Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-39812 In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not ... | 7.8 | HIGH | β | 0 |
| CVE-2021-39814 In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. Us... | 6.7 | MEDIUM | β | 0 |
| CVE-2021-41004 A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | 7.5 | HIGH | β | 0 |
| CVE-2021-41005 A remote vulnerability was discovered in Aruba Instant On 1930 Switch Series version(s): Firmware below v1.0.7.0. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-26106 When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes tem... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-21155 A specially crafted packet sent to the Fernhill SCADA Server Version 3.77 and earlier may cause an exception, causing the server process (FHSvrService.exe) to exit. | 7.5 | HIGH | β | 0 |
| CVE-2022-21168 The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure. | 3.3 | LOW | β | 0 |
| CVE-2022-21202 The affected product is vulnerable to an out-of-bounds read, which may result in disclosure of sensitive information. | 3.3 | LOW | β | 0 |
| CVE-2022-21214 The affected product is vulnerable to a heap-based buffer overflow, which may lead to code execution. | 7.8 | HIGH | β | 0 |
| CVE-2022-21228 The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2022-22541 SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is t... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-26107 When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporaril... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-23702 A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to ... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-23703 A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would pote... | 7.5 | HIGH | β | 0 |
| CVE-2022-24383 The affected product is vulnerable to an out-of-bounds read, which may result in code execution | 7.8 | HIGH | β | 0 |
| CVE-2022-24812 Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key ar... | 8.0 | HIGH | β | 0 |
| CVE-2022-26105 SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user i... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-26108 When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavai... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-26109 When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes tempo... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-27139 An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's sec... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27140 An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27260 An arbitrary file upload vulnerability in the file upload component of ButterCMS v1.2.8 allows attackers to execute arbitrary code via a crafted SVG file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27261 An arbitrary file write vulnerability in Express-FileUpload v1.3.1 allows attackers to upload multiple files with the same name, causing an overwrite of files in the web application server. | 7.5 | HIGH | β | 0 |
| CVE-2022-27262 An arbitrary file upload vulnerability in the file upload module of Skipper v0.9.1 allows attackers to execute arbitrary code via a crafted file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27263 An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27654 When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unav... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-27655 When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavail... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-27657 A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Dia... | 2.7 | LOW | β | 0 |
| CVE-2022-27667 Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricte... | 7.5 | HIGH | β | 0 |
| CVE-2022-22561 Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper restriction of excessive authentication attempts. An unauthenticated remote attacker could potentially exploit this vulnerability, le... | 8.1 | HIGH | β | 0 |
| CVE-2022-27669 An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalat... | 7.5 | HIGH | β | 0 |
| CVE-2022-27670 SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect i... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-27671 A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-27952 An arbitrary file upload vulnerability in the file upload module of PayloadCMS v0.15.0 allows attackers to execute arbitrary code via a crafted SVG file. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28213 When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, whi... | 8.1 | HIGH | β | 0 |
| CVE-2022-28215 SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to th... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-28216 SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-28397 An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-28770 Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploita... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-28772 By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL6... | 7.5 | HIGH | β | 0 |
| CVE-2022-22562 Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability. | 7.5 | HIGH | β | 0 |
| CVE-2022-28795 A vulnerability within the Avira Password Manager Browser Extensions provided a potential loophole where, if a user visited a page crafted by an attacker, the discovered vulnerability could trigger th... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-28544 Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal 'copyfrom' paths that should be hidden according to configured path-based authorization (authz) rules. When a ... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-22549 Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture o... | 7.5 | HIGH | β | 0 |
| CVE-2022-22550 Dell PowerScale OneFS, versions 8.2.2 and above, contain a password disclosure vulnerability. An unprivileged local attacker could potentially exploit this vulnerability, leading to account take over. | 6.7 | MEDIUM | β | 0 |
| CVE-2022-22559 Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or risky cryptographic algorithm. An unprivileged network attacker could exploit this vulnerability, leading to the potential for infor... | 7.5 | HIGH | β | 0 |
| CVE-2022-22560 Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials. This allows a local user with knowledge of the credentials to login as the admin user to the backend ethernet switch of a PowerS... | 7.1 | HIGH | β | 0 |
| CVE-2022-22565 Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper authorization of index containing sensitive information. An authenticated and privileged user could potentially exploit this vulnerabil... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-23159 Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_... | 4.8 | MEDIUM | β | 0 |
| CVE-2022-23160 Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user could potentially exploit this vulnerability, leading to ... | 5.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.