Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-24567 Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerabilit... | 7.5 | HIGH | β | 0 |
| CVE-2023-24751 libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24752 libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Serv... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-25221 Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. | 7.8 | HIGH | β | 0 |
| CVE-2023-25222 A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c. | 8.8 | HIGH | β | 0 |
| CVE-2023-25544 Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnera... | 7.5 | HIGH | β | 0 |
| CVE-2022-36021 Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attac... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-0594 Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerabil... | 7.3 | HIGH | β | 0 |
| CVE-2023-1127 Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | 7.8 | HIGH | β | 0 |
| CVE-2022-39228 vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-0460 The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. T... | 5.1 | MEDIUM | β | 0 |
| CVE-2022-3162 Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted b... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-3294 Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes s... | 6.6 | MEDIUM | β | 0 |
| CVE-2023-43580 A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 6.7 | MEDIUM | β | 0 |
| CVE-2023-25931 Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updatin... | 6.4 | MEDIUM | β | 0 |
| CVE-2023-1097 Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and execu... | 9.3 | CRITICAL | β | 0 |
| CVE-2023-1130 A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-1131 A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The mani... | 3.5 | LOW | β | 0 |
| CVE-2023-24128 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24129 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24130 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24131 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24132 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24133 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-24134 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-22738 vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended a... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-24127 Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-5001 IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" ... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-5026 IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is r... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-0053 SAUTER Controls Nova 200β220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information... | 7.5 | HIGH | β | 0 |
| CVE-2022-48426 In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible | 4.6 | MEDIUM | β | 0 |
| CVE-2023-22462 Grafana is an open-source platform for monitoring and observability. On 2023-01-01 during an internal audit of Grafana, a member of the security team found a stored XSS vulnerability affecting the cor... | 6.4 | MEDIUM | β | 0 |
| CVE-2023-26046 teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules whe... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-0196 NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of se... | 3.3 | LOW | β | 0 |
| CVE-2023-0228 Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. | 8.8 | HIGH | β | 0 |
| CVE-2023-1106 Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-1107 Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-1146 Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-1147 Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-1148 Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | 4.8 | MEDIUM | β | 0 |
| CVE-2023-25155 Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting i... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-25806 OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the ... | 5.3 | MEDIUM | β | 0 |
| CVE-2023-26053 Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gr... | 6.6 | MEDIUM | β | 0 |
| CVE-2023-1149 Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-1151 A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrato... | 6.3 | MEDIUM | β | 0 |
| CVE-2021-45477 Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-45478 Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-45479 Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: b... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-3854 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection.Β This issue affects Useroam Hotspot: before 5... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-25362 A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.