnerability requires a highly privileged account to be exploited. | 8.4 | HIGH | β | 0 |
| CVE-2023-21255 In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User ... | 7.8 | HIGH | β | 0 |
| CVE-2023-21400 In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privile... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-37415 Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 BeforeΒ 6.1.2Β the proxy_user option can also inject semicol... | 8.8 | HIGH | β | 0 |
| CVE-2023-38252 An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. | 4.7 | MEDIUM | β | 0 |
| CVE-2022-36424 Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <=Β 3.11.9 versions. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-41962 Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-34329 AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidenti... | 9.1 | CRITICAL | β | 0 |
| CVE-2023-34330 AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a los... | 8.2 | HIGH | β | 0 |
| CVE-2023-3609 A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately... | 7.8 | HIGH | β | 0 |
| CVE-2023-3610 A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-aft... | 7.8 | HIGH | β | 0 |
| CVE-2023-3611 An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c al... | 7.8 | HIGH | β | 0 |
| CVE-2023-3776 A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately r... | 7.8 | HIGH | β | 0 |
| CVE-2023-38060 Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-34478 Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route req... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-20593 An issue in βZen 2β CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-34189 Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delet... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-34434 Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.Β The attacker could bypass the current logic an... | 7.5 | HIGH | β | 0 |
| CVE-2023-35088 Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-3897 Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affec... | 4.8 | MEDIUM | β | 0 |
| CVE-2023-37895 Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unsta... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-38435 An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attack... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-31927 An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about t... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-37920 Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e... | 7.5 | HIGH | β | 0 |
| CVE-2023-37977 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress β WPFunnels plugin <=Β 2.7.16 versions. | 7.1 | HIGH | β | 0 |
| CVE-2022-43701 When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code. | 7.8 | HIGH | β | 0 |
| CVE-2022-43702 When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. | 7.8 | HIGH | β | 0 |
| CVE-2022-43703 An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files. | 7.8 | HIGH | β | 0 |
| CVE-2023-36542 Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a lo... | 8.8 | HIGH | β | 0 |
| CVE-2023-34552 In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker pres... | 8.8 | HIGH | β | 0 |
| CVE-2023-31425 A vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation t... | 7.8 | HIGH | β | 0 |
| CVE-2023-31427 Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regar... | 7.8 | HIGH | β | 0 |
| CVE-2023-3494 The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process... | 8.8 | HIGH | β | 0 |
| CVE-2023-31428 Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-31430 A buffer overflow vulnerability in βsecpolicydeleteβ command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric O... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-31431 A buffer overflow vulnerability in βdiagstatusβ command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-31432 Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS version... | 7.8 | HIGH | β | 0 |
| CVE-2023-31928 A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-31926 System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. | 7.1 | HIGH | β | 0 |
| CVE-2023-4136 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affec... | 7.4 | HIGH | β | 0 |
| CVE-2023-39508 Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authentica... | 8.8 | HIGH | β | 0 |
| CVE-2023-3896 Divide By Zero in vim/vim fromΒ 9.0.1367-1 toΒ 9.0.1367-3 | 7.8 | HIGH | β | 0 |
| CVE-2023-37569 This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS command... | 8.8 | HIGH | β | 0 |
| CVE-2023-4009 In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges... | 7.2 | HIGH | β | 0 |
| CVE-2023-4202 Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the w... | 9.0 | CRITICAL | β | 0 |
| CVE-2023-20860 Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spri... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.