Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-21568 Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration chan... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-21592 Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized informat... | 3.1 | LOW | — | 0 |
| CVE-2021-21594 Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive query strings vulnerability. It can lead to potential disclosure of sensitive data. Dell recommends up... | 8.2 | HIGH | — | 0 |
| CVE-2021-21595 Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges... | 6.0 | MEDIUM | — | 0 |
| CVE-2021-21599 Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to escalate privileges and esc... | 6.0 | MEDIUM | — | 0 |
| CVE-2021-36278 Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSO... | 8.1 | HIGH | — | 0 |
| CVE-2021-36279 Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSO... | 7.8 | HIGH | — | 0 |
| CVE-2021-36280 Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSO... | 7.8 | HIGH | — | 0 |
| CVE-2021-36281 Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment vulnerability. A low privileged authenticated user can potentially exploit this vulnerability to escalate pr... | 7.5 | HIGH | — | 0 |
| CVE-2021-36282 Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN... | 2.5 | LOW | — | 0 |
| CVE-2021-37709 Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability involving an insecure direct object reference of log files of the Import/Export feature. Version 6.4.3.... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-37710 Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older ve... | 8.0 | HIGH | — | 0 |
| CVE-2021-37711 Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, an... | 8.8 | HIGH | — | 0 |
| CVE-2020-4706 IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attac... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-4992 IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user tha... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-25956 In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming ... | 4.7 | MEDIUM | — | 0 |
| CVE-2021-25957 In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using ... | 8.8 | HIGH | — | 0 |
| CVE-2020-28846 Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-32829 ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters, managing resources of compute, storage, and networking all by APIs. Affected versions of ZStack REST AP... | 9.6 | CRITICAL | — | 0 |
| CVE-2021-3458 The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-3459 A privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell access and/or arbitrary privileged commands to be executed on the ad... | 6.8 | MEDIUM | — | 0 |
| CVE-2021-0582 In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges ne... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-3615 A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262... | 6.6 | MEDIUM | — | 0 |
| CVE-2021-3616 A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter firmware content and device configuration. This vulnerabilit... | 9.4 | CRITICAL | — | 0 |
| CVE-2021-3617 A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injection by setting a specially crafted network configuration. This vulnerability is the same as CNVD-2020... | 7.2 | HIGH | — | 0 |
| CVE-2021-3633 A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow privilege escalation. | 7.3 | HIGH | — | 0 |
| CVE-2020-15955 In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials... | 5.9 | MEDIUM | — | 0 |
| CVE-2020-29548 An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted ... | 8.1 | HIGH | — | 0 |
| CVE-2021-32830 The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has a command injection vulnerability. Clients of the @diez/generation library are unlikely to be aware... | 3.9 | LOW | — | 0 |
| CVE-2020-22937 A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-0519 In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges... | 7.8 | HIGH | — | 0 |
| CVE-2021-0573 In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... | 7.8 | HIGH | — | 0 |
| CVE-2021-0574 In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... | 7.8 | HIGH | — | 0 |
| CVE-2021-0576 In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti... | 7.8 | HIGH | — | 0 |
| CVE-2021-0578 In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges ne... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0591 In sendReplyIntentToReceiver of BluetoothPermissionActivity.java, there is a possible way to invoke privileged broadcast receivers due to a confused deputy. This could lead to local escalation of priv... | 7.3 | HIGH | — | 0 |
| CVE-2021-0593 In sendDevicePickedIntent of DevicePickerFragment.java, there is a possible way to invoke a privileged broadcast receiver due to a confused deputy. This could lead to local escalation of privilege wit... | 7.8 | HIGH | — | 0 |
| CVE-2021-0639 In multiple functions of libl3oemcrypto.cpp, there is a possible weakness in the existing obfuscation mechanism due to the way sensitive data is handled. This could lead to local information disclosur... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0640 In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges ne... | 7.8 | HIGH | — | 0 |
| CVE-2021-0645 In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in ext... | 7.8 | HIGH | — | 0 |
| CVE-2021-0646 In sqlite3_str_vappendf of sqlite3.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege if the user can also inject a printf in... | 7.8 | HIGH | — | 0 |
| CVE-2021-25263 Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files ... | 7.8 | HIGH | — | 0 |
| CVE-2021-29313 Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, | 6.1 | MEDIUM | — | 0 |
| CVE-2021-39240 An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It does not ensure that the scheme and path portions of a URI have the expected characters. For example, ... | 7.5 | HIGH | — | 0 |
| CVE-2021-39241 An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. An HTTP method name may contain a space followed by the name of a protected resource. ... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-39242 An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It can lead to a situation with an attacker-controlled HTTP Host header, because a mismatch between Host ... | 7.5 | HIGH | — | 0 |
| CVE-2020-13588 An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The heading_field_id parameter in ‘‘entities/fields’ page is vulnerable... | 8.8 | HIGH | — | 0 |
| CVE-2020-13589 An exploitable SQL injection vulnerability exists in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. The entities_id parameter in the 'entities/fields page (mulitple_edit o... | 8.8 | HIGH | — | 0 |
| CVE-2020-18164 SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.