Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-36420 Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no ... | 7.5 | HIGH | β | 0 |
| CVE-2021-25318 A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster to modify resources they should not have access to. This issue affects: Rancher versions pr... | 8.8 | HIGH | β | 0 |
| CVE-2021-25320 A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach ... | 9.9 | CRITICAL | β | 0 |
| CVE-2021-33505 A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1. | 7.8 | HIGH | β | 0 |
| CVE-2020-15496 Acronis True Image for Mac before 2021 Update 4 allowed local privilege escalation due to insecure folder permissions. | 7.8 | HIGH | β | 0 |
| CVE-2021-34558 The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malic... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-34687 iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A man in the middle can recover a system's Personal Key when a client attempts to make a LAN connection. The Personal Key is tra... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-34688 iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read an encrypted version of the system's Personal Key in world-readable %PROGRAMDATA% log ... | 3.3 | LOW | β | 0 |
| CVE-2021-34689 iDrive RemotePC before 7.6.48 on Windows allows information disclosure. A locally authenticated attacker can read the system's Personal Key in world-readable %PROGRAMDATA% log files. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-34690 iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. A remote and unauthenticated attacker can bypass cloud authentication to connect and control a system via TCP port 5970 and 5980. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-34691 iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remote and unauthenticated attacker can disconnect a valid user session by connecting to an ephemeral port. | 7.5 | HIGH | β | 0 |
| CVE-2021-34692 iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged user can force RemotePC to execute an attacker-controlled executable with SYSTEM privileges. | 7.8 | HIGH | β | 0 |
| CVE-2020-12729 MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. | 4.6 | MEDIUM | β | 0 |
| CVE-2020-12730 MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-12731 The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. | 7.5 | HIGH | β | 0 |
| CVE-2021-21586 Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A remote authenticated malicious user could exploit this vulnerability in order to read arbitrary files... | 8.1 | HIGH | β | 0 |
| CVE-2020-15495 Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 | HIGH | β | 0 |
| CVE-2020-25593 Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions. | 6.7 | MEDIUM | β | 0 |
| CVE-2020-25736 Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | 7.8 | HIGH | β | 0 |
| CVE-2020-12732 DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-12733 Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. | 7.5 | HIGH | β | 0 |
| CVE-2021-21587 Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-12734 DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change the SSID and password, and demand a ransom payment from the rightful device owner, because there is no way to reset to Factory Defa... | 8.1 | HIGH | β | 0 |
| CVE-2021-20439 IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user. | 7.5 | HIGH | β | 0 |
| CVE-2021-27845 A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c | 5.5 | MEDIUM | β | 0 |
| CVE-2021-27847 Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-29725 IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1, 6.0.2 could allow a remote user to consume resources causing a denial of service due to a resource ... | 7.5 | HIGH | β | 0 |
| CVE-2021-29749 IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests f... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-32750 MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attack... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-34429 For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security co... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-3042 A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent on Windows platforms that enables an authenticated local Windows user to execute programs with SYSTEM ... | 7.8 | HIGH | β | 0 |
| CVE-2021-3043 A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console... | 7.5 | HIGH | β | 0 |
| CVE-2020-11633 The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbi... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20496 IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. | 4.9 | MEDIUM | β | 0 |
| CVE-2021-20497 IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197969 | 7.5 | HIGH | β | 0 |
| CVE-2021-20498 IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-20499 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be use... | 2.7 | LOW | β | 0 |
| CVE-2021-20500 IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. | 4.4 | MEDIUM | β | 0 |
| CVE-2021-20510 IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299 | 4.4 | MEDIUM | β | 0 |
| CVE-2021-20511 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/..... | 4.9 | MEDIUM | β | 0 |
| CVE-2020-18879 Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20523 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be use... | 2.7 | LOW | β | 0 |
| CVE-2021-20524 IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-20533 IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813 | 7.2 | HIGH | β | 0 |
| CVE-2021-20534 IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remot... | 3.5 | LOW | β | 0 |
| CVE-2021-20537 IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external ... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-29699 IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. IBM X-Force ID: 200600. | 6.8 | MEDIUM | β | 0 |
| CVE-2021-29742 IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the system. IBM X-Force ID: 201483. | 8.0 | HIGH | β | 0 |
| CVE-2021-34827 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnera... | 8.8 | HIGH | β | 0 |
| CVE-2021-34828 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1330 1.13B01 BETA routers. Authentication is not required to exploit this vulnera... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.