Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-42245 FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-42889 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. | 7.5 | HIGH | β | 0 |
| CVE-2021-42890 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42891 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. | 7.5 | HIGH | β | 0 |
| CVE-2021-42892 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-42893 In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. | 7.5 | HIGH | β | 0 |
| CVE-2022-26493 Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting ... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-30860 FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. | 7.2 | HIGH | β | 0 |
| CVE-2022-30861 FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-43271 Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) log... | 6.8 | MEDIUM | β | 0 |
| CVE-2022-29770 XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-29773 An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifi... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-29778 D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php | 8.8 | HIGH | β | 0 |
| CVE-2022-29784 PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | 5.3 | MEDIUM | β | 0 |
| CVE-2022-32291 In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. | 8.8 | HIGH | β | 0 |
| CVE-2022-32296 The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC... | 3.3 | LOW | β | 0 |
| CVE-2021-41932 A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromi... | 8.8 | HIGH | β | 0 |
| CVE-2021-39947 In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of se... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-1783 An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It... | 2.7 | LOW | β | 0 |
| CVE-2022-1821 An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-1935 Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker ... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-39606 Improper input validation in some Intel(R) PROSet/Wireless WiFi and KillerΓ’βΒ’ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service v... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-1936 Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker ... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-1940 A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to e... | 7.7 | HIGH | β | 0 |
| CVE-2022-1944 When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-31479 An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts produ... | 9.6 | CRITICAL | β | 0 |
| CVE-2022-31480 An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelli... | 7.5 | HIGH | β | 0 |
| CVE-2022-31481 An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, ... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-31482 An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Con... | 7.5 | HIGH | β | 0 |
| CVE-2022-31483 An authenticated attacker can upload a file with a filename including β..β and β/β to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products bas... | 9.1 | CRITICAL | β | 0 |
| CVE-2022-31484 An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501... | 7.5 | HIGH | β | 0 |
| CVE-2022-31485 An unauthenticated attacker can send a specially crafted packets to update the βnotesβ section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intellige... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-31486 An authenticated attacker can send a specially crafted route to the βedit_route.cgiβ binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Con... | 8.8 | HIGH | β | 0 |
| CVE-2022-29617 Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-1680 An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 be... | 9.9 | CRITICAL | β | 0 |
| CVE-2022-21745 In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotsp... | 8.8 | HIGH | β | 0 |
| CVE-2022-21746 In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed f... | 4.4 | MEDIUM | β | 0 |
| CVE-2022-21747 In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed f... | 4.4 | MEDIUM | β | 0 |
| CVE-2022-21748 In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is n... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-33653 Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | MEDIUM | β | 0 |
| CVE-2022-21749 In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interac... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-21750 In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-21751 In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-21752 In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-21753 In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-24969 bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | 6.1 | MEDIUM | β | 0 |
| CVE-2022-2016 Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-2017 A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the ... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-2018 A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inma... | 4.7 | MEDIUM | β | 0 |
| CVE-2022-2019 A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.