Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-29293 Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass... | 2.7 | LOW | β | 0 |
| CVE-2023-1109 In Phoenix Contacts ENERGY AXC PU Web service an authenticated restricted user of the web frontend can access, read, write and create files throughout the file system using specially crafted URLs via ... | 8.8 | HIGH | β | 0 |
| CVE-2023-22946 In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitti... | 6.4 | MEDIUM | β | 0 |
| CVE-2023-2017 Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with a... | 8.8 | HIGH | β | 0 |
| CVE-2023-1723 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Veragroup Mobile Assistant allows SQL Injection.This issue affects Mobile Assistant: before 21.S.2... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1274 The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include fu... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-1873 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faturamatik Bircard allows SQL Injection.This issue affects Bircard: before 23.04.05. | 9.8 | CRITICAL | β | 0 |
| CVE-2015-10102 A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. T... | 6.3 | MEDIUM | β | 0 |
| CVE-2015-10103 A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setFo... | 2.8 | LOW | β | 0 |
| CVE-2023-29004 hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI (6.3.9.0 at the moment of writi... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-2130 A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the compo... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-30769 Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the netwo... | 9.1 | CRITICAL | β | 0 |
| CVE-2023-30548 gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. The gatsby-plugin-sharp plugin prior to versions 5.8.1 and 4.25.1 contains... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-46389 There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This ... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-1697 An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and t... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24504 Electra Central AC unit β Adjacent attacker may cause the unit to connect to unauthorized update server. | 7.5 | HIGH | β | 0 |
| CVE-2023-28959 An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast ... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-28960 An Incorrect Permission Assignment for Critical Resource vulnerability in Juniper Networks Junos OS Evolved allows a local, authenticated low-privileged attacker to copy potentially malicious files in... | 8.2 | HIGH | β | 0 |
| CVE-2023-28961 An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from ... | 5.8 | MEDIUM | β | 0 |
| CVE-2023-28962 An Improper Authentication vulnerability in upload-file.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to upload arbitrary files to tem... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-28963 An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from tempo... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-28964 An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated atta... | 7.5 | HIGH | β | 0 |
| CVE-2023-28965 An Improper Check or Handling of Exceptional Conditions within the storm control feature of Juniper Networks Junos OS allows an attacker sending a high rate of traffic to cause a Denial of Service. Co... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-29294 Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A l... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-28967 A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send s... | 7.5 | HIGH | β | 0 |
| CVE-2023-28968 An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-28970 An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an adjacen... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-28971 An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the timescaledb feature of Juniper Networks Paragon Active Assurance (PAA) (Formerly Netrounds) allows an attack... | 7.2 | HIGH | β | 0 |
| CVE-2023-22846 Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disc... | 3.3 | LOW | β | 0 |
| CVE-2023-28972 An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. When "set system po... | 6.8 | MEDIUM | β | 0 |
| CVE-2023-28973 An Improper Authorization vulnerability in the 'sysmanctl' shell command of Juniper Networks Junos OS Evolved allows a local, authenticated attacker to execute administrative commands that could impac... | 7.1 | HIGH | β | 0 |
| CVE-2023-28974 An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In a... | 7.4 | HIGH | β | 0 |
| CVE-2023-28975 An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service (D... | 4.6 | MEDIUM | β | 0 |
| CVE-2023-28976 An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker ... | 7.5 | HIGH | β | 0 |
| CVE-2023-28978 An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the def... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-28979 An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scen... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-28980 A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-28981 An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the recei... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-28982 A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to... | 7.5 | HIGH | β | 0 |
| CVE-2022-40685 Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-28983 An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to ... | 8.8 | HIGH | β | 0 |
| CVE-2023-28984 A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-29197 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names an... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-29213 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick ... | 9.0 | CRITICAL | β | 0 |
| CVE-2023-23579 Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execute code in... | 7.8 | HIGH | β | 0 |
| CVE-2023-30536 slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-30539 Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system t... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-30540 Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted... | 3.5 | LOW | β | 0 |
| CVE-2023-30541 OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. ... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-30543 @web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chai... | 5.2 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.