Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-28141 An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attack... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28967 The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25043 ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-15522 Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about t... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-18442 Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". | 3.3 | LOW | β | 0 |
| CVE-2021-42390 Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-1134 A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitiv... | 7.4 | HIGH | β | 0 |
| CVE-2021-22145 A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query ... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-34535 Remote Desktop Client Remote Code Execution Vulnerability | 8.8 | HIGH | β | 0 |
| CVE-2021-36875 Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin β uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin β uListing: from n/a thr... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-34782 A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid ... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-40116 Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulne... | 8.6 | HIGH | β | 0 |
| CVE-2021-38665 Remote Desktop Protocol Client Information Disclosure Vulnerability | 7.4 | HIGH | β | 0 |
| CVE-2021-42717 ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate req... | 7.5 | HIGH | β | 0 |
| CVE-2022-23302 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service... | 8.8 | HIGH | β | 0 |
| CVE-2021-42391 Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-20630 A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sen... | 4.4 | MEDIUM | β | 0 |
| CVE-2022-26490 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | 7.8 | HIGH | β | 0 |
| CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability | 5.4 | MEDIUM | β | 0 |
| CVE-2021-42387 Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from t... | 8.1 | HIGH | β | 0 |
| CVE-2021-42388 Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from t... | 8.1 | HIGH | β | 0 |
| CVE-2021-43304 Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrar... | 8.8 | HIGH | β | 0 |
| CVE-2021-43305 Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrar... | 8.8 | HIGH | β | 0 |
| CVE-2022-28390 ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | 7.8 | HIGH | β | 0 |
| CVE-2021-40426 A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buf... | 8.8 | HIGH | β | 0 |
| CVE-2021-3643 A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensit... | 9.1 | CRITICAL | β | 0 |
| CVE-2022-36350 Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 5.4 | MEDIUM | β | 0 |
| CVE-2022-28463 ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. | 7.8 | HIGH | β | 0 |
| CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | 6.5 | MEDIUM | β | 0 |
| CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability | 8.8 | HIGH | β | 0 |
| CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability | 6.5 | MEDIUM | β | 0 |
| CVE-2022-29204 TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input a... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-31650 In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-31651 In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | 5.5 | MEDIUM | β | 0 |
| CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2022-30176 Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2022-30194 Windows WebBrowser Control Remote Code Execution Vulnerability | 7.5 | HIGH | β | 0 |
| CVE-2022-30197 Windows Kernel Information Disclosure Vulnerability | 5.5 | MEDIUM | β | 0 |
| CVE-2022-36263 StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. | 7.3 | HIGH | β | 0 |
| CVE-2020-35509 A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest thr... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-23159 A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an applic... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-23172 A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an applicatio... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-23210 A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-33844 A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. | 5.5 | MEDIUM | β | 0 |
| CVE-2024-20852 Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration. | 5.9 | MEDIUM | β | 0 |
| CVE-2022-3077 A buffer overflow vulnerability was found in the Linux kernel Intelβs iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with maliciou... | 5.5 | MEDIUM | β | 0 |
| CVE-2022-3586 A flaw was found in the Linux kernelβs networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (a... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-39077 IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215587. | 4.4 | MEDIUM | β | 0 |
| CVE-2022-44794 An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Management protocol has a flow which allows a remote attacker to execute arbitrary Bash code with root privileges. The command that ... | 8.8 | HIGH | β | 0 |
| CVE-2022-44795 An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the supp... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.