Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-35134 2022-10-13 MEDIUM 5.4 Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.
CVE-2022-37208 2022-10-13 HIGH 8.8 JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation…
CVE-2022-35050 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de.
CVE-2022-35049 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5.
CVE-2022-35081 2022-10-13 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_read_header at /src/png2swf.c.
CVE-2022-35080 2022-10-13 MEDIUM 5.5 SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via png_load at /lib/png.c.
CVE-2022-35048 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c.
CVE-2022-35047 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa.
CVE-2022-35046 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466.
CVE-2022-35045 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63.
CVE-2022-35044 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087.
CVE-2022-35043 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6.
CVE-2022-35042 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11.
CVE-2022-35041 2022-10-14 MEDIUM 6.5 OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f.
CVE-2022-34022 2022-10-13 HIGH 7.2 SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via a crafted POST request to /ResiotQueryDBActive.
CVE-2022-22078 2022-10-19 MEDIUM 4.6 Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon…
CVE-2022-20464 2022-10-14 MEDIUM 5.5 In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead…
CVE-2022-20397 2022-10-14 HIGH 7.8 In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no…
CVE-2021-46840 2022-10-14 CRITICAL 9.1 The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
CVE-2021-46839 2022-10-14 CRITICAL 9.1 The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitation of this vulnerability may cause malicious construction of data, which results in out-of-bounds access.
CVE-2021-0699 2022-10-14 HIGH 7.8 In HTBLogKM of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the…
CVE-2024-5029 2024-11-21 MEDIUM 4.8 The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could…
CVE-2024-8157 2024-11-21 MEDIUM 4.3 The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin…
CVE-2024-9600 2024-11-21 MEDIUM 4.8 The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site…
CVE-2024-9828 2024-11-21 MEDIUM 4.1 The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as…
CVE-2024-9422 2024-11-22 MEDIUM 6.6 The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary…
CVE-2024-10709 2024-11-25 MEDIUM 6.8 The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is…
CVE-2024-10710 2024-11-25 LOW 3.5 The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2024-6393 2024-11-25 MEDIUM 4.8 The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as…
CVE-2025-1683 2025-03-12 HIGH 7.8 Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged access on a…
CVE-2024-23217 2024-01-23 LOW 3.3 A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app…
CVE-2024-0809 2024-01-24 MEDIUM 4.3 Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2024-23206 2024-01-23 MEDIUM 6.5 An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5…
CVE-2022-41541 2022-10-18 HIGH 8.1 TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to…
CVE-2022-41540 2022-10-18 MEDIUM 5.9 The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptographic keys when communicating with the router. Attackers who are able to intercept the communications between the web…
CVE-2022-41674 2022-10-14 HIGH 8.1 An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.
CVE-2022-42156 2022-10-13 HIGH 8.8 D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.
CVE-2022-41537 2022-10-18 HIGH 7.2 Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /user_operations/profile.php. This vulnerability allows attackers to execute arbitrary code…
CVE-2022-41504 2022-10-18 HIGH 7.2 An arbitrary file upload vulnerability in the component /php_action/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-41534 2022-10-13 HIGH 7.2 Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/createOrder.php. This vulnerability allows attackers to execute arbitrary code via…
CVE-2022-41533 2022-10-13 HIGH 7.2 Online Diagnostic Lab Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via…
CVE-2022-41475 2022-10-13 HIGH 8.8 RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.
CVE-2022-41391 2022-10-13 CRITICAL 9.8 OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php.
CVE-2022-41390 2022-10-13 CRITICAL 9.8 OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php.
CVE-2022-41474 2022-10-13 MEDIUM 6.5 RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of any account.
CVE-2022-41473 2022-10-13 MEDIUM 6.1 RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.
CVE-2022-41351 2022-10-12 MEDIUM 6.1 In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the…
CVE-2022-41350 2022-10-12 MEDIUM 6.1 In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.
CVE-2022-41316 2022-10-12 MEDIUM 5.3 HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in…
CVE-2022-41349 2022-10-12 MEDIUM 6.1 In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's…
« Anterior Página 1224 de 4311 Siguiente »