Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-5349 Dell EMC Networking S4100 and S5200 Series Switches manufactured prior to February 2020 contain a hardcoded credential vulnerability. A remote unauthenticated malicious user could exploit this vulnera... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32773 Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to inc... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-32774 DataDump is a MediaWiki extension that provides dumps of wikis. Prior to commit 67a82b76e186925330b89ace9c5fd893a300830b, DataDump had no protection against CSRF attacks so requests to generate or del... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-26081 REST API in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to enumerate usernames via... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-26082 The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary ... | 5.4 | MEDIUM | β | 0 |
| CVE-2019-25050 netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and ... | 7.8 | HIGH | β | 0 |
| CVE-2019-25051 objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). | 7.8 | HIGH | β | 0 |
| CVE-2020-36428 matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4). | 8.8 | HIGH | β | 0 |
| CVE-2020-36429 Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth. | 5.5 | MEDIUM | β | 0 |
| CVE-2020-36430 libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction. | 7.8 | HIGH | β | 0 |
| CVE-2020-36431 Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-35054 Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of arbitrary JSON files. | 7.5 | HIGH | β | 0 |
| CVE-2021-36977 matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based buffer overflow in H5MM_memcpy (called from H5MM_malloc and H5C_load_entry), related to use of HDF5 1.12.0. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-36978 QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-36979 Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb). | 5.5 | MEDIUM | β | 0 |
| CVE-2020-7866 When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation | 8.8 | HIGH | β | 0 |
| CVE-2021-24022 A buffer overflow vulnerability in FortiAnalyzer CLI 6.4.5 and below, 6.2.7 and below, 6.0.x and FortiManager CLI 6.4.5 and below, 6.2.7 and below, 6.0.x may allow an authenticated, local attacker to ... | 6.7 | MEDIUM | β | 0 |
| CVE-2021-26095 The combination of various cryptographic issues in the session management of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6, including the encryption construction of the session cookie, may all... | 7.5 | HIGH | β | 0 |
| CVE-2021-27021 A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query. | 8.8 | HIGH | β | 0 |
| CVE-2021-32463 An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One as a Service (SaaS), Worry-Free Business Security 10.0 SP1 and Worry-Free Servgices could allow a l... | 7.8 | HIGH | β | 0 |
| CVE-2020-15660 Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution. | 8.8 | HIGH | β | 0 |
| CVE-2021-22235 Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file | 7.5 | HIGH | β | 0 |
| CVE-2021-27338 Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-27517 Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-35427 SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-32667 TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page ... | 6.4 | MEDIUM | β | 0 |
| CVE-2021-2457 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerabi... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-32668 TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error ... | 6.4 | MEDIUM | β | 0 |
| CVE-2021-3246 A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. | 8.8 | HIGH | β | 0 |
| CVE-2021-32669 TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settin... | 6.4 | MEDIUM | β | 0 |
| CVE-2021-32767 TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. Th... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-20478 IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497. | 3.3 | LOW | β | 0 |
| CVE-2021-32763 OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the `MessagesController` class of OpenProject has a `quote` method that implements the logic behind the ... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-25205 The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-25206 The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to ... | 7.2 | HIGH | β | 0 |
| CVE-2021-33909 fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by... | 7.8 | HIGH | β | 0 |
| CVE-2020-23284 Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals intern... | 7.5 | HIGH | β | 0 |
| CVE-2021-36230 HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organiz... | 8.8 | HIGH | β | 0 |
| CVE-2021-36746 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-36747 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-32751 Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code ex... | 7.5 | HIGH | β | 0 |
| CVE-2021-2323 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Flex-Branch). Supported versions that are affected are 12.3, 12.4, 14.0-14.4 and . ... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-2324 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Loans And Deposits). Supported versions that are affected are 12.0-12.4, 14.0-14.4 ... | 4.6 | MEDIUM | β | 0 |
| CVE-2021-2326 Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker hav... | 2.7 | LOW | β | 0 |
| CVE-2021-2328 Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attac... | 7.2 | HIGH | β | 0 |
| CVE-2021-2329 Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged att... | 7.2 | HIGH | β | 0 |
| CVE-2021-2330 Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table ... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-2333 Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged att... | 4.9 | MEDIUM | β | 0 |
| CVE-2020-20262 Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Ser... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-2448 Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is ... | 3.7 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.