Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-23390 The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-29792 IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their own certificates and deploy them in the cluster and gain privileges of another user. IBM X-Force ID: ... | 7.2 | HIGH | β | 0 |
| CVE-2021-1953 Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon ... | 7.5 | HIGH | β | 0 |
| CVE-2021-29794 IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enables weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sen... | 7.5 | HIGH | β | 0 |
| CVE-2021-29803 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-29804 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-29805 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-29822 IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-32703 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed a... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-32705 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed ... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-36381 In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user's browser via logon.jsp?logon_error= on the login screen of the Web application. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-18982 Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-19037 Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-19038 File Deletion vulnerability in Halo 0.4.3 via delBackup. | 9.1 | CRITICAL | β | 0 |
| CVE-2020-23079 SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | 7.5 | HIGH | β | 0 |
| CVE-2021-32689 Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat m... | 8.1 | HIGH | β | 0 |
| CVE-2021-1954 Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdrag... | 7.5 | HIGH | β | 0 |
| CVE-2021-32707 Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter fail... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-18544 SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php". | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19907 A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. | 8.8 | HIGH | β | 0 |
| CVE-2021-24365 The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type "Custom Field" allowed to choose an arbit... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-24385 The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user inpu... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24408 The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post mad... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-1955 Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Conn... | 7.5 | HIGH | β | 0 |
| CVE-2021-24418 The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payl... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-24419 The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users ... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-24420 The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quot... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-24421 The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use Jav... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-24424 The WP Reset β Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authe... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-24426 The Backup by 10Web β Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-Site S... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-24427 The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-24429 The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set Ja... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-24434 The Glass WordPress plugin through 1.3.2 does not sanitise or escape its "Glass Pages" setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-24439 The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the b... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-24440 The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored ... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-24441 The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue | 8.0 | HIGH | β | 0 |
| CVE-2021-24442 The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending a... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24454 In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-32725 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files ... | 3.5 | LOW | β | 0 |
| CVE-2021-32726 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused ... | 7.1 | HIGH | β | 0 |
| CVE-2021-32727 Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.... | 5.7 | MEDIUM | β | 0 |
| CVE-2021-32733 Nextcloud Text is a collaborative document editing application that uses Markdown. A cross-site scripting vulnerability is present in versions prior to 19.0.13, 20.0.11, and 21.0.3. The Nextcloud Text... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-32734 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exce... | 3.1 | LOW | β | 0 |
| CVE-2021-32741 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may ... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-32746 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the `doc` module of Icinga Web 2 allows to view documentation directly ... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-32747 Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-1964 Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdrag... | 7.5 | HIGH | β | 0 |
| CVE-2021-32754 FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity (XXE) vulnerability that allowed an attacker who had control over the source/sink definition ... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-11307 Buffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, S... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-1886 Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapd... | 8.4 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.