Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-34510 Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34521 Raw Image Extension Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34511 Windows Installer Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34512 Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34513 Storage Spaces Controller Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34514 Windows Kernel Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34522 Microsoft Defender Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34516 Win32k Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34517 Microsoft SharePoint Server Spoofing Vulnerability | 5.3 | MEDIUM | β | 0 |
| CVE-2021-34518 Microsoft Excel Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34519 Microsoft SharePoint Server Information Disclosure Vulnerability | 5.3 | MEDIUM | β | 0 |
| CVE-2021-34520 Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.1 | HIGH | β | 0 |
| CVE-2021-34525 Windows DNS Server Remote Code Execution Vulnerability | 8.8 | HIGH | β | 0 |
| CVE-2021-34528 Visual Studio Code Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34529 Visual Studio Code Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2020-18151 Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, which can add an admin account. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-34173 An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed beacon csa frame. The device requires a reboot to recover. | 7.5 | HIGH | β | 0 |
| CVE-2021-34174 A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wireless router using BCM4352 and BCM43684 will be affected, such as ASUS AX6100. An attacker may cause a Denial of Service (DoS) to ... | 4.6 | MEDIUM | β | 0 |
| CVE-2020-18155 SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22867 A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-24133 A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36420 Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no ... | 7.5 | HIGH | β | 0 |
| CVE-2021-25318 A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions pr... | 8.8 | HIGH | β | 0 |
| CVE-2021-25320 A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach ... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-33505 A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1. | 7.8 | HIGH | β | 0 |
| CVE-2020-15496 Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | 7.8 | HIGH | β | 0 |
| CVE-2021-34558 The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malic... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-34687 iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is tra... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-34688 iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log ... | 3.3 | LOW | β | 0 |
| CVE-2021-34689 iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-34690 iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34691 iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. | 7.5 | HIGH | β | 0 |
| CVE-2021-34692 iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges. | 7.8 | HIGH | β | 0 |
| CVE-2020-12729 MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. | 4.6 | MEDIUM | β | 0 |
| CVE-2020-12730 MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-12731 The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. | 7.5 | HIGH | β | 0 |
| CVE-2021-21586 Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files... | 8.1 | HIGH | β | 0 |
| CVE-2020-15495 Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 | HIGH | β | 0 |
| CVE-2020-25593 Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | 6.7 | MEDIUM | β | 0 |
| CVE-2020-25736 Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 | HIGH | β | 0 |
| CVE-2020-12732 DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-12733 Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. | 7.5 | HIGH | β | 0 |
| CVE-2021-21587 Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-12734 DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Defa... | 8.1 | HIGH | β | 0 |
| CVE-2021-20439 IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. | 7.5 | HIGH | β | 0 |
| CVE-2021-27845 A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c | 5.5 | MEDIUM | β | 0 |
| CVE-2021-27847 Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-29725 IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource ... | 7.5 | HIGH | β | 0 |
| CVE-2021-29749 IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests f... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-32750 MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attack... | 6.8 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.