Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-19419 Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | 7.5 | HIGH | β | 0 |
| CVE-2020-27632 In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. | 7.5 | HIGH | β | 0 |
| CVE-2020-35221 The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to qui... | 8.8 | HIGH | β | 0 |
| CVE-2020-35223 The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. | 8.8 | HIGH | β | 0 |
| CVE-2020-35224 A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-27919 archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fil... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-35225 The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of servi... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-3034 An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto... | 5.1 | MEDIUM | β | 0 |
| CVE-2020-35226 NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. | 7.1 | HIGH | β | 0 |
| CVE-2020-35227 A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitel... | 7.2 | HIGH | β | 0 |
| CVE-2020-35228 A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the languag... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-35229 The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allo... | 8.8 | HIGH | β | 0 |
| CVE-2020-35230 Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused... | 6.8 | MEDIUM | β | 0 |
| CVE-2020-35231 The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the... | 8.8 | HIGH | β | 0 |
| CVE-2020-35233 The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a deni... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-28134 Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21334 In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/conta... | 6.3 | MEDIUM | β | 0 |
| CVE-2021-21371 Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pyp... | 5.0 | MEDIUM | β | 0 |
| CVE-2020-15260 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJ... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-21375 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earli... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-27918 encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, ... | 7.5 | HIGH | β | 0 |
| CVE-2020-1898 The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. Th... | 7.5 | HIGH | β | 0 |
| CVE-2020-1899 The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were stat... | 7.5 | HIGH | β | 0 |
| CVE-2020-1900 When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalida... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21363 swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger defin... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-29032 A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-21364 swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger defin... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-21378 Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider l... | 8.2 | HIGH | β | 0 |
| CVE-2021-28132 LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because the Migration Tool (in the Support section) allows upload of .php files within a system.tar.gz file.... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-4976 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID... | 4.4 | MEDIUM | β | 0 |
| CVE-2020-5024 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake r... | 7.5 | HIGH | β | 0 |
| CVE-2021-29033 A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI. | 4.8 | MEDIUM | β | 0 |
| CVE-2020-5025 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local... | 7.8 | HIGH | β | 0 |
| CVE-2021-1640 Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-1729 Windows Update Stack Setup Elevation of Privilege Vulnerability | 7.1 | HIGH | β | 0 |
| CVE-2021-20336 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-24089 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-26859 Microsoft Power BI Information Disclosure Vulnerability | 7.7 | HIGH | β | 0 |
| CVE-2021-24090 Windows Error Reporting Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-24095 DirectX Elevation of Privilege Vulnerability | 7.0 | HIGH | β | 0 |
| CVE-2021-24104 Microsoft SharePoint Server Spoofing Vulnerability | 4.6 | MEDIUM | β | 0 |
| CVE-2021-24107 Windows Event Tracing Information Disclosure Vulnerability | 5.5 | MEDIUM | β | 0 |
| CVE-2021-24108 Microsoft Office Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-24110 HEVC Video Extensions Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-26860 Windows App-V Overlay Filter Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-26861 Windows Graphics Component Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-26862 Windows Installer Elevation of Privilege Vulnerability | 7.0 | HIGH | β | 0 |
| CVE-2021-26863 Windows Win32k Elevation of Privilege Vulnerability | 7.0 | HIGH | β | 0 |
| CVE-2020-36142 BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserting '../' payloads within the 'fileurl' parameter. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-26864 Windows Virtual Registry Provider Elevation of Privilege Vulnerability | 8.4 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.