Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-31208 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver contains an endpoint that can execute arbitrary commands by manipulating the cmd_string URL parameter. | 8.8 | HIGH | β | 0 |
| CVE-2022-31209 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31210 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be d... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31211 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31212 An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is su... | 7.5 | HIGH | β | 0 |
| CVE-2022-30626 Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the name of the existing access point on the component, and a password in clear text. | 6.3 | MEDIUM | β | 0 |
| CVE-2022-31213 An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file. | 7.5 | HIGH | β | 0 |
| CVE-2022-32985 libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-33903 Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | 7.5 | HIGH | β | 0 |
| CVE-2020-16093 In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LD... | 7.5 | HIGH | β | 0 |
| CVE-2020-23561 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722. | 5.5 | MEDIUM | β | 0 |
| CVE-2020-23562 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000aefe. | 5.5 | MEDIUM | β | 0 |
| CVE-2020-23563 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-40874 An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) an... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-41419 QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42923 ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If an attacker overwrites the file %temp%\ShowMyPC\-ShowMyPC3606\wodVPN.dll, it will run any malicious code contained in that file. Th... | 7.3 | HIGH | β | 0 |
| CVE-2021-44954 In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges from a qvisdvr user to the root user by abusing a Sudo misconfiguration. | 7.8 | HIGH | β | 0 |
| CVE-2022-27434 UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to contain a SQL injection vulnerability via the ProfileName parameter in the errorReporting page. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42755 An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 ... | 4.3 | MEDIUM | β | 0 |
| CVE-2016-15003 A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of th... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-24688 An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The Touch settings allow unrestricted file upload (and consequently Remote Code Execution) via PDF upload with PHP content and a .php e... | 8.8 | HIGH | β | 0 |
| CVE-2022-24689 An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages (including personal data) without being... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-24690 An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A PresAbs.php SQL Injection vulnerability allows unauthenticated users to taint database data and extract sensitive information via cra... | 8.2 | HIGH | β | 0 |
| CVE-2022-24691 An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL Injection vulnerability allows authenticated users to taint database data and extract sensitive information via crafted HTTP requ... | 7.1 | HIGH | β | 0 |
| CVE-2022-34952 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24692 An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The new menu option within the general Parameters page is vulnerable to stored XSS. The attacker can create a menu option, make it visi... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-30620 On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Ad... | 8.2 | HIGH | β | 0 |
| CVE-2022-30621 Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Reading arbitrary files on the camera's OS as root user. | 7.6 | HIGH | β | 0 |
| CVE-2022-30623 The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-30624 Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password. | 6.8 | MEDIUM | β | 0 |
| CVE-2022-30625 Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete ... | 5.7 | MEDIUM | β | 0 |
| CVE-2022-30627 This vulnerability affects all of the company's products that also include the FW versions: update_i90_cv2.021_b20210104, update_i50_v1.0.55_b20200509, update_x6_v2.1.2_b202001127, update_b5_v2.0.9_b2... | 5.7 | MEDIUM | β | 0 |
| CVE-2022-32450 AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM whe... | 7.1 | HIGH | β | 0 |
| CVE-2022-35404 ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | 8.2 | HIGH | β | 0 |
| CVE-2021-33655 When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. | 6.7 | MEDIUM | β | 0 |
| CVE-2022-23142 ZXEN CG200 has a DoS vulnerability. An attacker could construct and send a large number of HTTP GET requests in a short time, which can make the product management websites not accessible. | 5.3 | MEDIUM | β | 0 |
| CVE-2022-2400 External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. | 5.3 | MEDIUM | β | 0 |
| CVE-2022-34889 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute high-privileged cod... | 8.2 | HIGH | β | 0 |
| CVE-2022-34890 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-priv... | 8.8 | HIGH | β | 0 |
| CVE-2022-34891 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privi... | 7.8 | HIGH | β | 0 |
| CVE-2022-34892 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privi... | 7.8 | HIGH | β | 0 |
| CVE-2022-34639 CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-34899 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged ... | 7.8 | HIGH | β | 0 |
| CVE-2022-34900 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 (39313) Agent. An attacker must first obtain the ability to execute low-privileged ... | 7.8 | HIGH | β | 0 |
| CVE-2022-34901 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged ... | 7.8 | HIGH | β | 0 |
| CVE-2022-34902 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. An attacker must first obtain the ability to execute low-privileged ... | 7.8 | HIGH | β | 0 |
| CVE-2022-35741 Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by de... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-34640 The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a was discovered to be incorrect. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-44170 A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized co... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-22304 An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform... | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.