Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-20392 IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20393 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This informatio... | 7.5 | HIGH | β | 0 |
| CVE-2021-20429 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-32633 Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-31440 This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the targ... | 7.0 | HIGH | β | 0 |
| CVE-2021-31473 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.3.37598. User interaction is required to exploit this vulnerability in that the targ... | 7.8 | HIGH | β | 0 |
| CVE-2021-31474 This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulner... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-33512 Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-31475 This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Job Scheduler 2020.2.1 HF 2. Authentication is required to exploit this vulnerability... | 8.8 | HIGH | β | 0 |
| CVE-2018-25009 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | 9.1 | CRITICAL | β | 0 |
| CVE-2018-25010 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | 9.1 | CRITICAL | β | 0 |
| CVE-2018-25011 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25012 A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | 9.1 | CRITICAL | β | 0 |
| CVE-2018-25014 A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36328 A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulne... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36329 A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36330 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the... | 9.1 | CRITICAL | β | 0 |
| CVE-2021-25400 Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. | 7.8 | HIGH | β | 0 |
| CVE-2020-36331 A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the serv... | 9.1 | CRITICAL | β | 0 |
| CVE-2020-36332 A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | 7.5 | HIGH | β | 0 |
| CVE-2020-23765 A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe ... | 7.2 | HIGH | β | 0 |
| CVE-2020-23766 An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privilege... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-23768 An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allo... | 7.5 | HIGH | β | 0 |
| CVE-2021-27811 A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of client_upgrade_edition.php and Upgrade... | 7.2 | HIGH | β | 0 |
| CVE-2021-29681 IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-32634 Emissary is a distributed, peer-to-peer, data-driven workflow framework. Emissary 6.4.0 is vulnerable to Unsafe Deserialization of post-authenticated requests to the [`WorkSpaceClientEnqueue.action`](... | 7.2 | HIGH | β | 0 |
| CVE-2008-3280 It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-21549 Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged v... | 8.8 | HIGH | β | 0 |
| CVE-2021-21552 Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit... | 5.2 | MEDIUM | β | 0 |
| CVE-2021-33500 PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWi... | 7.5 | HIGH | β | 0 |
| CVE-2021-33507 Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-33508 Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-33509 Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script. | 9.9 | CRITICAL | β | 0 |
| CVE-2021-33510 Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-33511 Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel. | 7.5 | HIGH | β | 0 |
| CVE-2021-33514 Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vulnerable /sqfs/lib/libsal.so.0.0 library used by a CGI application, as demonstrated by setup.cgi?toke... | 8.8 | HIGH | β | 0 |
| CVE-2021-1254 Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the inter... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-1306 A vulnerability in the restricted shell of Cisco Evolved Programmable Network (EPN) Manager, Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local at... | 4.4 | MEDIUM | β | 0 |
| CVE-2021-1358 A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to imprope... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-1487 A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary co... | 8.8 | HIGH | β | 0 |
| CVE-2021-1531 A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating ... | 8.8 | HIGH | β | 0 |
| CVE-2021-1547 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-1548 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-1549 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-1550 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-1551 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-1552 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-1553 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-1554 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ... | 4.7 | MEDIUM | β | 0 |
| CVE-2021-1555 Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to perform ... | 4.7 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.