Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-46321 The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2022-46322 Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | 7.5 | HIGH | β | 0 |
| CVE-2024-28679 DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-46323 Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46324 Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46325 Some smartphones have the out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46326 Some smartphones have the out-of-bounds write vulnerability. Successful exploitation of this vulnerability may cause system service exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46327 Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46328 Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2022-47629 Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42949 Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions. | 7.5 | HIGH | β | 0 |
| CVE-2022-24431 All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization. | 7.4 | HIGH | β | 0 |
| CVE-2022-25893 The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a h... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25895 All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code... | 7.5 | HIGH | β | 0 |
| CVE-2022-46330 Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contai... | 7.8 | HIGH | β | 0 |
| CVE-2022-25929 The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vuln... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-47635 Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-43543 KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even wh... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-44449 Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | 4.8 | MEDIUM | β | 0 |
| CVE-2022-46282 Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file, | 7.8 | HIGH | β | 0 |
| CVE-2022-37310 OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-46662 Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, th... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-40145 This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.m... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38655 BigFix WebUI non-master operators are missing controls that prevent them from being able to modify the relevance of fixlets or to deploy fixlets from the BES Support external site. | 6.4 | MEDIUM | β | 0 |
| CVE-2022-42454 Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure.β― This requires privileged network access. | 6.4 | MEDIUM | β | 0 |
| CVE-2022-44756 Insights for Vulnerability Remediation (IVR) is vulnerable toΒ improper input validation. This may lead to information disclosure. This requires privileged access.β― | 6.4 | MEDIUM | β | 0 |
| CVE-2022-47581 Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDAP v1 bind request. | 7.5 | HIGH | β | 0 |
| CVE-2022-4287 Authentication bypass in local application lock feature in Devolutions Remote Desktop ManagerΒ 2022.3.26 and earlier on Windows allows malicious user to access the application. | 8.8 | HIGH | β | 0 |
| CVE-2022-40841 A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomizationFields v3.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payloads injected into the "htmlNodes" param... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-36221 Nokia Fastmile 3tg00118abad52 is affected by an authenticated path traversal vulnerability which allows attackers to read any named pipe file on the system. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-36222 Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped with a default hardcoded admin account of admin:Nq+L5st7o This account can be used locally to access the web admin interface. | 8.4 | HIGH | β | 0 |
| CVE-2022-46095 Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discovered to contain a Cross-Site Scripting (XSS) vulnerability via verification.php because the program does not verify the txtvaccina... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-46096 A Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid-19 Directory on Vaccination System v1.0 allows attackers to execute arbitrary code via the txtfullname parameter or txtphone p... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-36631 Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.7 | MEDIUM | β | 0 |
| CVE-2021-43657 A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client Management System (SCMS) 1.0 allows remote attackers to inject arbitrary web script or HTML via the v... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-25948 The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-45347 Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as database backend didn't cleanup the database session completely after client authentication failed, which allowed an attacker to execute ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45966 here is an arbitrary file upload vulnerability in the file management function module of Classcms3.5. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-46101 AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code. | 8.8 | HIGH | β | 0 |
| CVE-2022-46102 AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php | 9.8 | CRITICAL | β | 0 |
| CVE-2022-47926 AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php | 9.8 | CRITICAL | β | 0 |
| CVE-2020-15679 An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as t... | 7.6 | HIGH | β | 0 |
| CVE-2020-15685 During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird < 78.7. | 8.8 | HIGH | β | 0 |
| CVE-2021-4126 When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the ... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-4127 An out of date graphics library (Angle) likely contained vulnerabilities that could potentially be exploited. This vulnerability affects Thunderbird < 78.9 and Firefox ESR < 78.9. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4128 When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox o... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-4129 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of th... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-34476 ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-4140 It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-4221 If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefo... | 4.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.