Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2022-41474
2022-10-13
MEDIUM
6.5
RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily change the password of…
CVE-2022-41473
2022-10-13
MEDIUM
6.1
RPCMS v3.0.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Search function.
CVE-2022-41351
2022-10-12
MEDIUM
6.1
In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the…
CVE-2022-41350
2022-10-12
MEDIUM
6.1
In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing…
CVE-2022-41316
2022-10-12
MEDIUM
5.3
HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the…
CVE-2022-41349
2022-10-12
MEDIUM
6.1
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS.…
CVE-2022-41348
2022-10-12
MEDIUM
6.1
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element,…
CVE-2022-40871
2022-10-12
CRITICAL
9.8
Dolibarr ERP & CRM
CVE-2022-39120
2022-10-14
MEDIUM
5.5
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead…
CVE-2022-39113
2022-10-14
MEDIUM
5.5
In Music service, there is a missing permission check. This could lead to local denial of service in Music service…
CVE-2022-40187
2022-10-13
HIGH
8.0
Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework (TCF) service enabled. This service listens on a TCP…
CVE-2022-40664
2022-10-12
CRITICAL
9.8
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.
CVE-2022-40469
2022-10-12
HIGH
8.8
iKuai OS v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.
CVE-2022-39109
2022-10-14
HIGH
7.8
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with…
CVE-2022-39108
2022-10-14
HIGH
7.8
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with…
CVE-2022-39107
2022-10-14
HIGH
7.8
In Soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in Soundrecorder service with…
CVE-2022-39105
2022-10-14
MEDIUM
5.5
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead…
CVE-2022-39103
2022-10-14
MEDIUM
5.5
In Gallery service, there is a missing permission check. This could lead to local denial of service in Gallery service…
CVE-2022-39080
2022-10-14
HIGH
7.8
In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with…
CVE-2022-39064
2022-10-14
HIGH
8.1
An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e.…
CVE-2022-39011
2022-10-14
HIGH
7.5
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of…
CVE-2022-38998
2022-10-14
HIGH
7.5
The HISP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability…
CVE-2022-38985
2022-10-14
HIGH
7.5
The facial recognition module has a vulnerability in input validation.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-38984
2022-10-14
HIGH
7.5
The HIPP module has a vulnerability of not verifying the data transferred in the kernel space.Successful exploitation of this vulnerability…
CVE-2022-38983
2022-10-14
CRITICAL
9.8
The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution.
CVE-2022-38698
2022-10-14
HIGH
7.8
In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with…
CVE-2022-38697
2022-10-14
MEDIUM
5.5
In messaging service, there is a missing permission check. This could lead to access unexpected provider in contacts service with…
CVE-2022-38982
2022-10-14
CRITICAL
9.8
The fingerprint module has service logic errors.Successful exploitation of this vulnerability will cause the phone lock to be cracked.
CVE-2022-38981
2022-10-14
HIGH
7.5
The HwAirlink module has an out-of-bounds read vulnerability.Successful exploitation of this vulnerability may cause information leakage.
CVE-2022-38980
2022-10-14
CRITICAL
9.8
The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol.Successful exploitation of this vulnerability…
CVE-2022-38977
2022-10-14
HIGH
7.5
The HwAirlink module has a heap overflow vulnerability.Successful exploitation of this vulnerability may cause out-of-bounds writes, resulting in modification of…
CVE-2022-38690
2022-10-14
MEDIUM
5.5
In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of…
CVE-2022-38689
2022-10-14
MEDIUM
5.5
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution…
CVE-2022-38688
2022-10-14
MEDIUM
5.5
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution…
CVE-2022-38687
2022-10-14
MEDIUM
5.5
In messaging service, there is a missing permission check. This could lead to local denial of service in messaging service…
CVE-2022-38679
2022-10-14
MEDIUM
5.5
In music service, there is a missing permission check. This could lead to local denial of service in music service…
CVE-2022-38677
2022-10-14
MEDIUM
5.5
In cell service, there is a missing permission check. This could lead to local denial of service in cell service…
CVE-2022-38676
2022-10-14
MEDIUM
5.5
In gpu driver, there is a possible out of bounds write due to a missing bounds check. This could lead…
CVE-2022-38673
2022-10-14
MEDIUM
5.5
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could…
CVE-2022-38672
2022-10-14
MEDIUM
5.5
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could…
CVE-2022-38669
2022-10-14
HIGH
7.8
In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with…
CVE-2022-37614
2022-10-12
CRITICAL
9.8
Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js.
CVE-2022-37603
2022-10-14
HIGH
7.5
A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via…
CVE-2022-35059
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414.
CVE-2022-37602
2022-10-14
CRITICAL
9.8
Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js.
CVE-2022-37611
2022-10-12
CRITICAL
9.8
Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.
CVE-2022-35058
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce.
CVE-2022-35056
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478.
CVE-2022-35055
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473.
CVE-2022-35054
2022-10-14
MEDIUM
6.5
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2.
« Anterior
Página 443 de 3529
Siguiente »
Page load link
Go to Top
