Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-2052 Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3269 Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-37232 Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-39056 RAVA certificate validation system has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL command to access, modify and delete database. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31122 Wire is an encrypted communication and collaboration platform. Versions prior to 2022-07-12/Chart 4.19.0 are subject to Token Recipient Confusion. If an attacker has certain details of SAML IdP metada... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-33872 An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in Telnet login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42075 Wedding Planner v1.0 is vulnerable to arbitrary code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-34914 Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application sta... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3268 Weak Password Requirements in GitHub repository ikus060/minarca prior to 4.2.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-33874 An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in SSH login components of FortiTester 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3362 Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-32234 An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. N... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45136 Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data.... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45378 In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criter... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35289 A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaSc... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40138 An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute a... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25046 A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-39428 Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vuln... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38823 In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38826 In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38827 TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38828 TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38829 Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38830 Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38831 Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList | 9.8 | CRITICAL | β | 0 |
| CVE-2022-32863 A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code e... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40835 B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: Multiple third parties have disputed this as not a valid vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2022-39036 The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and exec... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38119 UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-37598 Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40017 The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3203 On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40834 B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_not_like() function. Note: Multiple third parties have disputed this as not... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-39396 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code E... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40144 A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installa... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-39305 Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fail... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-3218 Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27804 An os command injection vulnerability exists in the web interface util_set_abode_code functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-4446 PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40812 The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40810 The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40833 B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_in() function. Note: Multiple third parties have disputed this as not... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40809 The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27805 An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbi... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29472 An OS command injection vulnerability exists in the web interface util_set_serial_mac functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40432 The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40431 The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40430 The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40429 The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-40428 The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.