Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-33232 Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory. | 9.3 | CRITICAL | β | 0 |
| CVE-2022-33233 Memory corruption due to configuration weakness in modem wile sending command to write protected files. | 7.8 | HIGH | β | 0 |
| CVE-2022-33243 Memory corruption due to improper access control in Qualcomm IPC. | 8.4 | HIGH | β | 0 |
| CVE-2022-33246 Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id. | 6.7 | MEDIUM | β | 0 |
| CVE-2022-33248 Memory corruption in User Identity Module due to integer overflow to buffer overflow when a segement is received via qmi http. | 7.8 | HIGH | β | 0 |
| CVE-2022-33279 Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-33280 Memory corruption due to access of uninitialized pointer in Bluetooth HOST while processing the AVRCP packet. | 7.3 | HIGH | β | 0 |
| CVE-2022-33306 Transient DOS due to buffer over-read in WLAN while processing an incoming management frame with incorrectly filled IEs. | 7.5 | HIGH | β | 0 |
| CVE-2022-34145 Transient DOS due to buffer over-read in WLAN Host while parsing frame information. | 7.5 | HIGH | β | 0 |
| CVE-2022-34146 Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation. | 7.5 | HIGH | β | 0 |
| CVE-2022-40502 Transient DOS due to improper input validation in WLAN Host. | 7.5 | HIGH | β | 0 |
| CVE-2022-40512 Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon. | 7.5 | HIGH | β | 0 |
| CVE-2022-40513 Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state. | 7.5 | HIGH | β | 0 |
| CVE-2022-40514 Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-41731 IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, mod... | 8.6 | HIGH | β | 0 |
| CVE-2022-42292 NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges t... | 5.0 | MEDIUM | β | 0 |
| CVE-2023-0790 Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 7.6 | HIGH | β | 0 |
| CVE-2022-42436 IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-43869 IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5.1) and IBM Elastic Storage System (6.1.0.0 through 6.1.2.4 and 6.1.3.0 through 6.1.4.1) could allow an authenticated user to cause... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-45085 Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-45086 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).Β This issue... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-45087 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).Β This issue... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-45088 Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-45089 Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01. | 8.8 | HIGH | β | 0 |
| CVE-2023-20076 A vulnerability in the Cisco IOx application hosting environment could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. This vulne... | 7.2 | HIGH | β | 0 |
| CVE-2015-10078 A vulnerability, which was classified as problematic, has been found in atwellpub Resend Welcome Email Plugin 1.0.1 on WordPress. This issue affects the function send_welcome_email_url of the file res... | 3.5 | LOW | β | 0 |
| CVE-2019-25102 A vulnerability, which was classified as problematic, was found in simple-markdown 0.6.0. Affected is an unknown function of the file simple-markdown.js. The manipulation with the input <<<<<<<<<<:/:/... | 4.3 | MEDIUM | β | 0 |
| CVE-2023-0786 Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 8.4 | HIGH | β | 0 |
| CVE-2023-0787 Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 8.1 | HIGH | β | 0 |
| CVE-2022-36398 Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 | MEDIUM | β | 0 |
| CVE-2023-0792 Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 6.5 | MEDIUM | β | 0 |
| CVE-2023-0793 Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | 7.1 | HIGH | β | 0 |
| CVE-2019-25103 A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-36661 A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to... | 3.5 | LOW | β | 0 |
| CVE-2023-23697 Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit thi... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-24572 Dell Command | Integration Suite for System Center, versions before 6.4.0 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentiall... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-34397 Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which t... | 6.9 | MEDIUM | β | 0 |
| CVE-2022-45454 Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30... | 7.5 | HIGH | β | 0 |
| CVE-2022-45455 Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before... | 7.8 | HIGH | β | 0 |
| CVE-2023-0808 A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Po... | 3.9 | LOW | β | 0 |
| CVE-2022-4830 The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low... | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0099 The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used agains... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-0159 The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated att... | 7.5 | HIGH | β | 0 |
| CVE-2023-0263 The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role ... | 8.8 | HIGH | β | 0 |
| CVE-2022-3089 Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-41134 Cross-Site Request Forgery (CSRF) inΒ OptinlyHQ Optinly β Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <=Β 1.0.15 versions. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0810 Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11. | 5.4 | MEDIUM | β | 0 |
| CVE-2023-0817 Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. | 7.8 | HIGH | β | 0 |
| CVE-2023-25159 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x pri... | 2.3 | LOW | β | 0 |
| CVE-2023-23551 Control By Web X-600M devices run Lua scripts and are vulnerable to code injection, which could allow an attacker to remotely execute arbitrary code. | 9.1 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.