Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-47102 UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-24337 CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands in... | 8.0 | HIGH | — | 0 |
| CVE-2023-31100 Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.... | 8.4 | HIGH | — | 0 |
| CVE-2023-48197 Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48198 A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48199 HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. This occurs when user-supplied data is not a... | 7.8 | HIGH | — | 0 |
| CVE-2023-48200 Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ compon... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48031 OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48029 Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user... | 8.0 | HIGH | — | 0 |
| CVE-2023-48028 kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-47853 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.Th... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-47100 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-47038. Reason: This record is a duplicate of CVE-2023-47038. Notes: All CVE users should reference CVE-2023-47038 instead of this reco... | N/A | NONE | — | 0 |
| CVE-2023-48866 A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component within /api/objects/recipes and note component within /api/objects/shopping_lists/ of Grocy <= 4.0.3 allows attackers to ... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-5058 Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execut... | 7.8 | HIGH | — | 0 |
| CVE-2023-51127 FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to o... | 7.5 | HIGH | — | 0 |
| CVE-2023-6648 A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation o... | 7.3 | HIGH | — | 0 |
| CVE-2023-5236 A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-5347 An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue a... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-5376 An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01. | 8.6 | HIGH | — | 0 |
| CVE-2023-51126 Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-31031 NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to ... | 4.2 | MEDIUM | — | 0 |
| CVE-2024-20906 Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerabil... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-24676 An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed bec... | 7.2 | HIGH | — | 0 |
| CVE-2024-24267 gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function. | 7.5 | HIGH | — | 0 |
| CVE-2023-6388 Suite CRM version 7.14.2 allows making arbitrary HTTP requests through the vulnerable server. This is possible because the application is vulnerable to SSRF. | 5.0 | MEDIUM | — | 0 |
| CVE-2024-26581 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that h... | 7.8 | HIGH | — | 0 |
| CVE-2023-52442 In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate session id and tree id in compound request `smb2_get_msg()` in smb2_get_ksmbd_tcon() and smb2_check_user_session()... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-1714 An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user... | 7.1 | HIGH | — | 0 |
| CVE-2024-0446 A maliciously crafted STP, CATPART or MODEL file, when parsed in ASMKERN228A.dll and ASMdatax229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may le... | 7.8 | HIGH | — | 0 |
| CVE-2024-23120 A maliciously crafted STP and STEP file, when parsed in ASMIMPORT228A.dll and ASMIMPORT229A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage... | 7.8 | HIGH | — | 0 |
| CVE-2024-23121 A maliciously crafted MODEL file, when parsed in libodxdll.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a cr... | 7.8 | HIGH | — | 0 |
| CVE-2024-23122 A maliciously crafted 3DM file, when parsed in opennurbs.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a cras... | 7.8 | HIGH | — | 0 |
| CVE-2024-23123 A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerab... | 7.8 | HIGH | — | 0 |
| CVE-2023-52453 In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume When the optional PRE_COPY support was added to speed ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-1833 A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipula... | 7.3 | HIGH | — | 0 |
| CVE-2024-25128 Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive ... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-52556 In OpenBSD 7.4 before errata 009, a race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic. | 6.2 | MEDIUM | — | 0 |
| CVE-2023-52557 In OpenBSD 7.3 before errata 016, npppd(8) could crash by a l2tp message which has an AVP (Attribute-Value Pair) with wrong length. | 7.5 | HIGH | — | 0 |
| CVE-2024-1460 MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from ... | 5.6 | MEDIUM | — | 0 |
| CVE-2023-52558 In OpenBSD 7.4 before errata 002 and OpenBSD 7.3 before errata 019, a network buffer that had to be split at certain length that could crash the kernel after receiving specially crafted escape sequenc... | 7.5 | HIGH | — | 0 |
| CVE-2024-2134 A vulnerability has been found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This vulnerability affects unknown code of the file /investigation/delete/ of the component I... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-2135 A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This issue affects some unknown processing of the file /hospital_activities/birth/form of the comp... | 2.4 | LOW | — | 0 |
| CVE-2024-20345 A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vu... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-1443 MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-46426 Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component... | 8.8 | HIGH | — | 0 |
| CVE-2023-46427 An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49453 Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-45793 A vulnerability has been identified in Siveillance Control (All versions >= V2.8 < V3.1.1). The affected product does not properly check the list of access groups that are assigned to an individual us... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-2431 An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode. | 5.5 | MEDIUM | — | 0 |
| CVE-2024-2432 A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires ... | 4.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.