Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-22339 IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network e... | 7.3 | HIGH | β | 0 |
| CVE-2022-27047 mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27145 GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-27146 GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-27147 GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-27148 GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-43515 CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting... | 7.8 | HIGH | β | 0 |
| CVE-2021-43517 FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27476 A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName para... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-1283 NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-27152 Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification. | 5.7 | MEDIUM | β | 0 |
| CVE-2021-43498 An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. | 7.5 | HIGH | β | 0 |
| CVE-2022-1284 heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-24821 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Progr... | 6.8 | MEDIUM | β | 0 |
| CVE-2022-26854 Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system acces... | 8.1 | HIGH | β | 0 |
| CVE-2021-36287 Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system. | 7.3 | HIGH | β | 0 |
| CVE-2021-36288 Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files | 8.6 | HIGH | β | 0 |
| CVE-2021-36290 Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. | 6.4 | MEDIUM | β | 0 |
| CVE-2021-36293 Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges. | 6.4 | MEDIUM | β | 0 |
| CVE-2021-43009 A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-22563 Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source... | 4.4 | MEDIUM | β | 0 |
| CVE-2022-24428 Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially ... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-24819 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to us... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-24820 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering ... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-26851 Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data... | 9.1 | CRITICAL | β | 0 |
| CVE-2022-26852 Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an... | 8.1 | HIGH | β | 0 |
| CVE-2022-26855 Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of serv... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-26180 qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI. | 8.8 | HIGH | β | 0 |
| CVE-2022-26588 A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attackers to delete arbitrary users or achieve account takeover via the app/service.php URI. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-27883 A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an ... | 7.3 | HIGH | β | 0 |
| CVE-2022-26877 Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick the Asana desktop app into loading a malicious web page. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-1287 A vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a PO... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-1288 A vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the i... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-1276 Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1286 heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-1289 A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remot... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-1290 Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session h... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-1291 XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure ses... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-27125 zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-27126 zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27268 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability i... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27269 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is trigge... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27270 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is trig... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27271 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is trigger... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27272 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27273 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27274 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27275 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27276 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27277 InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. | 9.1 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.