Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-25406 Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in delete_query.php via the DELETE_STR parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-0736 Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | 7.5 | HIGH | β | 0 |
| CVE-2022-0719 Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-0721 Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-0724 Insecure Storage of Sensitive Information in GitHub repository microweber/microweber prior to 1.3. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-0726 Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-0727 Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-0729 Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. | 8.8 | HIGH | β | 0 |
| CVE-2022-0476 Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-20623 A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to... | 8.6 | HIGH | β | 0 |
| CVE-2022-20624 A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affecte... | 8.6 | HIGH | β | 0 |
| CVE-2022-20625 A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in ... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-20650 A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient... | 8.8 | HIGH | β | 0 |
| CVE-2022-0731 Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-21705 Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to ... | 7.2 | HIGH | β | 0 |
| CVE-2021-4070 Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0. | 9.1 | CRITICAL | β | 0 |
| CVE-2022-22333 IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly val... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-22336 IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource lea... | 7.5 | HIGH | β | 0 |
| CVE-2022-24409 Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-23651 b2-sdk-python is a python library to access cloud storage provided by backblaze. Linux and Mac releases of the SDK version 1.14.0 and below contain a key disclosure vulnerability that, in certain cond... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-23653 B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vuln... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-23655 Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers m... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-26092 Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and Fo... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-24451 VP9 Video Extensions Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-35689 A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This high severity potential vulnerability allows attackers to perform remote code execution on Taleo Enter... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24671 A link following privilege escalation vulnerability in Trend Micro Antivirus for Max 11.0.2150 and below could allow a local attacker to modify a file during the update process and escalate their priv... | 7.8 | HIGH | β | 0 |
| CVE-2022-24678 An security agent resource exhaustion denial-of-service vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worr... | 7.5 | HIGH | β | 0 |
| CVE-2022-24679 A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-F... | 7.8 | HIGH | β | 0 |
| CVE-2022-24680 A security link following local privilege escalation vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service, Trend Micro Worry-Free Business Security 10.0 SP1 and Trend Micro Worry-F... | 7.8 | HIGH | β | 0 |
| CVE-2022-25329 Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed in the console. An unauthenticated remote attacker with access ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25330 Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the process or achieve remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-25331 Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. | 7.5 | HIGH | β | 0 |
| CVE-2021-43943 Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vuln... | 4.8 | MEDIUM | β | 0 |
| CVE-2022-24435 Cross-site scripting vulnerability in phpUploader v1.2 and earlier allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-0695 Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-25058 An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future. | 7.8 | HIGH | β | 0 |
| CVE-2020-27467 A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. | 7.5 | HIGH | β | 0 |
| CVE-2021-25636 LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature i... | 7.5 | HIGH | β | 0 |
| CVE-2021-43724 A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-44550 An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). | 9.8 | CRITICAL | β | 0 |
| CVE-2022-24565 Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias of a site was not properly escaped when shown as con... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-44565 A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or H... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-44566 A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-44567 An unauthenticated SQL Injection vulnerability exists in RosarioSIS before 7.6.1 via the votes parameter in ProgramFunctions/PortalPollsNotes.fnc.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44607 A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-44608 Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-44610 Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) URLs, (2) lang_id, (3) tmpl_id, (4) mod_rewrite (5) eta_doctype. (6) meta_charset, (7) default_group, and (8) pag... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45746 A Directory Traversal vulnerability exists in WeBankPartners wecube-platform 3.2.1 via the file variable in PluginPackageController.java. | 7.5 | HIGH | β | 0 |
| CVE-2021-4029 A command injection vulnerability in the CGI program of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary OS commands via a LAN interface. | 8.8 | HIGH | β | 0 |
| CVE-2021-4030 A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a co... | 8.0 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.