Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-0102 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-0103 If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow a... | 7.5 | HIGH | — | 0 |
| CVE-2022-33964 Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 7.4 | HIGH | — | 0 |
| CVE-2023-22803 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to perform critical functions to the PLC. This could allow an attacker to change the PLC's mode arbitrarily. | 7.5 | HIGH | — | 0 |
| CVE-2023-22804 LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create users on the PLC. This could allow an attacker to create and use an account with elevated privileges and t... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-22805 LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-22806 LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive informat... | 7.5 | HIGH | — | 0 |
| CVE-2023-22807 LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-38111 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute ar... | 7.2 | HIGH | — | 0 |
| CVE-2022-47503 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute ar... | 7.2 | HIGH | — | 0 |
| CVE-2022-47504 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute ar... | 7.2 | HIGH | — | 0 |
| CVE-2022-47506 SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling ... | 7.8 | HIGH | — | 0 |
| CVE-2022-47507 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute ar... | 7.2 | HIGH | — | 0 |
| CVE-2022-47508 Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing K... | 7.5 | HIGH | — | 0 |
| CVE-2023-23463 Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-23465 Media CP Media Control Panel latest version. CSRF possible through unspecified endpoint. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-23836 SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the Sol... | 7.2 | HIGH | — | 0 |
| CVE-2023-24498 An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | 7.5 | HIGH | — | 0 |
| CVE-2023-24499 Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-0848 A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been rated as problematic. This issue affects some unknown processing of the component Web Management Interface. The manipulation leads... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-0849 A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command inje... | 4.7 | MEDIUM | — | 0 |
| CVE-2023-0850 A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classified as problematic. This issue affects some unknown processing of the component Web Interface. The manipulation leads to denial of s... | 2.7 | LOW | — | 0 |
| CVE-2022-35883 NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. | 2.2 | LOW | — | 0 |
| CVE-2023-0861 NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. A successful exploit could allow an authenticated user to execute arbitrary commands with el... | 7.2 | HIGH | — | 0 |
| CVE-2023-0860 Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. | 7.5 | HIGH | — | 0 |
| CVE-2023-0862 The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. By uploading malicious files to the web root directory, authe... | 7.2 | HIGH | — | 0 |
| CVE-2022-3843 In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an undocumented configuration interface without authorization allows an remote attacker to read system information and configure a lim... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-22578 Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. | 10.0 | CRITICAL | — | 0 |
| CVE-2023-22579 Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. | 9.9 | CRITICAL | — | 0 |
| CVE-2023-22580 Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-25153 containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted ... | 6.2 | MEDIUM | — | 0 |
| CVE-2023-25173 containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-23783 A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted ... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-27890 It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position ... | 6.3 | MEDIUM | — | 0 |
| CVE-2022-27891 Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apo... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-27892 Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would have allowed an attacker to exhaust the memory of the Gotham dispatch service. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-27897 Palantir Gotham versions prior to 3.22.11.2 included an unauthenticated endpoint that would load portions of maliciously crafted zip files to memory. An attacker could repeatedly upload a malicious zi... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-48306 Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perfor... | 5.7 | MEDIUM | — | 0 |
| CVE-2022-48307 It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position... | 6.3 | MEDIUM | — | 0 |
| CVE-2022-48308 It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position ... | 6.3 | MEDIUM | — | 0 |
| CVE-2023-23926 APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An XML External Entity (XXE) vulnerability found in the apoc.import.graphml procedure of APOC core plugin prior to version 5.5.0 and... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-23936 Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issu... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-23947 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All Argo CD versions starting with 2.3.0-rc1 and prior to 2.3.17, 2.4.23 2.5.11, and 2.6.2 are vulnerable to an improper auth... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-24807 Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrus... | 7.5 | HIGH | — | 0 |
| CVE-2022-25905 Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable esc... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-42756 Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions m... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42761 A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through ... | 9.0 | CRITICAL | — | 0 |
| CVE-2021-43074 An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and belo... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-26115 A use of password hash with insufficient computational effort vulnerability [CWE-916] in FortiSandbox before 4.2.0 may allow an attacker with access to the password database to efficiently mount bulk ... | 5.9 | MEDIUM | — | 0 |
| CVE-2022-27482 A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x al... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.