Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-40853 2022-09-23 CRITICAL 9.8 Tenda AC15 router V15.03.05.19 contains a stack overflow via the list parameter at /goform/fast_setting_wifi_set
CVE-2022-40093 2022-09-23 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_tax.php.
CVE-2022-40092 2022-09-23 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_payment.php.
CVE-2022-40091 2022-09-23 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tour/admin/update_packages.php.
CVE-2022-35257 2022-09-23 HIGH 7.8 A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop…
CVE-2022-35097 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::writeTTF at /xpdf/FoFiTrueType.cc.
CVE-2022-33681 2022-09-23 MEDIUM 5.9 Delayed TLS hostname verification in the Pulsar Java Client and the Pulsar Proxy make each client vulnerable to a man in the middle attack. Connections from the Pulsar…
CVE-2022-30121 2022-09-23 MEDIUM 6.7 The “LANDesk(R) Management Agent” service exposes a socket and once connected, it is possible to launch commands only for signed executables. This is a security bug that allows…
CVE-2022-24280 2022-09-23 MEDIUM 6.5 Improper Input Validation vulnerability in Proxy component of Apache Pulsar allows an attacker to make TCP/IP connection attempts that originate from the Pulsar Proxy's IP address. When the…
CVE-2024-13858 2025-05-02 MEDIUM 6.4 The BuddyBoss Platform plugin and BuddyBoss Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘invitee_name’ parameter in all versions up to, and including, 2.8.50 and…
CVE-2022-40868 2022-09-23 CRITICAL 9.8 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formDelDhcpRule with the request /goform/delDhcpRules/
CVE-2022-40867 2022-09-23 CRITICAL 9.8 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formIPMacBindDel with the request /goform/delIpMacBind/
CVE-2022-40866 2022-09-23 CRITICAL 9.8 Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_CN_TDC) contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/
CVE-2022-40861 2022-09-23 HIGH 7.2 Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability in the formSetQosBand->FUN_0007db78 function with the request /goform/SetNetControlList/
CVE-2022-40855 2022-09-23 CRITICAL 9.8 Tenda W20E router V15.11.0.6 contains a stack overflow in the function formSetPortMapping with post request 'goform/setPortMapping/'. This vulnerability allows attackers to cause a Denial of Service (DoS) or…
CVE-2022-40854 2022-09-23 CRITICAL 9.8 Tenda AC18 router contained a stack overflow vulnerability in /goform/fast_setting_wifi_set
CVE-2022-40851 2022-09-23 CRITICAL 9.8 Tenda AC15 V15.03.05.19 contained a stack overflow via the function fromAddressNat.
CVE-2022-35246 2022-09-23 MEDIUM 4.3 A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat
CVE-2022-32852 2022-09-23 HIGH 7.1 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected…
CVE-2022-35092 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c.
CVE-2022-35091 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow()
CVE-2022-34348 2022-09-23 HIGH 7.1 IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to…
CVE-2022-32817 2022-09-23 MEDIUM 5.5 An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An…
CVE-2022-32816 2022-09-23 MEDIUM 6.5 The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website…
CVE-2022-32815 2022-09-23 HIGH 7.8 The issue was addressed with improved memory handling. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey…
CVE-2022-32797 2022-09-23 HIGH 7.1 This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted AppleScript…
CVE-2022-32796 2022-09-23 HIGH 7.8 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5. An app may be able to execute arbitrary code with…
CVE-2022-32792 2022-09-23 HIGH 8.8 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari…
CVE-2022-32790 2022-09-23 HIGH 7.5 This issue was addressed with improved checks. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, macOS Big Sur 11.6.6,…
CVE-2022-32789 2022-09-23 MEDIUM 5.5 A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5. An app may be able to bypass Privacy preferences.
CVE-2022-32787 2022-09-23 HIGH 8.8 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6,…
CVE-2022-32786 2022-09-23 MEDIUM 5.5 An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey…
CVE-2022-32785 2022-09-23 MEDIUM 5.5 A null pointer dereference was addressed with improved validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS…
CVE-2022-32783 2022-09-23 MEDIUM 5.5 A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.
CVE-2022-22423 2022-09-23 MEDIUM 5.5 IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to…
CVE-2020-27252 2020-12-14 HIGH 8.8 Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed…
CVE-2020-25187 2020-12-14 HIGH 8.8 Medtronic MyCareLink Smart 25000 is  vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event…
CVE-2020-25183 2020-12-14 HIGH 8.0 Medtronic MyCareLink Smart 25000 contains an authentication protocol vulnerability where the method used to authenticate between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app…
CVE-2003-5004 2025-05-22 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2025-25500 2025-03-18 HIGH 7.5 An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy…
CVE-2025-30113 2025-03-18 CRITICAL 9.8 An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application…
CVE-2025-30114 2025-03-18 CRITICAL 9.1 An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's…
CVE-2025-30115 2025-03-18 CRITICAL 9.8 An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which…
CVE-2025-30116 2025-03-18 HIGH 7.5 An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote…
CVE-2025-30117 2025-03-18 HIGH 7.3 An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by…
CVE-2023-6270 2024-01-04 HIGH 7.0 A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free…
CVE-2025-45752 2025-05-21 HIGH 7.2 A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager.
CVE-2025-27558 2025-05-21 CRITICAL 9.1 IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary…
CVE-2024-57529 2025-05-21 MEDIUM 6.1 Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
CVE-2024-23687 2024-01-19 CRITICAL 9.1 Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and…
« Anterior Página 1173 de 4309 Siguiente »