Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-26095 The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may all... | 7.5 | HIGH | β | 0 |
| CVE-2021-27021 A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | 8.8 | HIGH | β | 0 |
| CVE-2021-32463 An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a l... | 7.8 | HIGH | β | 0 |
| CVE-2020-15660 Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution. | 8.8 | HIGH | β | 0 |
| CVE-2021-22235 Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file | 7.5 | HIGH | β | 0 |
| CVE-2021-27338 Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-27517 Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-35427 SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32667 TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page ... | 6.4 | MEDIUM | β | 0 |
| CVE-2021-2457 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerabi... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-32668 TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error ... | 6.4 | MEDIUM | β | 0 |
| CVE-2021-3246 A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. | 8.8 | HIGH | β | 0 |
| CVE-2021-32669 TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settin... | 6.4 | MEDIUM | β | 0 |
| CVE-2021-32767 TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. Th... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-20478 IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497. | 3.3 | LOW | β | 0 |
| CVE-2021-32763 OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the `MessagesController` class of OpenProject has a `quote` method that implements the logic behind the ... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-25205 The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-25206 The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to ... | 7.2 | HIGH | β | 0 |
| CVE-2021-33909 fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by... | 7.8 | HIGH | β | 0 |
| CVE-2020-23284 Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals intern... | 7.5 | HIGH | β | 0 |
| CVE-2021-36230 HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organiz... | 8.8 | HIGH | β | 0 |
| CVE-2021-36746 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-36747 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-32751 Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code ex... | 7.5 | HIGH | β | 0 |
| CVE-2021-2323 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Flex-Branch). Supported versions that are affected are 12.3, 12.4, 14.0-14.4 and . ... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-2324 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Loans And Deposits). Supported versions that are affected are 12.0-12.4, 14.0-14.4 ... | 4.6 | MEDIUM | β | 0 |
| CVE-2021-2326 Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker hav... | 2.7 | LOW | β | 0 |
| CVE-2021-2328 Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attac... | 7.2 | HIGH | β | 0 |
| CVE-2021-2329 Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged att... | 7.2 | HIGH | β | 0 |
| CVE-2021-2330 Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table ... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-2333 Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged att... | 4.9 | MEDIUM | β | 0 |
| CVE-2020-20262 Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Ser... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-2448 Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is ... | 3.7 | LOW | β | 0 |
| CVE-2021-2449 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability... | 7.5 | HIGH | β | 0 |
| CVE-2021-2450 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability... | 7.5 | HIGH | β | 0 |
| CVE-2021-2451 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability... | 7.5 | HIGH | β | 0 |
| CVE-2021-1102 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can lead to floating point exceptions, which may lead to denial of service. This affects vGPU version 1... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-2452 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability... | 7.5 | HIGH | β | 0 |
| CVE-2021-2453 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability... | 7.5 | HIGH | β | 0 |
| CVE-2021-2454 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low p... | 7.0 | HIGH | β | 0 |
| CVE-2021-2455 Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerabilit... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-2456 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easil... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-2458 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Eas... | 7.6 | HIGH | β | 0 |
| CVE-2021-2460 Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability all... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-2462 Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-2463 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. E... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-20699 A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-1097 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest. This flaw allows a malicious guest to ... | 7.8 | HIGH | β | 0 |
| CVE-2021-1098 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. This flaw allows a malicious ... | 7.8 | HIGH | β | 0 |
| CVE-2021-1099 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. S... | 7.0 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.