Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-22962 VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploi... | 7.8 | HIGH | β | 0 |
| CVE-2022-22964 VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. | 7.8 | HIGH | β | 0 |
| CVE-2022-24804 Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility ... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-24815 JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with ... | 8.1 | HIGH | β | 0 |
| CVE-2022-24829 Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an atta... | 8.1 | HIGH | β | 0 |
| CVE-2022-25614 Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom β Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-25615 Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom β Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. | 4.3 | MEDIUM | β | 0 |
| CVE-2022-25789 A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execut... | 7.8 | HIGH | β | 0 |
| CVE-2022-25790 A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated boundaries when parsing the DWF files. Exploitation of ... | 7.8 | HIGH | β | 0 |
| CVE-2022-25791 A Memory Corruption vulnerability for DWF and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 may lead to code execution through maliciously crafted DLL files. | 7.8 | HIGH | β | 0 |
| CVE-2022-25792 A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 and Autodesk Navisworks 2022 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vuln... | 7.8 | HIGH | β | 0 |
| CVE-2022-25794 An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.2 and prior may lead to code execution through maliciously crafted ActionScript Byte Code 'ABC' files or information disclosure. ... | 7.8 | HIGH | β | 0 |
| CVE-2022-25796 A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this... | 7.8 | HIGH | β | 0 |
| CVE-2022-25831 Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. | 2.0 | LOW | β | 0 |
| CVE-2022-25832 Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-25833 Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. | 3.3 | LOW | β | 0 |
| CVE-2022-26090 Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. | 5.3 | MEDIUM | β | 0 |
| CVE-2022-26091 Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard. | 5.7 | MEDIUM | β | 0 |
| CVE-2022-26092 Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. | 7.4 | HIGH | β | 0 |
| CVE-2022-27835 Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. | 7.6 | HIGH | β | 0 |
| CVE-2022-26093 Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-26094 Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-26095 Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-26096 Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-26097 Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-26098 Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | 8.1 | HIGH | β | 0 |
| CVE-2022-26099 Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-27528 A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | 7.8 | HIGH | β | 0 |
| CVE-2022-27567 Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-27568 Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 8.1 | HIGH | β | 0 |
| CVE-2022-27569 Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 8.1 | HIGH | β | 0 |
| CVE-2022-27570 Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 8.1 | HIGH | β | 0 |
| CVE-2022-27571 Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | 8.1 | HIGH | β | 0 |
| CVE-2022-27572 Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | 8.1 | HIGH | β | 0 |
| CVE-2022-27573 Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. | 4.4 | MEDIUM | β | 0 |
| CVE-2022-27574 Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. | 4.4 | MEDIUM | β | 0 |
| CVE-2022-27575 Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | 3.3 | LOW | β | 0 |
| CVE-2022-27576 Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | 3.3 | LOW | β | 0 |
| CVE-2022-27577 The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that a... | 9.1 | CRITICAL | β | 0 |
| CVE-2022-27578 An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | 7.8 | HIGH | β | 0 |
| CVE-2022-27821 Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-27822 Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | 6.6 | MEDIUM | β | 0 |
| CVE-2022-27823 Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-27824 Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file | 4.0 | MEDIUM | β | 0 |
| CVE-2022-27825 Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | 4.0 | MEDIUM | β | 0 |
| CVE-2022-27826 Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 8.5 | HIGH | β | 0 |
| CVE-2022-27827 Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 8.5 | HIGH | β | 0 |
| CVE-2022-27828 Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 8.5 | HIGH | β | 0 |
| CVE-2022-27829 Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 8.5 | HIGH | β | 0 |
| CVE-2022-27830 Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | 8.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.