Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-33070
2025-06-10
HIGH
8.1
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-33069
2025-06-10
MEDIUM
5.1
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-33068
2025-06-10
HIGH
7.5
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-33067
2025-06-10
HIGH
8.4
Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2025-33066
2025-06-10
HIGH
8.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-33065
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33064
2025-06-10
HIGH
8.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2025-33063
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33062
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33061
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33060
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33059
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33058
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33057
2025-06-10
MEDIUM
6.5
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
CVE-2025-33056
2025-06-10
HIGH
7.5
Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.
CVE-2025-33055
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33052
2025-06-10
MEDIUM
5.5
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2025-33050
2025-06-10
HIGH
7.5
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2025-32725
2025-06-10
HIGH
7.5
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2025-32724
2025-06-10
HIGH
7.5
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2025-32722
2025-06-10
MEDIUM
5.5
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
CVE-2025-32721
2025-06-10
HIGH
7.3
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-32720
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-32719
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-32718
2025-06-10
HIGH
7.8
Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.
CVE-2025-32716
2025-06-10
HIGH
7.8
Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2025-32715
2025-06-10
MEDIUM
6.5
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
CVE-2025-32714
2025-06-10
HIGH
7.8
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-32713
2025-06-10
HIGH
7.8
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-32712
2025-06-10
HIGH
7.8
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-32710
2025-06-10
HIGH
8.1
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-31104
2025-06-10
HIGH
7.2
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.7, 7.1.0…
CVE-2025-30321
2025-06-10
MEDIUM
5.5
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to…
CVE-2025-30317
2025-06-10
HIGH
7.8
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-29828
2025-06-10
HIGH
8.1
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
CVE-2025-25250
2025-06-10
MEDIUM
4.3
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions…
CVE-2025-24471
2025-06-10
MEDIUM
6.5
An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked…
CVE-2025-24069
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-24068
2025-06-10
MEDIUM
5.5
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-24065
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-22256
2025-06-10
MEDIUM
6.3
A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker…
CVE-2025-22254
2025-06-10
MEDIUM
6.6
An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0…
CVE-2025-22251
2025-06-10
LOW
3.1
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow…
CVE-2024-57189
2025-06-10
N/A
0.0
In Erxes
CVE-2024-57186
2025-06-10
N/A
0.0
In Erxes
CVE-2024-54019
2025-06-10
MEDIUM
4.8
A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN…
CVE-2024-50568
2025-06-10
MEDIUM
5.9
A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14 & FortiProxy version 7.4.0 through 7.4.3, 7.2.0 through…
CVE-2024-50562
2025-06-10
MEDIUM
4.8
An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL-VPN version 7.6.0, version 7.4.6 and below, version 7.2.10 and below, 7.0 all versions, 6.4 all versions may allow an…
CVE-2024-45329
2025-06-10
MEDIUM
4.3
A authorization bypass through user-controlled key in Fortinet FortiPortal versions 7.4.0, versions 7.2.0 through 7.2.5, and versions 7.0.0 through 7.0.8 may allow an authenticated attacker to view unauthorized…
CVE-2024-43706
2025-06-10
HIGH
7.6
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.
« Anterior
Página 1082 de 4308
Siguiente »
Page load link
Go to Top
