Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-29178 A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authe... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-30897 A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Affected applications fail to set proper access rights for their installation folder if a non-default installation path... | 7.8 | HIGH | — | 0 |
| CVE-2023-33121 A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcen... | 3.3 | LOW | — | 0 |
| CVE-2023-33122 A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcen... | 3.3 | LOW | — | 0 |
| CVE-2023-33123 A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcen... | 7.8 | HIGH | — | 0 |
| CVE-2023-33124 A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcen... | 7.8 | HIGH | — | 0 |
| CVE-2023-33305 A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, For... | 4.9 | MEDIUM | — | 0 |
| CVE-2023-33920 A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain the hash of the root password ... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-33921 A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). The affected devices contain an exposed UART console login ... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-28600 Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and a... | 5.2 | MEDIUM | — | 0 |
| CVE-2023-29501 Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verificatio... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-3218 Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5. | 4.4 | MEDIUM | — | 0 |
| CVE-2023-2807 Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper... | 6.4 | MEDIUM | — | 0 |
| CVE-2023-3047 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3048 Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3049 Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3050 Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-42880 Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Upload Images plugin <= 3.3 versions allows Stored Cross-Site Scripting (XSS). | 6.1 | MEDIUM | — | 0 |
| CVE-2023-23831 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rating-Widget Rating-Widget: Star Review System plugin <= 3.1.9 versions. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-25964 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah Hearle, Design Extreme We’re Open! plugin <= 1.46 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-26528 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jinit9906 Shipyaari Shipping Management plugin <= 1.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-26538 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamyabsoft Chat Bee plugin <= 1.1.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-28620 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cyberus Labs Cyberus Key plugin <= 1.0 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-25978 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate Reist Protected Posts Logout Button plugin <= 1.4.5 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-27624 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-33621 GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. The token is then left in the browser history or acce... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-33695 Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java. | 7.1 | HIGH | — | 0 |
| CVE-2023-28303 Windows Snipping Tool Information Disclosure Vulnerability | 3.3 | LOW | — | 0 |
| CVE-2023-28598 Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash. | 7.5 | HIGH | — | 0 |
| CVE-2023-28599 Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting c... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-31438 An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor ... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-31439 An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifi... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-33620 GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. | 5.9 | MEDIUM | — | 0 |
| CVE-2023-34247 Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-34249 benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd37198ecd3e41ea766d1099354b60d69c2, benjjvi/PyBB is vulnerable to SQL Injection. This vulnerability has been fixed as of commit dca... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-30912 A remote code execution issue exists in HPE OneView. | 7.2 | HIGH | — | 0 |
| CVE-2023-28603 Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. | 7.7 | HIGH | — | 0 |
| CVE-2023-34120 Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privil... | 8.7 | HIGH | — | 0 |
| CVE-2023-34121 Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via n... | 4.1 | MEDIUM | — | 0 |
| CVE-2023-3224 Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-34114 Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. | 7.4 | HIGH | — | 0 |
| CVE-2023-34115 Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-34965 SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-2637 Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies. Hard-coded cryptographic key may lead to privilege escalation. This vulnerab... | 7.3 | HIGH | — | 0 |
| CVE-2023-2638 Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Improper authorization in FTSSBackupRestore.exe may lead to the loadin... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-2639 The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the... | 4.1 | MEDIUM | — | 0 |
| CVE-2023-2778 A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the applic... | 7.5 | HIGH | — | 0 |
| CVE-2023-33817 hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability. | 8.8 | HIGH | — | 0 |
| CVE-2023-34537 A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-34944 An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.