Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2023-50777 2023-12-13 MEDIUM 4.3 Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSLane authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture…
CVE-2023-50768 2023-12-13 HIGH 8.8 A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained…
CVE-2023-47325 2023-12-13 MEDIUM 5.4 Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. A user with low privileges is able to navigate directly to the bin, revealing all deleted…
CVE-2023-47320 2023-12-13 HIGH 8.1 Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only function of putting the application in "Maintenance Mode"…
CVE-2023-45864 2023-12-13 MEDIUM 4.0 A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas.
CVE-2023-35622 2023-12-12 HIGH 7.5 Windows DNS Spoofing Vulnerability
CVE-2022-40358 2022-09-23 MEDIUM 5.4 An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause cross site scripting vulnerabilities via a crafted svg file upload.
CVE-2022-40105 2022-09-23 HIGH 7.5 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-40104 2022-09-23 HIGH 7.5 Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted…
CVE-2022-35251 2022-09-23 MEDIUM 5.4 A cross-site scripting vulnerability exists in Rocket.chat
CVE-2022-35721 2022-09-23 MEDIUM 5.4 IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the…
CVE-2022-35250 2022-09-23 MEDIUM 4.3 A privilege escalation vulnerability exists in Rocket.chat
CVE-2022-35249 2022-09-23 MEDIUM 4.3 A information disclosure vulnerability exists in Rocket.Chat
CVE-2022-35099 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc.
CVE-2022-35098 2022-09-23 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via GfxICCBasedColorSpace::getDefaultColor(GfxColor*) at /xpdf/GfxState.cc.
CVE-2022-33683 2022-09-23 MEDIUM 5.9 Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin…
CVE-2022-32820 2022-09-23 HIGH 7.8 An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6,…
CVE-2022-32818 2022-09-23 MEDIUM 5.5 The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state.
CVE-2022-32228 2022-09-23 MEDIUM 4.3 An information disclosure vulnerability exists in Rocket.Chat
CVE-2022-32227 2022-09-23 MEDIUM 6.5 A cleartext transmission of sensitive information exists in Rocket.Chat
CVE-2022-32226 2022-09-23 MEDIUM 4.3 An improper access control vulnerability exists in Rocket.Chat
CVE-2022-32218 2022-09-23 MEDIUM 4.3 An information disclosure vulnerability exists in Rocket.Chat
CVE-2022-32217 2022-09-23 MEDIUM 5.3 A cleartext storage of sensitive information exists in Rocket.Chat
CVE-2022-31679 2022-09-21 LOW 3.7 Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker…
CVE-2022-30577 2022-09-21 HIGH 8.0 The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross…
CVE-2022-2413 2024-01-16 MEDIUM 5.4 The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user…
CVE-2022-30124 2022-09-23 MEDIUM 6.8 An improper authentication vulnerability exists in Rocket.Chat Mobile App
CVE-2022-28886 2022-09-23 MEDIUM 4.3 A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this…
CVE-2022-26700 2022-09-23 HIGH 8.8 A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari…
CVE-2022-23144 2022-09-23 CRITICAL 9.1 There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which…
CVE-2022-27492 2022-09-23 HIGH 7.8 An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.
CVE-2022-23952 2022-09-21 HIGH 7.5 In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable.
CVE-2022-22624 2022-09-23 HIGH 8.8 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4.…
CVE-2022-22610 2022-09-23 HIGH 8.8 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS…
CVE-2022-20019 2022-01-04 MEDIUM 5.5 In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User…
CVE-2021-3782 2022-09-23 MEDIUM 6.6 An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an…
CVE-2021-45116 2022-01-05 HIGH 7.5 An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort…
CVE-2022-20014 2022-01-04 MEDIUM 6.7 In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User…
CVE-2021-39990 2022-01-03 CRITICAL 9.8 The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of this vulnerability may affect user experience.
CVE-2021-39989 2022-01-03 HIGH 7.5 The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
CVE-2021-39988 2022-01-03 HIGH 7.5 The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
CVE-2021-39987 2022-01-03 HIGH 7.5 The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
CVE-2021-39985 2022-01-03 HIGH 7.5 The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
CVE-2021-39984 2022-01-03 HIGH 7.5 Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerability may cause Denial of Service.
CVE-2021-39983 2022-01-03 HIGH 7.5 The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
CVE-2021-37198 2022-01-11 HIGH 8.8 A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used),…
CVE-2021-39977 2022-01-03 HIGH 7.5 The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart.
CVE-2021-39967 2022-01-03 HIGH 7.5 There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37133 2022-01-03 HIGH 7.5 There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-28715 2022-01-06 MEDIUM 6.5 Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to…
« Anterior Página 1174 de 4309 Siguiente »