Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-27544 BigFix Web Reports authorized users may see SMTP credentials in clear text. | 5.0 | MEDIUM | β | 0 |
| CVE-2022-27545 BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. | 4.6 | MEDIUM | β | 0 |
| CVE-2022-27579 A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious proje... | 7.8 | HIGH | β | 0 |
| CVE-2022-27580 A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. ... | 7.8 | HIGH | β | 0 |
| CVE-2022-2469 GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client | 3.8 | LOW | β | 0 |
| CVE-2022-35912 In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22358 IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vu... | 7.1 | HIGH | β | 0 |
| CVE-2022-22359 IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmit... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-22360 IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker coul... | 8.8 | HIGH | β | 0 |
| CVE-2022-22416 IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-22417 IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alt... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-34001 Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-34023 Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27373 Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function. | 8.8 | HIGH | β | 0 |
| CVE-2022-2394 Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | 4.1 | MEDIUM | β | 0 |
| CVE-2022-2341 The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-28422 All versions of package git-archive are vulnerable to Command Injection via the exports function. | 6.4 | MEDIUM | β | 0 |
| CVE-2020-28435 This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. | 9.4 | CRITICAL | β | 0 |
| CVE-2020-28436 This affects all versions of package google-cloudstorage-commands. | 7.3 | HIGH | β | 0 |
| CVE-2020-28438 This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28441 This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This c... | 7.3 | HIGH | β | 0 |
| CVE-2020-28443 This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28445 This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28446 The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28447 This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28455 This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped. | 7.3 | HIGH | β | 0 |
| CVE-2020-28459 This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link. | 7.3 | HIGH | β | 0 |
| CVE-2020-28461 This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be ... | 7.3 | HIGH | β | 0 |
| CVE-2020-28462 This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can ... | 7.3 | HIGH | β | 0 |
| CVE-2020-28471 This affects the package properties-reader before 2.2.0. | 7.3 | HIGH | β | 0 |
| CVE-2022-24083 Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-7649 This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. | 4.9 | MEDIUM | β | 0 |
| CVE-2020-7677 This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sani... | 8.6 | HIGH | β | 0 |
| CVE-2020-7678 This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the βevalβ function located i... | 8.6 | HIGH | β | 0 |
| CVE-2021-23373 All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality. | 7.5 | HIGH | β | 0 |
| CVE-2021-23397 All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead. | 5.6 | MEDIUM | β | 0 |
| CVE-2021-23451 The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-36997 An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 (and related NetBackup products). An attacker with authenti... | 7.1 | HIGH | β | 0 |
| CVE-2022-0670 A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volume... | 9.1 | CRITICAL | β | 0 |
| CVE-2022-1232 Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2022-1305 Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2022-1306 Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-1307 Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-33439 An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-1308 Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2022-1309 Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 | CRITICAL | β | 0 |
| CVE-2022-1310 Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2022-1311 Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2022-1312 Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome... | 9.6 | CRITICAL | β | 0 |
| CVE-2022-1313 Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.