Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2023-52073
2024-01-08
HIGH
8.8
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte.
CVE-2023-52271
2024-01-08
MEDIUM
6.5
The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an…
CVE-2023-52322
2024-01-04
MEDIUM
6.1
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe…
CVE-2023-52031
2024-01-11
CRITICAL
9.8
TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function.
CVE-2023-51964
2024-01-10
CRITICAL
9.8
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo.
CVE-2023-51956
2024-01-10
CRITICAL
9.8
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv
CVE-2023-51954
2024-01-10
CRITICAL
9.8
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv.
CVE-2023-51971
2024-01-10
CRITICAL
9.8
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo.
CVE-2023-51127
2024-01-10
HIGH
7.5
FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction.…
CVE-2023-50982
2024-01-08
CRITICAL
9.0
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not…
CVE-2023-51277
2024-01-05
CRITICAL
9.8
nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.
CVE-2023-50922
2024-01-03
HIGH
7.2
An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute…
CVE-2023-50916
2024-01-10
HIGH
7.2
Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local…
CVE-2023-50585
2024-01-09
CRITICAL
9.8
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function.
CVE-2023-50643
2024-01-09
CRITICAL
9.8
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and…
CVE-2023-50609
2024-01-06
MEDIUM
6.1
Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary…
CVE-2023-50612
2024-01-06
HIGH
7.8
Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information…
CVE-2023-50126
2024-01-11
MEDIUM
6.5
Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag…
CVE-2023-50136
2024-01-09
MEDIUM
5.4
Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating…
CVE-2023-50162
2024-01-09
HIGH
7.2
SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql…
CVE-2023-50090
2024-01-03
CRITICAL
9.8
Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and…
CVE-2023-50345
2024-01-03
LOW
3.7
HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious…
CVE-2023-49471
2024-01-10
HIGH
8.8
Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making…
CVE-2023-50027
2024-01-05
CRITICAL
9.8
SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges…
CVE-2023-49558
2024-01-03
MEDIUM
5.5
An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in…
CVE-2023-49556
2024-01-03
MEDIUM
5.5
Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function…
CVE-2023-49553
2024-01-02
HIGH
7.5
An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function…
CVE-2023-48261
2024-01-10
MEDIUM
5.3
The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request.
CVE-2023-49394
2024-01-10
MEDIUM
6.1
Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly.
CVE-2023-47997
2024-01-10
MEDIUM
6.5
An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial…
CVE-2023-47994
2024-01-09
HIGH
8.8
An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a…
CVE-2023-47890
2024-01-08
HIGH
8.8
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload.
CVE-2023-46474
2024-01-11
HIGH
7.2
File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP…
CVE-2023-46836
2024-01-05
MEDIUM
4.7
The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that…
CVE-2023-46308
2024-01-03
CRITICAL
9.8
In Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.
CVE-2023-42933
2024-01-10
HIGH
7.8
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able…
CVE-2023-42872
2024-01-10
MEDIUM
5.5
The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS…
CVE-2023-45559
2024-01-03
HIGH
8.2
An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
CVE-2023-45722
2024-01-03
HIGH
8.8
HCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a…
CVE-2023-42866
2024-01-10
HIGH
8.8
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS…
CVE-2023-42831
2024-01-10
MEDIUM
5.5
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8…
CVE-2023-42828
2024-01-10
HIGH
7.8
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may…
CVE-2023-40529
2024-01-10
LOW
2.4
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17.…
CVE-2023-40437
2024-01-10
MEDIUM
5.5
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6…
CVE-2023-40433
2024-01-10
MEDIUM
5.5
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass…
CVE-2023-38827
2024-01-09
MEDIUM
6.1
Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code…
CVE-2023-39336
2024-01-09
HIGH
8.8
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access…
CVE-2023-37644
2024-01-11
MEDIUM
5.5
SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This…
CVE-2023-38612
2024-01-10
LOW
3.3
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7,…
CVE-2023-38607
2024-01-10
MEDIUM
5.5
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may…
« Anterior
Página 317 de 3511
Siguiente »
Page load link
Go to Top
