Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-36846 Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Premio Chaty (WordPress plugin) <= 2.8.3 | 4.8 | MEDIUM | β | 0 |
| CVE-2021-36848 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Feather (WordPress plugin) versions <= 2.0.4 | 3.4 | LOW | β | 0 |
| CVE-2021-36893 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Responsive Tabs (WordPress plugin) <= 4.0.5 | 4.8 | MEDIUM | β | 0 |
| CVE-2022-20080 In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for ex... | 6.4 | MEDIUM | β | 0 |
| CVE-2021-36896 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2 | 4.8 | MEDIUM | β | 0 |
| CVE-2021-36910 Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | 3.4 | LOW | β | 0 |
| CVE-2021-38125 Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the depl... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40065 The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2021-43177 As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interv... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-46740 The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2021-46742 The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability. | 9.1 | CRITICAL | β | 0 |
| CVE-2021-4047 The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. | 7.5 | HIGH | β | 0 |
| CVE-2022-0552 A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-ht... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-0835 AVEVA System Platform 2020 stores sensitive information in cleartext, which may allow access to an attacker or a low-privileged user. | 8.1 | HIGH | β | 0 |
| CVE-2022-0999 An authenticated user may be able to misuse parameters to inject arbitrary operating system commands into mySCADA myPRO versions 8.25.0 and prior. | 8.8 | HIGH | β | 0 |
| CVE-2022-1067 Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-20081 In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User int... | 5.9 | MEDIUM | β | 0 |
| CVE-2022-1157 Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to b... | 2.6 | LOW | β | 0 |
| CVE-2022-1161 An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable p... | 10.0 | CRITICAL | β | 0 |
| CVE-2022-1193 Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private proje... | 4.3 | MEDIUM | β | 0 |
| CVE-2022-1262 A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | 7.8 | HIGH | β | 0 |
| CVE-2022-20052 In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploita... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-20062 In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for explo... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-20063 In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is neede... | 6.5 | MEDIUM | β | 0 |
| CVE-2022-20064 In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not n... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-20065 In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed f... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-20066 In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interac... | 4.4 | MEDIUM | β | 0 |
| CVE-2022-20067 In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed f... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-22571 An authenticated high privileged user can perform a stored XSS attack due to incorrect output encoding in Incapptic connect and affects all current versions. | 4.8 | MEDIUM | β | 0 |
| CVE-2022-20068 In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interact... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-20069 In preloader (usb), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no... | 6.6 | MEDIUM | β | 0 |
| CVE-2022-20070 In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed ... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-20071 In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction ... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-22572 A non-admin user with user management permission can escalate his privilege to admin user via password reset functionality. The vulnerability affects Incapptic Connect version < 1.40.1. | 8.8 | HIGH | β | 0 |
| CVE-2022-20072 In search engine service, there is a possible way to change the default search engine due to an incorrect comparison. This could lead to local escalation of privilege with System execution privileges ... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-20073 In preloader (usb), there is a possible out of bounds write due to a integer underflow. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no... | 6.6 | MEDIUM | β | 0 |
| CVE-2022-20074 In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device... | 6.6 | MEDIUM | β | 0 |
| CVE-2022-20075 In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-22253 The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. | 7.5 | HIGH | β | 0 |
| CVE-2022-20076 In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not neede... | 4.4 | MEDIUM | β | 0 |
| CVE-2022-20077 In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for explo... | 6.4 | MEDIUM | β | 0 |
| CVE-2022-20078 In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for explo... | 6.4 | MEDIUM | β | 0 |
| CVE-2022-20079 In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is ... | 4.4 | MEDIUM | β | 0 |
| CVE-2022-22254 A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2022-22255 The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. | 7.5 | HIGH | β | 0 |
| CVE-2022-22256 The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2022-22257 The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. | 7.5 | HIGH | β | 0 |
| CVE-2022-22258 The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and resul... | 9.8 | CRITICAL | β | 0 |
| CVE-2022-22962 VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploi... | 7.8 | HIGH | β | 0 |
| CVE-2022-22964 VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.