Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-36296 Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-36829 PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. | 6.2 | MEDIUM | β | 0 |
| CVE-2022-36830 PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. | 6.2 | MEDIUM | β | 0 |
| CVE-2022-36831 Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. | 6.2 | MEDIUM | β | 0 |
| CVE-2022-36832 Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-36833 Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function f... | 7.3 | HIGH | β | 0 |
| CVE-2022-36836 Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. | 6.2 | MEDIUM | β | 0 |
| CVE-2022-36837 Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. | 6.2 | MEDIUM | β | 0 |
| CVE-2022-36838 Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-36839 SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-36840 DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. | 4.5 | MEDIUM | β | 0 |
| CVE-2021-28511 This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if ... | 5.8 | MEDIUM | β | 0 |
| CVE-2022-1158 A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this... | 7.8 | HIGH | β | 0 |
| CVE-2022-1973 A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak ... | 7.1 | HIGH | β | 0 |
| CVE-2022-27535 Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attac... | 7.8 | HIGH | β | 0 |
| CVE-2022-28880 A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The e... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-29071 This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked i... | 4.0 | MEDIUM | β | 0 |
| CVE-2022-2668 An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled | 7.2 | HIGH | β | 0 |
| CVE-2022-2675 Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without a... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-37398 A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected A... | 7.1 | HIGH | β | 0 |
| CVE-2022-22299 A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy ... | 7.8 | HIGH | β | 0 |
| CVE-2022-2676 A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. Th... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-2677 A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the arg... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-35789 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | MEDIUM | β | 0 |
| CVE-2022-2678 A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-2680 A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username ... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-2681 A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the co... | 3.5 | LOW | β | 0 |
| CVE-2022-2682 A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php.... | 3.5 | LOW | β | 0 |
| CVE-2022-2683 A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument... | 3.5 | LOW | β | 0 |
| CVE-2022-2391 The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-2684 A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The m... | 3.5 | LOW | β | 0 |
| CVE-2022-31609 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may... | 7.8 | HIGH | β | 0 |
| CVE-2022-31614 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to... | 7.0 | HIGH | β | 0 |
| CVE-2022-31618 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-35162 Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. | 4.8 | MEDIUM | β | 0 |
| CVE-2022-35163 Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit. | 4.8 | MEDIUM | β | 0 |
| CVE-2022-37450 Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-ch... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-21178 An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary comman... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-21201 A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-bas... | 8.8 | HIGH | β | 0 |
| CVE-2022-22140 An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command e... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22144 A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23103 A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stac... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23399 A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23918 A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-23919 A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24005 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24006 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24007 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-35790 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | MEDIUM | β | 0 |
| CVE-2022-24008 A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can ... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.