Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-40835 B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php. Note: Multiple third parties have disputed this as not a valid vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2022-33896 A buffer underflow vulnerability exists in the way Hword of Hancom Office 2020 version 11.0.0.5357 parses XML-based office files. A specially-crafted malformed file can cause memory corruption by usin... | 7.8 | HIGH | β | 0 |
| CVE-2022-36868 Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. | 5.9 | MEDIUM | β | 0 |
| CVE-2023-21788 3D Builder Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2022-39847 Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. | 4.9 | MEDIUM | β | 0 |
| CVE-2022-39848 Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39849 Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | 3.3 | LOW | β | 0 |
| CVE-2022-39850 Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | 3.3 | LOW | β | 0 |
| CVE-2022-39851 Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39852 A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution. | 8.0 | HIGH | β | 0 |
| CVE-2022-39853 A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. | 4.4 | MEDIUM | β | 0 |
| CVE-2022-39854 Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. | 6.4 | MEDIUM | β | 0 |
| CVE-2022-39855 Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. | 5.1 | MEDIUM | β | 0 |
| CVE-2022-39856 Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39857 Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. | 7.3 | HIGH | β | 0 |
| CVE-2022-39858 Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege. | 7.3 | HIGH | β | 0 |
| CVE-2022-39859 Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39860 Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. | 4.4 | MEDIUM | β | 0 |
| CVE-2022-39861 Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-39862 Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | 5.3 | MEDIUM | β | 0 |
| CVE-2022-39863 Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. | 3.6 | LOW | β | 0 |
| CVE-2022-39864 Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent. | 3.3 | LOW | β | 0 |
| CVE-2022-39865 Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39866 Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39867 Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39868 Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39869 Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39870 Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39871 Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39872 Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-39873 Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-39874 Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-39875 Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | 5.1 | MEDIUM | β | 0 |
| CVE-2022-39876 Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-39877 Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the devi... | 4.0 | MEDIUM | β | 0 |
| CVE-2022-22480 IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889. | 7.5 | HIGH | β | 0 |
| CVE-2022-22493 IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulnerable to cross-site request forgery, caused by improper cookie attribute setting. IBM X-Force ID: 226449. | 8.8 | HIGH | β | 0 |
| CVE-2022-30613 IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-34308 IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-36772 IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-41291 IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-15855 Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40162 A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA, or RLC files. This vulnera... | 7.8 | HIGH | β | 0 |
| CVE-2021-40163 A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through Autodesk Image Processing component. | 7.8 | HIGH | β | 0 |
| CVE-2021-40164 A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerability may be exploited to execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2021-40165 A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be used to write beyond the allocated buffer while parsing TIFF, PICT, TGA, or RLC files. This vulnerabili... | 7.8 | HIGH | β | 0 |
| CVE-2022-41377 Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pet_shop/admin/?page=maintenance/manage_category. | 7.2 | HIGH | β | 0 |
| CVE-2021-40166 A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free an object that has already been freed while parsing them. This vulnerability may be exploited by at... | 7.8 | HIGH | β | 0 |
| CVE-2022-21936 On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. | 8.1 | HIGH | β | 0 |
| CVE-2022-37885 There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Netw... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.