Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-41579 LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attac... | 7.8 | HIGH | β | 0 |
| CVE-2021-41093 Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in... | 7.4 | HIGH | β | 0 |
| CVE-2021-41094 Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to en... | 4.2 | MEDIUM | β | 0 |
| CVE-2021-42008 The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root ... | 7.8 | HIGH | β | 0 |
| CVE-2021-41100 Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session... | 7.4 | HIGH | β | 0 |
| CVE-2021-41118 The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular express... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-41651 A blind SQL injection vulnerability exists in the Raymart DG / Ahmed Helal Hotel-mgmt-system. A malicious attacker can retrieve sensitive database information and interact with the database using the ... | 7.5 | HIGH | β | 0 |
| CVE-2020-21386 A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges. | 8.8 | HIGH | β | 0 |
| CVE-2020-21387 A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-39433 A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to... | 7.5 | HIGH | β | 0 |
| CVE-2021-41092 Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configura... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-21431 HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-21434 Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-21493 An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-21494 A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-21495 A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-21496 A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-32765 Hiredis is a minimalistic C client library for the Redis database. In affected versions Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted `RESP` `mult-bulk` protoc... | 8.8 | HIGH | β | 0 |
| CVE-2021-41089 Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted ... | 2.8 | LOW | β | 0 |
| CVE-2021-41091 Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirect... | 6.3 | MEDIUM | β | 0 |
| CVE-2021-41123 Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-42006 An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file. | 8.8 | HIGH | β | 0 |
| CVE-2021-41524 While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. ... | 7.5 | HIGH | β | 0 |
| CVE-2021-35503 Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-35504 Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | 7.2 | HIGH | β | 0 |
| CVE-2021-35505 Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | 7.2 | HIGH | β | 0 |
| CVE-2021-37223 Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in schedulereport.php. Any authenticated user can create scheduled reports containing PDF screenshots o... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-39887 A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf. | 7.3 | HIGH | β | 0 |
| CVE-2021-39866 A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-39867 In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side Request Forgery (SSRF) attacks. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-39869 In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-39872 In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquire... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-39875 In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-39878 A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code. | 5.8 | MEDIUM | β | 0 |
| CVE-2021-39882 In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-39884 In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that are part of that project. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-39888 In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal deta... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-39893 A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-39894 In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server Side Request Forgery attacks. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-22257 An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route ... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-22258 The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses | 4.3 | MEDIUM | β | 0 |
| CVE-2021-22261 A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting fr... | 7.3 | HIGH | β | 0 |
| CVE-2021-22262 Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integr... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-22264 An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. Under spec... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-39870 In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-39881 In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick un... | 3.5 | LOW | β | 0 |
| CVE-2021-39886 Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references... | 2.6 | LOW | β | 0 |
| CVE-2021-39889 In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name to a malicious user who makes a crafted API ... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-39891 In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of impersonation which may lead to unnecessary sensitive ... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-39880 A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions st... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.