Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-23598 laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the `formElementErrors()` view helper shipped with laminas-form, many mes... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-24122 kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namesp... | 7.8 | HIGH | β | 0 |
| CVE-2021-46657 get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ORDER BY. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46658 save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrect handling of with_window_func=true for a subquery. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46659 MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-24123 MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payloa... | 9.0 | CRITICAL | β | 0 |
| CVE-2022-24124 The query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations. | 7.5 | HIGH | β | 0 |
| CVE-2021-46660 Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0273 Improper Access Control in Pypi calibreweb prior to 0.6.16. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-0339 Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0407 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 | HIGH | β | 0 |
| CVE-2022-0408 Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 | HIGH | β | 0 |
| CVE-2022-0413 Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 | HIGH | β | 0 |
| CVE-2022-24266 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. | 7.5 | HIGH | β | 0 |
| CVE-2022-24130 xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-27971 Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection. | 7.8 | HIGH | β | 0 |
| CVE-2021-34805 An issue was discovered in FAUST iServer before 9.0.019.019.7. For each URL request, it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal. | 7.5 | HIGH | β | 0 |
| CVE-2021-45079 In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EA... | 9.1 | CRITICAL | β | 0 |
| CVE-2022-23409 The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. | 4.9 | MEDIUM | β | 0 |
| CVE-2021-24868 The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft ... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-23520 The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-23521 This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic li... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-0414 Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-44255 Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which w... | 7.2 | HIGH | β | 0 |
| CVE-2020-36056 Beetel 777VR1-DI Hardware Version REV.1.01 Firmware Version V01.00.09_55 was discovered to contain a cross-site scripting (XSS) vulnerability via the Ping diagnostic option. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-24686 The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scri... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-36064 Online Course Registration v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-46101 In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be run directly. | 7.5 | HIGH | β | 0 |
| CVE-2021-28962 Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges via CLI commands. | 7.2 | HIGH | β | 0 |
| CVE-2021-31617 In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8.0 through 2.16.0, 3.0.0 through 3.7.20, 3.8.0 through 3.11.8, and 4.0.1 through 4.2.2, mishandling of memory management can lead t... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42631 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to pre-auth remote code execution. | 8.1 | HIGH | β | 0 |
| CVE-2021-40033 There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause i... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-40042 There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R01... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-46458 Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts.php?source=add_post. This vulnerability can be exploited through a crafted POST request via the pos... | 7.5 | HIGH | β | 0 |
| CVE-2022-0286 A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-24265 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. | 7.5 | HIGH | β | 0 |
| CVE-2021-42635 PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution. | 8.1 | HIGH | β | 0 |
| CVE-2021-44114 Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-46459 Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component admin/users.php?source=add_user. These vulnerabilities can be exploited through a crafted POST request... | 7.5 | HIGH | β | 0 |
| CVE-2022-23872 Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. | 4.8 | MEDIUM | β | 0 |
| CVE-2022-24263 Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24264 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. | 7.5 | HIGH | β | 0 |
| CVE-2021-46661 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46662 MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46663 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46664 MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46665 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46666 MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46667 MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46668 MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.