Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-42838 An issue with app access to camera data was addressed with improved logic. This issue is fixed in macOS Ventura 13. A camera extension may be able to continue receiving video after the app which activ... | 3.3 | LOW | — | 0 |
| CVE-2022-46705 A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a ... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-46712 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code wit... | 7.8 | HIGH | — | 0 |
| CVE-2022-46713 A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the fil... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-23493 A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3. An encrypted volume may be unmounted and remounted by a different user wit... | 3.3 | LOW | — | 0 |
| CVE-2023-23498 A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be select... | 3.3 | LOW | — | 0 |
| CVE-2023-23501 The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-23512 The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-s... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-23513 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba networ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-24258 SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-26041 Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they w... | 2.6 | LOW | — | 0 |
| CVE-2023-26043 GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-1055 A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information lea... | 5.5 | MEDIUM | — | 0 |
| CVE-2015-10086 A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to ... | 7.3 | HIGH | — | 0 |
| CVE-2023-1081 Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. | 4.8 | MEDIUM | — | 0 |
| CVE-2023-43577 A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 6.7 | MEDIUM | — | 0 |
| CVE-2020-36652 Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server... | 6.6 | MEDIUM | — | 0 |
| CVE-2022-3884 Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue ... | 7.3 | HIGH | — | 0 |
| CVE-2022-4895 Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows M... | 8.6 | HIGH | — | 0 |
| CVE-2021-22283 Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Rel... | 6.2 | MEDIUM | — | 0 |
| CVE-2023-43578 A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 6.7 | MEDIUM | — | 0 |
| CVE-2022-43459 Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainForm – Form Builder for WordPress plugin <= 2.5.3 versions. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-23992 Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-24419 Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Builder Team Formidable Forms plugin <= 5.5.6 versions. | 7.1 | HIGH | — | 0 |
| CVE-2022-47179 Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weather plugin <= 5.6.11 leads to post duplication as a draft. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-47612 Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.5 leads to list column update. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-0461 There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM... | 7.8 | HIGH | — | 0 |
| CVE-2023-23865 Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-23983 Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-25807 DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to th... | 7.2 | HIGH | — | 0 |
| CVE-2023-20938 In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution pri... | 7.8 | HIGH | — | 0 |
| CVE-2023-23689 Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 integrated hardware management software contains an uncontrolled resource consumption vulnerability. This may allow an unauthent... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-25540 Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial ... | 6.0 | MEDIUM | — | 0 |
| CVE-2023-22768 Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a p... | 7.2 | HIGH | — | 0 |
| CVE-2022-41722 A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transfo... | 7.5 | HIGH | — | 0 |
| CVE-2022-41724 Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to constru... | 7.5 | HIGH | — | 0 |
| CVE-2022-41725 A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of ... | 7.5 | HIGH | — | 0 |
| CVE-2022-41727 An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2023-25432 An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/cou... | 7.2 | HIGH | — | 0 |
| CVE-2023-43579 A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 6.7 | MEDIUM | — | 0 |
| CVE-2023-1065 This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-27371 GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows a... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-1099 A vulnerability was found in SourceCodester Online Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file eduauth/edit-class-det... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-1100 A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component P... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-1251 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23239 Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site ... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-25575 API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\Metadata\ApiProperty` attribute can b... | 7.7 | HIGH | — | 0 |
| CVE-2023-0847 The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using d... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-26608 SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS via the module editor. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-1104 Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.