Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-23135 Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-22155 An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to pote... | 8.8 | HIGH | β | 0 |
| CVE-2020-19466 An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 1 . | 5.5 | MEDIUM | β | 0 |
| CVE-2020-36197 An improper access control vulnerability has been reported to affect earlier versions of Music Station. If exploited, this vulnerability allows attackers to compromise the security of the software by ... | 7.1 | HIGH | β | 0 |
| CVE-2020-36198 A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue af... | 6.7 | MEDIUM | β | 0 |
| CVE-2021-31215 SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishan... | 8.8 | HIGH | β | 0 |
| CVE-2021-20331 Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain se... | 4.2 | MEDIUM | β | 0 |
| CVE-2021-20250 A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vuln... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-22152 A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-22153 A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause... | 7.3 | HIGH | β | 0 |
| CVE-2021-22154 An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially gai... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-12967 The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the ... | 7.2 | HIGH | β | 0 |
| CVE-2021-20988 In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. This may lead to a denial of service of the affected device. | 8.6 | HIGH | β | 0 |
| CVE-2021-26311 In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead t... | 7.2 | HIGH | β | 0 |
| CVE-2021-25694 Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. An attacker could replace the .dll and redirect pixels elsewhere. | 7.8 | HIGH | β | 0 |
| CVE-2020-12526 TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics UA Server in versions up to 3.1.0.1 from Beckhoff Automation GmbH & Co. KG are vulnerable to denial of service attacks. The attacke... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-14354 A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service th... | 3.3 | LOW | β | 0 |
| CVE-2020-27824 A flaw was found in OpenJPEGβs encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-20993 In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-20994 In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. | 8.8 | HIGH | β | 0 |
| CVE-2021-20995 In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-20996 In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-20997 In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. | 7.5 | HIGH | β | 0 |
| CVE-2021-20998 In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-20999 In WeidmΓΌller u-controls and IoT-Gateways in versions up to 1.12.1 a network port intended only for device-internal usage is accidentally accessible via external network interfaces. By exploiting this... | 9.4 | CRITICAL | β | 0 |
| CVE-2021-25693 An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference. | 7.5 | HIGH | β | 0 |
| CVE-2020-20092 File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-21342 Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. | 7.5 | HIGH | β | 0 |
| CVE-2020-25713 A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-22139 Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-27823 A flaw was found in OpenJPEGβs encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to con... | 7.8 | HIGH | β | 0 |
| CVE-2020-27830 A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr de... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-28063 A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20025 SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. An attacker could exploit this transitional/temp... | 7.8 | HIGH | β | 0 |
| CVE-2021-3528 A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. An attacker with access to the lo... | 8.8 | HIGH | β | 0 |
| CVE-2021-20181 A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. This flaw allows a malicious 9p client to cause a use-after-free error, potentially escalating thei... | 7.5 | HIGH | β | 0 |
| CVE-2021-20221 An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing a... | 6.0 | MEDIUM | β | 0 |
| CVE-2021-20535 IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, p... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-21424 Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling dep... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-32917 An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use o... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-21831 A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637. | 8.8 | HIGH | β | 0 |
| CVE-2021-32918 An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3... | 7.5 | HIGH | β | 0 |
| CVE-2021-32919 An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not cor... | 7.5 | HIGH | β | 0 |
| CVE-2021-32920 Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. | 7.5 | HIGH | β | 0 |
| CVE-2021-32921 An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a ... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-22140 Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website... | 7.5 | HIGH | β | 0 |
| CVE-2021-29623 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earli... | 3.6 | LOW | β | 0 |
| CVE-2021-22135 Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The sugg... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-22136 In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the xpack.security.session.idleTimeout setting is not being respected. This was caused by background poll... | 3.5 | LOW | β | 0 |
| CVE-2021-22137 In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Search queries do not properly preserve security permissions when... | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.