Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-34332 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of use... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-34333 A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of use... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-20250 Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL point... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-22873 Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22399 The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-22440 There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or direct... | 4.6 | MEDIUM | β | 0 |
| CVE-2021-31225 SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. | 7.3 | HIGH | β | 0 |
| CVE-2021-31810 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address... | 5.8 | MEDIUM | β | 0 |
| CVE-2021-36376 dandavison delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory. | 7.8 | HIGH | β | 0 |
| CVE-2021-20593 Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. 3.35, GB-50A Ver.2.50 to Ver. 3.35, AG-150A-A Ver.3.... | 7.1 | HIGH | β | 0 |
| CVE-2021-31220 SES Evolution before 2.1.0 allows modifying security policies by leveraging access of a user having read-only access to security policies. | 5.2 | MEDIUM | β | 0 |
| CVE-2021-31221 SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. | 5.7 | MEDIUM | β | 0 |
| CVE-2021-31222 SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. | 5.7 | MEDIUM | β | 0 |
| CVE-2021-31223 SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. | 5.7 | MEDIUM | β | 0 |
| CVE-2021-31224 SES Evolution before 2.1.0 allows duplicating an existing security policy by leveraging access of a user having read-only access to security policies. | 3.5 | LOW | β | 0 |
| CVE-2021-33578 Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication, e... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22874 Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22875 Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22876 Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release. | 7.5 | HIGH | β | 0 |
| CVE-2020-22882 Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61. | 7.5 | HIGH | β | 0 |
| CVE-2020-22884 Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-22885 Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service. | 7.5 | HIGH | β | 0 |
| CVE-2020-22886 Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service. | 7.5 | HIGH | β | 0 |
| CVE-2020-22907 Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter. | 7.5 | HIGH | β | 0 |
| CVE-2021-20360 IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195031. | 7.5 | HIGH | β | 0 |
| CVE-2021-20361 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-20362 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-20363 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-20364 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-20365 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-20366 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-20252 Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL point... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-20368 IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-20369 IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 195361. | 5.9 | MEDIUM | β | 0 |
| CVE-2021-20422 IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304. | 7.5 | HIGH | β | 0 |
| CVE-2021-20423 IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due to improper application permissions. IBM X-Force ID: 196308. | 8.8 | HIGH | β | 0 |
| CVE-2021-20424 IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in f... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-34552 Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31217 In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. | 9.1 | CRITICAL | β | 0 |
| CVE-2021-22000 VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to... | 7.8 | HIGH | β | 0 |
| CVE-2021-32755 Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-19716 A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS). | 6.5 | MEDIUM | β | 0 |
| CVE-2020-19717 An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). | 6.5 | MEDIUM | β | 0 |
| CVE-2020-19718 An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32435 Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-19721 A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). | 6.5 | MEDIUM | β | 0 |
| CVE-2020-19722 An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS). | 6.5 | MEDIUM | β | 0 |
| CVE-2021-20747 Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-20748 Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an exter... | 7.5 | HIGH | β | 0 |
| CVE-2021-20781 Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authenti... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.