Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-42048 An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero ed... | 4.8 | MEDIUM | β | 0 |
| CVE-2022-42303 An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT serv... | 8.0 | HIGH | β | 0 |
| CVE-2021-42049 An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot undo revisions or oversight on pages where they suppressed information (such as PII). This allows ov... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-43403 An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in ... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-45788 Time-based SQL Injection vulnerabilities were found in Metersphere v1.15.4 via the "orders" parameter. | 8.8 | HIGH | β | 0 |
| CVE-2021-45789 An arbitrary file read vulnerability was found in Metersphere v1.15.4, where authenticated users can read any file on the server via the file download function. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-45790 An arbitrary file upload vulnerability was found in Metersphere v1.15.4. Unauthenticated users can upload any file to arbitrary directory, where attackers can write a cron job to execute commands. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45843 glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulate... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-1718 The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in ... | 7.5 | HIGH | β | 0 |
| CVE-2022-1719 Reflected XSS on ticket filter function in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability is capable of executing a malicious javascript code in web page | 5.4 | MEDIUM | β | 0 |
| CVE-2022-1725 NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-38222 There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an at... | 7.8 | HIGH | β | 0 |
| CVE-2022-40278 An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to ... | 7.5 | HIGH | β | 0 |
| CVE-2022-40279 An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dis... | 7.5 | HIGH | β | 0 |
| CVE-2022-3355 Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-2529 sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of ... | 7.5 | HIGH | β | 0 |
| CVE-2022-3352 Use After Free in GitHub repository vim/vim prior to 9.0.0614. | 7.8 | HIGH | β | 0 |
| CVE-2022-39250 Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the v... | 8.6 | HIGH | β | 0 |
| CVE-2022-39252 matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their... | 8.6 | HIGH | β | 0 |
| CVE-2022-39254 matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the... | 8.6 | HIGH | β | 0 |
| CVE-2022-29503 A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create t... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-39266 isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, ... | 9.6 | CRITICAL | β | 0 |
| CVE-2022-36066 Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously ... | 9.1 | CRITICAL | β | 0 |
| CVE-2022-36068 Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and e... | 7.2 | HIGH | β | 0 |
| CVE-2022-39226 Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large ... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-40922 A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-39232 Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current p... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-3364 Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | 7.5 | HIGH | β | 0 |
| CVE-2022-41849 drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a ... | 4.2 | MEDIUM | β | 0 |
| CVE-2022-41850 roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a r... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-2922 Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | 4.9 | MEDIUM | β | 0 |
| CVE-2022-3371 Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | 7.5 | HIGH | β | 0 |
| CVE-2022-23726 PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-36830 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-36839 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-36854 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-2628 The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting a... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-36855 Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-21826 Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves t... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-28851 Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a v... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-32540 Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidentia... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36961 A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | 8.8 | HIGH | β | 0 |
| CVE-2022-20662 A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because t... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-20728 A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-20769 A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) conditio... | 7.4 | HIGH | β | 0 |
| CVE-2022-20810 A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensi... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-20818 Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on comm... | 7.8 | HIGH | β | 0 |
| CVE-2022-41423 Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-41054 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2022-41055 Windows Human Interface Device Information Disclosure Vulnerability | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.