Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-28733 Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstan... | 8.1 | HIGH | — | 0 |
| CVE-2022-28734 Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bou... | 8.1 | HIGH | — | 0 |
| CVE-2022-28735 The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 ... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-28736 There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support fr... | 6.4 | MEDIUM | — | 0 |
| CVE-2022-28737 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to b... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-37289 It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthen... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38408 The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Cod... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37601 Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts. | 7.5 | HIGH | — | 0 |
| CVE-2021-39822 Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current us... | 7.8 | HIGH | — | 0 |
| CVE-2023-3783 A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument new_file_... | 3.5 | LOW | — | 0 |
| CVE-2023-3784 A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument search... | 3.5 | LOW | — | 0 |
| CVE-2023-37290 InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to lo... | 7.5 | HIGH | — | 0 |
| CVE-2023-3785 A vulnerability was found in PaulPrinting CMS 2018. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument firstname/lastname/address/... | 3.5 | LOW | — | 0 |
| CVE-2023-32482 Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group. | 4.9 | MEDIUM | — | 0 |
| CVE-2023-32483 Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could e... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-32446 Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulne... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-32447 Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read ... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-32455 Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulne... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-37602 An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-3786 A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-32265 A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Vi... | 7.1 | HIGH | — | 0 |
| CVE-2023-32476 Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files. | 6.4 | MEDIUM | — | 0 |
| CVE-2022-2127 An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenge... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-34966 An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did... | 7.5 | HIGH | — | 0 |
| CVE-2023-37291 Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access... | 8.6 | HIGH | — | 0 |
| CVE-2023-34967 A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the ke... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-3787 A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. This vulnerability affects unknown code. The manipulation of the argument name leads to cross site scripting... | 3.5 | LOW | — | 0 |
| CVE-2023-3788 A vulnerability, which was classified as problematic, has been found in ActiveITzone Active Super Shop CMS 2.5. This issue affects some unknown processing of the component Manage Details Page. The man... | 3.5 | LOW | — | 0 |
| CVE-2023-3789 A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the... | 3.5 | LOW | — | 0 |
| CVE-2023-30200 In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without... | 7.5 | HIGH | — | 0 |
| CVE-2023-37471 Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does ... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-3790 A vulnerability has been found in Boom CMS 8.0.7 and classified as problematic. Affected by this vulnerability is the function add of the component assets-manager. The manipulation of the argument tit... | 3.5 | LOW | — | 0 |
| CVE-2021-45094 Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-31461 Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerabilit... | 7.5 | HIGH | — | 0 |
| CVE-2023-31462 An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with highe... | 8.8 | HIGH | — | 0 |
| CVE-2023-37728 IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-38334 Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, ren... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-38335 Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementati... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-3791 A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Addres... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-37164 Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-37165 Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-37600 Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-38523 The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history a... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-38617 Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-3792 A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-24275 A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-39425 SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on cr... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-31753 SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-34625 ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A maliciou... | 8.1 | HIGH | — | 0 |
| CVE-2023-37649 Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.