Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-25231 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain informat... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25232 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25233 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain informat... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25234 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain informat... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25235 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configura... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25236 A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate onlin... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25237 An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25238 An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information abo... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25239 An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25240 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agen... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25241 A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents ... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25242 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version ... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25243 An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch le... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25245 An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-25246 An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user ... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-25248 An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attack... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-25249 An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local ... | 7.8 | HIGH | β | 0 |
| CVE-2020-10537 An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account. | 7.8 | HIGH | β | 0 |
| CVE-2020-11163 Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdrago... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-10539 An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash store... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18713 SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18714 SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18716 SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18717 SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-35765 doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | 8.8 | HIGH | β | 0 |
| CVE-2020-36241 autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's ... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-8806 Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block heade... | 7.5 | HIGH | β | 0 |
| CVE-2020-8807 In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an I... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-20623 Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20652 Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 8.8 | HIGH | β | 0 |
| CVE-2021-26708 A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The rac... | 7.0 | HIGH | β | 0 |
| CVE-2021-26710 A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-26711 A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl paramet... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-3311 An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.ph... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3333 Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if t... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-4832 IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969. | 5.5 | MEDIUM | β | 0 |
| CVE-2020-18737 An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-3258 Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-3382 Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. | 7.5 | HIGH | β | 0 |
| CVE-2021-26722 LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-24992 There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-10234 The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode p... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-18750 Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file. | 7.8 | HIGH | β | 0 |
| CVE-2020-9014 In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-10375 An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-10552 An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read a... | 8.1 | HIGH | β | 0 |
| CVE-2020-10553 An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lo... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-11177 User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna... | 8.8 | HIGH | β | 0 |
| CVE-2020-10554 An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in the database in an obfuscated format, which can be easily reverted. For example, the password AAAAAAA... | 7.5 | HIGH | β | 0 |
| CVE-2020-10857 Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.