Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-25456 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klaviyo, Inc. Klaviyo plugin <=Β 3.0.7 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-20072 A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting ... | 8.6 | HIGH | β | 0 |
| CVE-2023-20080 A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) cond... | 8.6 | HIGH | β | 0 |
| CVE-2023-20081 A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Softwar... | 6.8 | MEDIUM | β | 0 |
| CVE-2023-20082 A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical acce... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-20097 A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to impro... | 4.6 | MEDIUM | β | 0 |
| CVE-2023-20100 A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could ... | 6.8 | MEDIUM | β | 0 |
| CVE-2023-20107 A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Def... | 7.5 | HIGH | β | 0 |
| CVE-2023-20112 A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to i... | 7.4 | HIGH | β | 0 |
| CVE-2023-20113 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affec... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-25992 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <=Β 3.1.9 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-26008 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 β Popular posts plugin for WordPress plugin <=Β 3.2.4 versions. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-1605 Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. | 7.5 | HIGH | β | 0 |
| CVE-2023-1606 A vulnerability was found in novel-plus 3.6.2 and classified as critical. Affected by this issue is some unknown functionality of the file DictController.java. The manipulation of the argument orderby... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-36413 Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. | 9.1 | CRITICAL | β | 0 |
| CVE-2023-1289 A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file t... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-1728 Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-1607 A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql inj... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-1608 A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The ma... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-1609 A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads... | 3.5 | LOW | β | 0 |
| CVE-2023-1610 A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Affected by this issue is some unknown functionality of the file /project/tasks/list. The manipulation leads t... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-25654 baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-20986 In btm_ble_clear_resolving_list_completecomplete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with Syste... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-25655 baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-26361 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability t... | 4.9 | MEDIUM | β | 0 |
| CVE-2023-28436 Tailscale is software for using Wireguard and multi-factor authentication (MFA). A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38... | 5.7 | MEDIUM | β | 0 |
| CVE-2022-3101 A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-20987 In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execut... | 4.5 | MEDIUM | β | 0 |
| CVE-2022-3146 A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-0590 A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix r... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-1402 The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-1612 A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible ... | 6.3 | MEDIUM | β | 0 |
| CVE-2023-1613 A vulnerability has been found in Rebuild up to 3.2.3 and classified as problematic. This vulnerability affects unknown code of the file /feeds/post/publish. The manipulation leads to cross site scrip... | 3.5 | LOW | β | 0 |
| CVE-2023-20859 In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-24788 NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | 8.8 | HIGH | β | 0 |
| CVE-2023-28329 Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | 8.8 | HIGH | β | 0 |
| CVE-2023-28330 Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-41822 An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands.Β | 4.8 | MEDIUM | β | 0 |
| CVE-2023-28332 If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-28333 The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28334 Authenticated users were able to enumerate other users' names via the learning plans page. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-28335 The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | 8.8 | HIGH | β | 0 |
| CVE-2023-28443 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to ... | 4.2 | MEDIUM | β | 0 |
| CVE-2023-28336 Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | 4.3 | MEDIUM | β | 0 |
| CVE-2023-24295 A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file. | 7.8 | HIGH | β | 0 |
| CVE-2023-27034 PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-28441 smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5... | 8.0 | HIGH | β | 0 |
| CVE-2023-28442 GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive ... | 7.5 | HIGH | β | 0 |
| CVE-2023-20984 In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-28445 Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could resul... | 9.9 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.