Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2023-4273 A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries fr... | 6.0 | MEDIUM | — | 0 |
| CVE-2022-48582 A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allo... | 8.8 | HIGH | — | 0 |
| CVE-2023-39969 uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual addre... | 9.0 | CRITICAL | — | 0 |
| CVE-2023-3518 HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1. | 7.4 | HIGH | — | 0 |
| CVE-2023-40012 uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates... | 5.9 | MEDIUM | — | 0 |
| CVE-2023-39531 Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access ... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-48580 A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows... | 8.8 | HIGH | — | 0 |
| CVE-2022-48583 A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This allows ... | 8.8 | HIGH | — | 0 |
| CVE-2022-48584 A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a shell command. This... | 8.8 | HIGH | — | 0 |
| CVE-2022-48585 A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the... | 8.8 | HIGH | — | 0 |
| CVE-2022-48586 A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the inject... | 8.8 | HIGH | — | 0 |
| CVE-2022-48587 A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the in... | 8.8 | HIGH | — | 0 |
| CVE-2022-48588 A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows ... | 8.8 | HIGH | — | 0 |
| CVE-2022-48589 A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for t... | 8.8 | HIGH | — | 0 |
| CVE-2022-48590 A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allo... | 8.8 | HIGH | — | 0 |
| CVE-2022-48591 A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a... | 8.8 | HIGH | — | 0 |
| CVE-2022-48592 A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to... | 8.8 | HIGH | — | 0 |
| CVE-2022-48593 A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for ... | 8.8 | HIGH | — | 0 |
| CVE-2022-48594 A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for ... | 8.8 | HIGH | — | 0 |
| CVE-2022-48595 A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows f... | 8.8 | HIGH | — | 0 |
| CVE-2022-48596 A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for ... | 8.8 | HIGH | — | 0 |
| CVE-2022-48597 A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for th... | 8.8 | HIGH | — | 0 |
| CVE-2022-48598 A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows ... | 8.8 | HIGH | — | 0 |
| CVE-2022-48599 A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for t... | 8.8 | HIGH | — | 0 |
| CVE-2022-48600 A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injecti... | 8.8 | HIGH | — | 0 |
| CVE-2022-48601 A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for t... | 8.8 | HIGH | — | 0 |
| CVE-2022-48602 A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for t... | 8.8 | HIGH | — | 0 |
| CVE-2022-48603 A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for ... | 8.8 | HIGH | — | 0 |
| CVE-2022-48604 A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the inj... | 8.8 | HIGH | — | 0 |
| CVE-2023-23346 HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | 6.4 | MEDIUM | — | 0 |
| CVE-2023-39004 Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38997 A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands a... | 7.2 | HIGH | — | 0 |
| CVE-2023-38998 An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-38999 A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (Do... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-39000 A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject ... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-39001 A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a cra... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-39002 A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbit... | 6.1 | MEDIUM | — | 0 |
| CVE-2023-39003 OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | 7.5 | HIGH | — | 0 |
| CVE-2023-39005 Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | 7.5 | HIGH | — | 0 |
| CVE-2023-39006 The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-39007 /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. | 9.6 | CRITICAL | — | 0 |
| CVE-2023-39008 A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system ... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-23347 HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information. | 6.4 | MEDIUM | — | 0 |
| CVE-2023-33468 KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the co... | 9.1 | CRITICAL | — | 0 |
| CVE-2022-45811 Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5. | 5.4 | MEDIUM | — | 0 |
| CVE-2023-33469 In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local co... | 7.8 | HIGH | — | 0 |
| CVE-2023-37068 Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerabilit... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-38347 An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox. | 6.1 | MEDIUM | — | 0 |
| CVE-2023-38348 A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1. | 8.8 | HIGH | — | 0 |
| CVE-2023-33241 Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on... | 9.6 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.