Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4008 2025-05-21 N/A 0.0 The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and…
CVE-2025-4949 2025-05-21 N/A 0.0 In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol…
CVE-2025-4478 2025-05-16 HIGH 7.1 A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service…
CVE-2023-48795 2023-12-18 MEDIUM 5.9 The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are…
CVE-2024-36761 2024-06-12 CRITICAL 9.8 naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs.
CVE-2025-4642 2025-05-22 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-4562 2025-05-22 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-40864 2022-09-23 CRITICAL 9.8 Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function setSmartPowerManagement with the request /goform/PowerSaveSet
CVE-2022-40862 2022-09-23 CRITICAL 9.8 Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulnerability in the function fromNatStaticSetting with the request /goform/NatStaticSetting
CVE-2022-40860 2022-09-23 CRITICAL 9.8 Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability in the function formSetQosBand->FUN_0007dd20 with request /goform/SetNetControlList
CVE-2022-40853 2022-09-23 CRITICAL 9.8 Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set
CVE-2022-40093 2022-09-23 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php.
CVE-2022-40092 2022-09-23 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php.
CVE-2022-40091 2022-09-23 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php.
CVE-2022-35257 2022-09-23 HIGH 7.8 A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop…
CVE-2022-35097 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc.
CVE-2022-33681 2022-09-23 MEDIUM 5.9 Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar…
CVE-2022-30121 2022-09-23 MEDIUM 6.7 The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows…
CVE-2022-24280 2022-09-23 MEDIUM 6.5 Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the…
CVE-2024-13858 2025-05-02 MEDIUM 6.4 The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘invitee_name’ parameter in all versions up to, and including, 2.8.50 and…
CVE-2022-40868 2022-09-23 CRITICAL 9.8 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/
CVE-2022-40867 2022-09-23 CRITICAL 9.8 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/
CVE-2022-40866 2022-09-23 CRITICAL 9.8 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/
CVE-2022-40861 2022-09-23 HIGH 7.2 Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/
CVE-2022-40855 2022-09-23 CRITICAL 9.8 Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or…
CVE-2022-40854 2022-09-23 CRITICAL 9.8 Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set
CVE-2022-40851 2022-09-23 CRITICAL 9.8 Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.
CVE-2022-35246 2022-09-23 MEDIUM 4.3 A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat
CVE-2022-32852 2022-09-23 HIGH 7.1 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected…
CVE-2022-35092 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c.
CVE-2022-35091 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow()
CVE-2022-34348 2022-09-23 HIGH 7.1 IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to…
CVE-2022-32817 2022-09-23 MEDIUM 5.5 An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An…
CVE-2022-32816 2022-09-23 MEDIUM 6.5 The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website…
CVE-2022-32815 2022-09-23 HIGH 7.8 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey…
CVE-2022-32797 2022-09-23 HIGH 7.1 This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript…
CVE-2022-32796 2022-09-23 HIGH 7.8 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with…
CVE-2022-32792 2022-09-23 HIGH 8.8 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari…
CVE-2022-32790 2022-09-23 HIGH 7.5 This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6,…
CVE-2022-32789 2022-09-23 MEDIUM 5.5 A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences.
CVE-2022-32787 2022-09-23 HIGH 8.8 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6,…
CVE-2022-32786 2022-09-23 MEDIUM 5.5 An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey…
CVE-2022-32785 2022-09-23 MEDIUM 5.5 A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS…
CVE-2022-32783 2022-09-23 MEDIUM 5.5 A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.
CVE-2022-22423 2022-09-23 MEDIUM 5.5 IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to…
CVE-2020-27252 2020-12-14 HIGH 8.8 Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed…
CVE-2020-25187 2020-12-14 HIGH 8.8 Medtronic MyCareLink Smart 25000 is  vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event…
CVE-2020-25183 2020-12-14 HIGH 8.0 Medtronic MyCareLink Smart 25000 contains an authentication protocol vulnerability where the method used to authenticate between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app…
CVE-2003-5004 2025-05-22 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2025-25500 2025-03-18 HIGH 7.5 An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy…
« Anterior Página 1172 de 4309 Siguiente »