Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2023-48425 U-Boot vulnerability resulting in persistent Code ExecutionΒ | 9.8 | CRITICAL | β | 0 |
| CVE-2023-49417 TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2023-5907 The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to syste... | 6.5 | MEDIUM | β | 0 |
| CVE-2023-41117 An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, st... | 8.8 | HIGH | β | 0 |
| CVE-2009-1068 Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary... | N/A | NONE | β | 0 |
| CVE-2015-8314 The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. | 7.5 | HIGH | β | 0 |
| CVE-2018-16153 An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. | 7.5 | HIGH | β | 0 |
| CVE-2023-28465 The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed dire... | 7.5 | HIGH | β | 0 |
| CVE-2023-50771 Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-50440 ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANSSI qualification submission); ZED! for Windows before Q.2021.2 (ANSSI qualification submission); ZONECENTRAL for Windows before Q.... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-49739 Vulnerability in IdeaBox Creations PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a through 2.9.23. | 7.1 | HIGH | β | 0 |
| CVE-2023-6837 Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditi... | 8.5 | HIGH | β | 0 |
| CVE-2023-7035 A vulnerability was found in automad up to 1.10.9 and classified as problematic. Affected by this issue is some unknown functionality of the file packages\standard\templates\post.php of the component ... | 2.4 | LOW | β | 0 |
| CVE-2024-22956 swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838 | 7.8 | HIGH | β | 0 |
| CVE-2024-21732 FlyCms through abbaa5a allows XSS via the permission management feature. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-5877 The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to it's affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticate... | 9.8 | CRITICAL | β | 0 |
| CVE-2023-6000 The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks. | 6.1 | MEDIUM | β | 0 |
| CVE-2023-6037 The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scrip... | 4.8 | MEDIUM | β | 0 |
| CVE-2023-6113 The WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowi... | 7.5 | HIGH | β | 0 |
| CVE-2023-6271 The Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive infor... | 7.5 | HIGH | β | 0 |
| CVE-2023-6485 The Html5 Video Player WordPress plugin before 2.5.19 does not sanitise and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenti... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-32831 In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not n... | 5.5 | MEDIUM | β | 0 |
| CVE-2023-32872 In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not ... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-32875 In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is no... | 4.4 | MEDIUM | β | 0 |
| CVE-2020-26623 SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the log... | 3.8 | LOW | β | 0 |
| CVE-2023-32876 In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is no... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-32877 In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-32879 In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not nee... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-32880 In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not n... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-32881 In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not need... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-32882 In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-32883 In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is n... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-32884 In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... | 6.7 | MEDIUM | β | 0 |
| CVE-2023-32886 In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction... | 7.5 | HIGH | β | 0 |
| CVE-2023-32887 In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not ... | 7.5 | HIGH | β | 0 |
| CVE-2023-32889 In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interactio... | 7.5 | HIGH | β | 0 |
| CVE-2023-32891 In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interacti... | 6.7 | MEDIUM | β | 0 |
| CVE-2020-26624 A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. | 3.8 | LOW | β | 0 |
| CVE-2023-50020 An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF. | 7.5 | HIGH | β | 0 |
| CVE-2023-49549 An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. | 7.5 | HIGH | β | 0 |
| CVE-2023-49553 An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. | 7.5 | HIGH | β | 0 |
| CVE-2023-49554 Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-49555 An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-49556 Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-49557 An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-49558 An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. | 5.5 | MEDIUM | β | 0 |
| CVE-2023-50345 HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threat... | 3.7 | LOW | β | 0 |
| CVE-2023-50346 HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information. | 3.1 | LOW | β | 0 |
| CVE-2023-50348 HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, e... | 3.1 | LOW | β | 0 |
| CVE-2022-34917 A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on bro... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.