Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2022-45721 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45720 IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45719 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45718 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formIPMacBindAdd function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45717 IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the usbPartitionName parameter in the formSetUSBPartitionUmount function. This vulnerability is exploited ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45716 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the indexSet parameter in the formIPMacBindDel function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45711 IP-COM M50 V15.11.0.33(10768) was discovered to contain a command injection vulnerability via the hostname parameter in the formSetNetCheckTools function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45710 IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45709 IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection vulnerabilities via the pEnable, pLevel, and pModule parameters in the formSetDebugCfg function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45708 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the sPortMapIndex parameter in the formDelPortMapping function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45707 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter in the formAddDnsHijack function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45706 IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the hostname parameter in the formSetNetCheckTools function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46882 A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-45715 IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pLanPortRange and pWanPortRange parameters in the formSetPortMapping function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3921 The Listingo WordPress theme before 3.2.7 does not validate files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files and lead to RCE | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47939 An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44567 A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal(), which may lead to r... | 9.8 | CRITICAL | — | 0 |
| CVE-2023-49970 Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-4060 The User Post Gallery WordPress plugin through 2.19 does not limit what callback functions can be called by users, making it possible to any visitors to run code on sites running it. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47864 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47862 Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47861 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47860 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44362 Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform/AddSysLogRule. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47859 Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-1887 The search term could have been specified externally to trigger SQL injection. This vulnerability affects Firefox for iOS < 101. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47866 Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47865 Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46955 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46954 Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-7550 A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x before 2.4.1) passed certain parameters to the jenkins_plugin module. Remote attackers could use this flaw to expose sensitive inform... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44930 D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-44929 An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25531 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-48122 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25510 RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /AddressBook/address_public_show.aspx. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29159 HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-35326 SQL Injection vulnerability in file /inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/website/WebsiteImagesMapper.xml in inxedu 2.0.6 via the id value. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-29164 HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3900 The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attac... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41417 BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-48121 TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-31810 TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-46475 D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack overflow via the service= variable in the genacgi_main function. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43977 An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-43976 An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. Direct access to the API is possible on TCP port 8888 via programs located in the cgi-... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-47853 TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-23739 An incorrect authorization vulnerability was identified in GitHub Enterprise Server, allowing for escalation of privileges in GraphQL API requests from GitHub Apps. This vulnerability allowed an app i... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-4129 Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of th... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34476 ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox < 102. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.