Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-3321 It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by ... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-3322 Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, t... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-3337 It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/wa... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-39023 U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-3741 Impact varies for each individual vulnerability in the application. For generation of accounts, it may be possible, depending on the amount of system resources available, to create a DoS event in the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-36863 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-37424 Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-37425 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in OpenNebula OpenNebula core on Linux allows Remote Code Inclusion. | 9.9 | CRITICAL | — | 0 |
| CVE-2022-37426 Unrestricted Upload of File with Dangerous Type vulnerability in OpenNebula OpenNebula core on Linux allows File Content Injection. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-39367 QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code d... | 8.6 | HIGH | — | 0 |
| CVE-2022-3697 A flaw was found in Ansible in the amazon.aws collection when using the tower_callback parameter from the amazon.aws.ec2_instance module. This flaw allows an attacker to take advantage of this issue a... | 7.5 | HIGH | — | 0 |
| CVE-2022-2864 The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.ph... | 8.8 | HIGH | — | 0 |
| CVE-2022-3400 The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenti... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-36864 Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 3.4 | LOW | — | 0 |
| CVE-2021-36898 Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | 9.1 | CRITICAL | — | 0 |
| CVE-2022-2474 Authentication is currently unsupported in Haas Controller version 100.20.000.1110 when using the “Ethernet Q Commands” service, which allows any user on the same network segment as the controller (ev... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-2475 Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the auth... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3228 Using custom code, an attacker can write into name or description fields larger than the appropriate buffer size causing a stack-based buffer overflow on Host Engineering H0-ECOM100 Communications Mod... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-41636 Communication traffic involving "Ethernet Q Commands" service of Haas Controller version 100.20.000.1110 is transmitted in cleartext. This allows an attacker to obtain sensitive information being pass... | 9.1 | CRITICAL | — | 0 |
| CVE-2022-3401 The Bricks theme for WordPress is vulnerable to remote code execution due to the theme allowing site editors to include executable code blocks in website content in versions 1.2 to 1.5.3. This, combin... | 8.8 | HIGH | — | 0 |
| CVE-2022-41974 multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets ca... | 7.8 | HIGH | — | 0 |
| CVE-2022-44023 PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response messages for authentication attempts. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-44032 An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device ... | 6.4 | MEDIUM | — | 0 |
| CVE-2022-44033 An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device ... | 6.4 | MEDIUM | — | 0 |
| CVE-2022-44034 An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device ... | 6.4 | MEDIUM | — | 0 |
| CVE-2022-39021 U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-39024 U-Office Force Bulletin function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflected Cr... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-39025 U-Office Force PrintMessage function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript and perform XSS (Reflecte... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-39026 U-Office Force UserDefault page has insufficient filtering for special characters in the HTTP header fields. A remote attacker with general user privilege can exploit this vulnerability to inject Java... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-39027 U-Office Force Forum function has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript and perform XSS (Stored Cross-Site Scripting) attac... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-40739 Ragic report generation page has insufficient filtering for special characters. A remote attacker with general user privilege can inject JavaScript to perform XSS (Reflected Cross-Site Scripting) atta... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-40741 Mail SQR Expert’s specific function has insufficient filtering for special characters. An unauthenticated remote attacker can exploit this vulnerability to perform arbitrary system command and disrupt... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3765 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-3770 A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestr... | 6.3 | MEDIUM | — | 0 |
| CVE-2022-3771 A vulnerability, which was classified as critical, has been found in easyii CMS. This issue affects the function file of the file helpers/Upload.php of the component File Upload Management. The manipu... | 6.3 | MEDIUM | — | 0 |
| CVE-2022-3774 A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. Th... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-2741 The denial-of-service can be triggered by transmitting a carefully crafted CAN frame on the same CAN network as the vulnerable node. The frame must have a CAN ID matching an installed filter in the vu... | 8.2 | HIGH | — | 0 |
| CVE-2022-39294 conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, `conduit-hyper` did not check any limit on a request's length before calling [`hyper::body::to_bytes`](htt... | 7.5 | HIGH | — | 0 |
| CVE-2022-28763 The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious... | 8.8 | HIGH | — | 0 |
| CVE-2022-41735 IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary Java... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-38142 Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-Gateway service port without proper verification. An attacker could ... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-40202 The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41629 Delta Electronics InfraSuite Device Master versions 00.00.01a and prior allow unauthenticated users to access the aprunning endpoint, which could allow an attacker to retrieve any file from the “Runn... | 7.5 | HIGH | — | 0 |
| CVE-2022-41644 Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lacks authentication for a function that changes group privileges. An attacker could use this to create a denial-of-service s... | 8.8 | HIGH | — | 0 |
| CVE-2022-41657 Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (A... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41679 Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-41680 Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to pe... | 7.6 | HIGH | — | 0 |
| CVE-2022-41681 There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the SC... | 9.9 | CRITICAL | — | 0 |
| CVE-2022-41688 Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized obj... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-41772 Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior mishandle .ZIP archives containing characters used in path traversal. This path traversal could result in remote code execution... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.