Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2021-42110 An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. | 7.1 | HIGH | — | 0 |
| CVE-2021-43978 Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. | 7.1 | HIGH | — | 0 |
| CVE-2021-44035 Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files. | 4.4 | MEDIUM | — | 0 |
| CVE-2021-23814 This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-23126 TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occur... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-43635 A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-25313 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-29458 ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | 7.1 | HIGH | — | 0 |
| CVE-2022-0563 A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. Wh... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-24446 An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level Operator, can see all SSH servers (and user information) even if no SSH server or user is associated to the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-24447 An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-28391 BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to c... | 8.8 | HIGH | — | 0 |
| CVE-2022-29072 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll a... | 7.8 | HIGH | — | 0 |
| CVE-2021-38487 RTI Connext Professional versions 4.1 to 6.1.0, and Connext Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic.... | 8.2 | HIGH | — | 0 |
| CVE-2022-29181 Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted input... | 8.2 | HIGH | — | 0 |
| CVE-2022-1348 A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-26761 A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary c... | 7.8 | HIGH | — | 0 |
| CVE-2022-26763 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.... | 7.8 | HIGH | — | 0 |
| CVE-2022-26764 A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved ke... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-26765 A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and ... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-26766 A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-26767 The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-26768 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute ... | 7.8 | HIGH | — | 0 |
| CVE-2022-26769 A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may... | 7.8 | HIGH | — | 0 |
| CVE-2022-26770 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application m... | 7.8 | HIGH | — | 0 |
| CVE-2022-26771 A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrar... | 7.8 | HIGH | — | 0 |
| CVE-2022-26772 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | HIGH | — | 0 |
| CVE-2022-26773 A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. | 7.1 | HIGH | — | 0 |
| CVE-2022-26774 A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | 7.8 | HIGH | — | 0 |
| CVE-2022-26775 An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-26776 This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code e... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-31022 Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s files... | 6.2 | MEDIUM | — | 0 |
| CVE-2022-24967 Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). | 6.5 | MEDIUM | — | 0 |
| CVE-2022-29931 The administration interface of the Raytion Custom Security Manager (Raytion CSM) in Version 7.2.0 allows reflected Cross-site Scripting (XSS). | 6.1 | MEDIUM | — | 0 |
| CVE-2022-37434 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. S... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-33631 Microsoft Excel Security Feature Bypass Vulnerability | 7.3 | HIGH | — | 0 |
| CVE-2022-33640 System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2022-33646 Azure Batch Node Agent Elevation of Privilege Vulnerability | 7.0 | HIGH | — | 0 |
| CVE-2022-34691 Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 | HIGH | — | 0 |
| CVE-2022-34692 Microsoft Exchange Server Information Disclosure Vulnerability | 5.3 | MEDIUM | — | 0 |
| CVE-2022-34696 Windows Hyper-V Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2022-34699 Windows Win32k Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2022-34701 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2022-34702 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 | HIGH | — | 0 |
| CVE-2022-34715 Windows Network File System Remote Code Execution Vulnerability | 9.8 | CRITICAL | — | 0 |
| CVE-2022-34703 Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2022-34705 Windows Defender Credential Guard Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2022-34706 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2022-34707 Windows Kernel Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2022-34716 .NET Spoofing Vulnerability | 5.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.