Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2022-28661 A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially c... | 8.8 | HIGH | β | 0 |
| CVE-2022-28662 A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated buffer while parsing specially ... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-28663 A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing special... | 7.8 | HIGH | β | 0 |
| CVE-2022-0140 The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the ... | 5.3 | MEDIUM | β | 0 |
| CVE-2022-0878 Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equi... | 4.6 | MEDIUM | β | 0 |
| CVE-2022-24247 RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-24248 RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any fil... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-32040 It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-31805 The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tagβs attributes could perform a double evaluation if a developer applied forced OGNL evaluat... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-26507 A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810,... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27444 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27445 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27446 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. | 7.5 | HIGH | β | 0 |
| CVE-2022-1257 Insecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sen... | 6.1 | MEDIUM | β | 0 |
| CVE-2022-27447 MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. | 7.5 | HIGH | β | 0 |
| CVE-2022-27448 There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27449 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | 7.5 | HIGH | β | 0 |
| CVE-2022-27451 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27452 MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27455 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. | 7.5 | HIGH | β | 0 |
| CVE-2022-27456 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. | 7.5 | HIGH | β | 0 |
| CVE-2022-27457 MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. | 7.5 | HIGH | β | 0 |
| CVE-2021-45227 An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) a... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-45228 An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the t... | 5.4 | MEDIUM | β | 0 |
| CVE-2022-1258 A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the b... | 8.4 | HIGH | β | 0 |
| CVE-2022-27007 nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). | 9.8 | CRITICAL | β | 0 |
| CVE-2022-27008 nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. | 7.5 | HIGH | β | 0 |
| CVE-2022-22181 A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's br... | 8.0 | HIGH | β | 0 |
| CVE-2022-22182 A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the ... | 8.8 | HIGH | β | 0 |
| CVE-2022-22183 An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected rel... | 7.5 | HIGH | β | 0 |
| CVE-2021-21938 A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22185 A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, re... | 7.5 | HIGH | β | 0 |
| CVE-2022-22186 Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on EX4650 devices, packets received on the management interface (em0) but not destined to the device, may be improperly for... | 7.2 | HIGH | β | 0 |
| CVE-2022-22187 An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repai... | 7.8 | HIGH | β | 0 |
| CVE-2022-22188 An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attack... | 7.5 | HIGH | β | 0 |
| CVE-2021-21939 A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious ... | 8.8 | HIGH | β | 0 |
| CVE-2022-22189 An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication t... | 7.3 | HIGH | β | 0 |
| CVE-2022-22190 An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potential... | 7.4 | HIGH | β | 0 |
| CVE-2022-22191 A Denial of Service (DoS) vulnerability in the processing of a flood of specific ARP traffic in Juniper Networks Junos OS on the EX4300 switch, sent from the local broadcast domain, may allow an unaut... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-22193 An Improper Handling of Unexpected Data Type vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privi... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-22194 An Improper Check for Unusual or Exceptional Conditions vulnerability in the packetIO daemon of Juniper Networks Junos OS Evolved on PTX10003, PTX10004, and PTX10008 allows an unauthenticated, network... | 7.5 | HIGH | β | 0 |
| CVE-2022-22195 An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causi... | 7.5 | HIGH | β | 0 |
| CVE-2022-22196 An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacke... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-22197 An Operation on a Resource after Expiration or Release vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based atta... | 7.5 | HIGH | β | 0 |
| CVE-2022-22198 An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of t... | 7.5 | HIGH | β | 0 |
| CVE-2021-21942 An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provid... | 8.8 | HIGH | β | 0 |
| CVE-2022-25165 An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list... | 7.0 | HIGH | β | 0 |
| CVE-2022-25166 An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When... | 5.0 | MEDIUM | β | 0 |
| CVE-2022-27814 SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. | 3.3 | LOW | β | 0 |
| CVE-2022-27817 SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. | 4.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.