Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-38957 IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. | 7.5 | HIGH | β | 0 |
| CVE-2021-40003 HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-38990 IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952. | 7.8 | HIGH | β | 0 |
| CVE-2021-39993 There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this vulnerability may cause out-of-bounds access. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39996 There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39998 There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and... | 7.5 | HIGH | β | 0 |
| CVE-2021-40000 The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. | 8.8 | HIGH | β | 0 |
| CVE-2021-40001 The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-40004 The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2021-40005 The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2021-40009 There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-40010 The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability may result in malicious code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40011 There is an uncontrolled resource consumption vulnerability in the display module. Successful exploitation of this vulnerability may affect integrity. | 7.5 | HIGH | β | 0 |
| CVE-2021-40018 The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2021-40020 There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2021-40021 The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2021-40022 The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2021-40025 The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | HIGH | β | 0 |
| CVE-2021-40026 There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 7.5 | HIGH | β | 0 |
| CVE-2021-40028 The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity. | 7.5 | HIGH | β | 0 |
| CVE-2021-45856 Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash | 7.5 | HIGH | β | 0 |
| CVE-2021-40029 There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function s... | 7.5 | HIGH | β | 0 |
| CVE-2021-40031 There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 7.5 | HIGH | β | 0 |
| CVE-2021-40035 There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function s... | 7.5 | HIGH | β | 0 |
| CVE-2021-40037 There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-40038 There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 7.5 | HIGH | β | 0 |
| CVE-2021-40039 There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | 7.5 | HIGH | β | 0 |
| CVE-2021-40041 There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit... | 4.2 | MEDIUM | β | 0 |
| CVE-2021-42392 The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-42748 In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-42749 In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that t... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-43579 A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. | 7.8 | HIGH | β | 0 |
| CVE-2021-44024 A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwri... | 7.1 | HIGH | β | 0 |
| CVE-2021-44528 A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Au... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-45231 A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to crea... | 7.8 | HIGH | β | 0 |
| CVE-2021-45334 Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection | 9.8 | CRITICAL | β | 0 |
| CVE-2021-45440 A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privi... | 7.8 | HIGH | β | 0 |
| CVE-2021-45441 A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and e... | 7.8 | HIGH | β | 0 |
| CVE-2021-45442 A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is ... | 7.1 | HIGH | β | 0 |
| CVE-2021-46045 GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46046 A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent). | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46047 A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46048 A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46049 A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46050 A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46051 A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. . | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46052 A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46053 A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-46146 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-46147 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF. | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.