Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-23747 In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23764 The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and ... | 8.8 | HIGH | β | 0 |
| CVE-2022-23765 This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the... | 8.0 | HIGH | β | 0 |
| CVE-2022-28752 Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability... | 8.8 | HIGH | β | 0 |
| CVE-2022-2334 The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure ... | 7.2 | HIGH | β | 0 |
| CVE-2022-2335 A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | 7.5 | HIGH | β | 0 |
| CVE-2022-2336 Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-2337 A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22. | 7.5 | HIGH | β | 0 |
| CVE-2022-2338 Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, f... | 5.7 | MEDIUM | β | 0 |
| CVE-2022-2547 A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | 7.5 | HIGH | β | 0 |
| CVE-2022-35122 An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords. | 9.1 | CRITICAL | β | 0 |
| CVE-2022-35133 A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-35147 DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35148 maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-2867 libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-2868 libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-2869 libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-35151 kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-35598 A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35599 A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35601 A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35602 A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35603 A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35605 A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35606 A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.' | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30070 An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the opera... | 7.5 | HIGH | β | 0 |
| CVE-2021-30071 A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-35153 FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35154 Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35164 LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35165 An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-35166 libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-35173 An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation. | 7.5 | HIGH | β | 0 |
| CVE-2022-35198 Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information. | 7.5 | HIGH | β | 0 |
| CVE-2022-25986 Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-28715 Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-29487 Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-29891 Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-2876 A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. Affected is an unknown function of the file index.php. The manipulation of the argument id lea... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-30604 Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-30693 Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors. | 5.3 | MEDIUM | β | 0 |
| CVE-2022-32283 Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-32453 HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-32544 Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-32583 Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-33151 Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-33311 Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-29549 An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was ins... | 7.3 | HIGH | β | 0 |
| CVE-2022-35175 Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-29550 An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps auxwwe" output to the /var/log/qualys/qualys-cloud-agent-scan.log file. This may, for example, unexpectedly write credentials (fro... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.