Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2009-2137 Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112, allows context-dependent attackers to cause a denial of service (m... | N/A | NONE | β | 0 |
| CVE-2025-50125 A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthenticated remote code execution when the server is accessed via the network with knowledge of hidden URLs a... | N/A | NONE | β | 0 |
| CVE-2021-41106 JWT is a library to work with JSON Web Token and JSON Web Signature. Prior to versions 3.4.6, 4.0.4, and 4.1.5, users of HMAC-based algorithms (HS256, HS384, and HS512) combined with `Lcobucci\JWT\Sig... | 4.4 | MEDIUM | β | 0 |
| CVE-2021-40716 XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to b... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-33626 A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). Thi... | 7.8 | HIGH | β | 0 |
| CVE-2021-36051 XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires ... | 7.8 | HIGH | β | 0 |
| CVE-2021-41837 An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. Because of an Untrusted Pointer Dereference that causes SMM memory corruption, an attacker may be able to write... | 8.2 | HIGH | β | 0 |
| CVE-2009-2138 Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via (1) the returnto parameter to login.php or... | N/A | NONE | β | 0 |
| CVE-2009-2141 Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET 01-01-08 allow remote attackers to inject arbitrary web script or HTML via (1) the returnto parameter to makepoll.php, (2) the returnto... | N/A | NONE | β | 0 |
| CVE-2009-2142 Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters. | N/A | NONE | β | 0 |
| CVE-2009-2143 PHP remote file inclusion vulnerability in firestats-wordpress.php in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the fs_j... | N/A | NONE | β | 0 |
| CVE-2009-2144 SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2021-41838 An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary co... | 8.2 | HIGH | β | 0 |
| CVE-2009-2145 Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, an... | N/A | NONE | β | 0 |
| CVE-2009-2146 Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary co... | N/A | NONE | β | 0 |
| CVE-2009-2147 SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | N/A | NONE | β | 0 |
| CVE-2009-2148 SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter. | N/A | NONE | β | 0 |
| CVE-2024-27860 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory. | 5.5 | MEDIUM | β | 0 |
| CVE-2009-2149 Multiple cross-site scripting (XSS) vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the (1) courseid parameter to enrolments/step1.php, or the (... | N/A | NONE | β | 0 |
| CVE-2021-42260 TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service. | 7.5 | HIGH | β | 0 |
| CVE-2009-2150 Multiple cross-site request forgery (CSRF) vulnerabilities in Campus Virtual-LMS allow (1) remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via lo... | N/A | NONE | β | 0 |
| CVE-2009-2151 Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the newlang parameter. | N/A | NONE | β | 0 |
| CVE-2009-2152 SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action. | N/A | NONE | β | 0 |
| CVE-2009-2153 Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. | N/A | NONE | β | 0 |
| CVE-2024-27861 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An application may be able to read restricted memory. | 5.5 | MEDIUM | β | 0 |
| CVE-2009-2154 SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | N/A | NONE | β | 0 |
| CVE-2009-2155 Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the proven... | N/A | NONE | β | 0 |
| CVE-2021-40732 XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service i... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-33178 The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the... | 6.5 | MEDIUM | β | 0 |
| CVE-2009-2156 Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, relat... | N/A | NONE | β | 0 |
| CVE-2021-3872 vim is vulnerable to Heap-based Buffer Overflow | 7.8 | HIGH | β | 0 |
| CVE-2025-67973 Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Pho... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-41160 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected clien... | 5.3 | MEDIUM | β | 0 |
| CVE-2009-2157 Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ pa... | N/A | NONE | β | 0 |
| CVE-2021-41184 jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. Th... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-43400 An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. | 9.1 | CRITICAL | β | 0 |
| CVE-2025-26352 A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP r... | 6.5 | MEDIUM | β | 0 |
| CVE-2009-2158 account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. | 7.5 | HIGH | β | 0 |
| CVE-2009-2159 backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and ... | N/A | NONE | β | 0 |
| CVE-2009-2160 TorrentTrader Classic 1.09 allows remote attackers to (1) obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to (2) obt... | N/A | NONE | β | 0 |
| CVE-2009-2161 Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local... | N/A | NONE | β | 0 |
| CVE-2021-43299 Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size va... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22048 The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Se... | 8.8 | HIGH | β | 0 |
| CVE-2021-41229 BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-42374 An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format tha... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-42378 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | 7.2 | HIGH | β | 0 |
| CVE-2021-42379 A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | 7.2 | HIGH | β | 0 |
| CVE-2009-1201 Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attac... | N/A | NONE | β | 0 |
| CVE-2022-24764 PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the AP... | 7.5 | HIGH | β | 0 |
| CVE-2022-0996 A vulnerability was found in the 389 Directory Server that allows expired passwords to access the database to cause improper authentication. | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.