Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2023-52515 In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsi_done() from srp_abort() After scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler callback... | 7.8 | HIGH | — | 0 |
| CVE-2023-52516 In the Linux kernel, the following vulnerability has been resolved: dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock __dma_entry_alloc_check_leak() calls into printk -> s... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52520 In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix reference leak If a duplicate attribute is found using kset_find_obj(), a reference to that attribute... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52526 In the Linux kernel, the following vulnerability has been resolved: erofs: fix memory leak of LZMA global compressed deduplication When stressing microLZMA EROFS images with the new global compresse... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-21826 in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. | 4.3 | MEDIUM | — | 0 |
| CVE-2023-52528 In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: =====... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-52531 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + si... | 7.8 | HIGH | — | 0 |
| CVE-2023-52560 In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-46480 An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48188 SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49145 Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authentica... | 7.9 | HIGH | — | 0 |
| CVE-2023-29770 In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. | 8.8 | HIGH | — | 0 |
| CVE-2023-47437 A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in th... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-35136 An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) seri... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-35139 A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series fi... | 5.2 | MEDIUM | — | 0 |
| CVE-2023-37925 An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W)... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-37926 A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-47503 An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. | 9.8 | CRITICAL | — | 0 |
| CVE-2023-4397 A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware vers... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-4398 An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware version... | 7.5 | HIGH | — | 0 |
| CVE-2023-5797 An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W)... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-5960 An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-32063 OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to ins... | 5.0 | MEDIUM | — | 0 |
| CVE-2023-32064 OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security re... | 5.0 | MEDIUM | — | 0 |
| CVE-2023-32065 OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version ... | 5.8 | MEDIUM | — | 0 |
| CVE-2023-48713 Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the resp... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-49075 The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security fire... | 8.4 | HIGH | — | 0 |
| CVE-2023-24023 Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length... | 6.8 | MEDIUM | — | 0 |
| CVE-2023-3368 Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special c... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3533 Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-3545 Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections an... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-48023 Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a str... | 9.1 | CRITICAL | — | 0 |
| CVE-2023-4220 Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-... | 8.1 | HIGH | — | 0 |
| CVE-2023-4221 Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation ... | 7.2 | HIGH | — | 0 |
| CVE-2023-4222 Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation... | 7.2 | HIGH | — | 0 |
| CVE-2023-4223 Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 | HIGH | — | 0 |
| CVE-2023-4224 Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 | HIGH | — | 0 |
| CVE-2023-4225 Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 | HIGH | — | 0 |
| CVE-2023-4226 Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. | 8.8 | HIGH | — | 0 |
| CVE-2023-34054 In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-servic... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-4667 The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any ... | 8.1 | HIGH | — | 0 |
| CVE-2023-6150 Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105. | 7.5 | HIGH | — | 0 |
| CVE-2023-42004 IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force... | 8.0 | HIGH | — | 0 |
| CVE-2023-6201 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: befor... | 8.8 | HIGH | — | 0 |
| CVE-2023-6359 A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and part... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-48042 Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-49313 A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading t... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49314 Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspect... | 7.8 | HIGH | — | 0 |
| CVE-2023-49062 Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Kat... | 7.5 | HIGH | — | 0 |
| CVE-2023-41264 Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the conf... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.