Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-37921 Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attack... | 7.2 | HIGH | β | 0 |
| CVE-2022-37922 Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attack... | 7.2 | HIGH | β | 0 |
| CVE-2022-37923 Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attack... | 7.2 | HIGH | β | 0 |
| CVE-2022-37932 A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authen... | 8.8 | HIGH | β | 0 |
| CVE-2022-38656 HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. | 8.6 | HIGH | β | 0 |
| CVE-2022-38661 HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash. | 6.2 | MEDIUM | β | 0 |
| CVE-2021-4244 A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. Th... | 2.6 | LOW | β | 0 |
| CVE-2022-4421 A vulnerability was found in rAthena FluxCP. It has been classified as problematic. Affected is an unknown function of the file themes/default/servicedesk/view.php of the component Service Desk Image ... | 3.5 | LOW | β | 0 |
| CVE-2022-41881 Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an in... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-4311 An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of da... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-4312 A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) ... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-4314 Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-42716 An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This aff... | 8.8 | HIGH | β | 0 |
| CVE-2022-41261 SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file w... | 6.0 | MEDIUM | β | 0 |
| CVE-2022-41263 Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-41264 Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to ac... | 8.8 | HIGH | β | 0 |
| CVE-2022-41266 Due to a lack of proper input validation, SAP Commerce Webservices 2.0 (Swagger UI) - versions 1905, 2005, 2105, 2011, 2205, allows malicious inputs from untrusted sources, which can be leveraged by a... | 8.0 | HIGH | β | 0 |
| CVE-2022-41267 SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling t... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-29580 There exists a path traversal vulnerability in the Android Google Search app. This is caused by the incorrect usage of uri.getLastPathSegment. A symbolic encoded string can bypass the path logic to ge... | 8.9 | HIGH | β | 0 |
| CVE-2022-41268 In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810,Β a transaction code reserved for the custo... | 8.5 | HIGH | β | 0 |
| CVE-2022-41271 An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming ... | 9.4 | CRITICAL | β | 0 |
| CVE-2022-41272 An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-41273 Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the at... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-41274 SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. These endpoints are normally exposed over the ... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-41275 In SAP SolutionΒ Manager (Enterprise Search) -Β versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that co... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-23473 Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki sta... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-41915 Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of val... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-46160 Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-23505 Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a we... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-23523 In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this ... | 4.0 | MEDIUM | β | 0 |
| CVE-2022-4098 Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in ... | 8.0 | HIGH | β | 0 |
| CVE-2022-4444 A vulnerability was found in ipti br.tag. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack ca... | 3.5 | LOW | β | 0 |
| CVE-2022-4446 PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-38124 Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. | 5.7 | MEDIUM | β | 0 |
| CVE-2022-26806 Microsoft Office Graphics Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-40365 Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 7.5 | HIGH | β | 0 |
| CVE-2021-44693 Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 4.9 | MEDIUM | β | 0 |
| CVE-2021-44694 Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-44695 Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 4.9 | MEDIUM | β | 0 |
| CVE-2022-35646 IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IB... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-3032 When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested documen... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-26302 is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-... | 7.5 | HIGH | β | 0 |
| CVE-2013-2375 Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via un... | N/A | NONE | β | 0 |
| CVE-2022-22456 IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten... | 4.2 | MEDIUM | β | 0 |
| CVE-2022-43857 IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated use... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-43858 IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to access the file system and download files they are authorized to but not while using this interface. The remote authenticated... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-43859 IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION b... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-22184 An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of ... | 7.5 | HIGH | β | 0 |
| CVE-2022-22457 IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 2250... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-22458 IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009. | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.