Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-18730 A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | 7.5 | HIGH | β | 0 |
| CVE-2020-18731 A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC104 v1.0 allows attackers to cause a denial of service (DOS). | 7.5 | HIGH | β | 0 |
| CVE-2020-18734 A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | 7.5 | HIGH | β | 0 |
| CVE-2020-18735 A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash. | 7.5 | HIGH | β | 0 |
| CVE-2021-39599 Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-39609 Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-18771 Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. | 8.1 | HIGH | β | 0 |
| CVE-2020-18773 An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-18774 A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-18775 In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-18776 In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-18778 In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-39613 D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39614 D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash val... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39615 D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified has... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28596 Adobe Framemaker version 2020.0.1 (and earlier) and 2019.0.8 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could... | 7.8 | HIGH | β | 0 |
| CVE-2021-36013 Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability t... | 3.3 | LOW | β | 0 |
| CVE-2021-23406 This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. **NOTE:** The fix for this vulnerability is applied in the node-dege... | 8.1 | HIGH | β | 0 |
| CVE-2021-23429 All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-23430 All versions of package startserver are vulnerable to Directory Traversal due to missing sanitization. | 7.5 | HIGH | β | 0 |
| CVE-2021-23431 The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-23432 This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge() | 5.4 | MEDIUM | β | 0 |
| CVE-2021-33191 From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements an "agent-update" command which was designed to patch the application binary. This "patching" command defaults to calling a trusted... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36385 A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via a Fullwidth Apostrophe (aka U+FF07) in the default.aspx User ID ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38611 A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the fil... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38612 In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading function in maintenance/readLog.php allows an attacker to read any file via a specialized URL. | 7.5 | HIGH | β | 0 |
| CVE-2021-38613 The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to upload any code to the target system and achieve remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37538 Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a remote unauthenticated attacker to execute arbitrary SQL commands via the day, month, or year param... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38306 Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root access via OS command injection in the en/ajp/plugins/access.ssh/checkInstall.php destServer parame... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38556 includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injection. | 8.8 | HIGH | β | 0 |
| CVE-2021-38557 raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. The www-data account can execute /etc/raspap/hostapd/enablelog.sh as root with n... | 8.8 | HIGH | β | 0 |
| CVE-2021-39375 Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. | 8.8 | HIGH | β | 0 |
| CVE-2021-39376 Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. | 8.8 | HIGH | β | 0 |
| CVE-2021-38714 In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code execution. The vulnerability is found in ssgLoadTGA() function in src/ssg/ssgLoadTGA.cxx file. | 8.8 | HIGH | β | 0 |
| CVE-2021-26040 An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's permissions before executing a file deletion command. | 9.1 | CRITICAL | β | 0 |
| CVE-2021-30904 A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-3711 In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "ou... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-3712 ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C ... | 7.4 | HIGH | β | 0 |
| CVE-2021-39137 go-ethereum is the official Go implementation of the Ethereum protocol. In affected versions a consensus-vulnerability in go-ethereum (Geth) could cause a chain split, where vulnerable versions refuse... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-28551 Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds read vulnerability. An unauthenticated ... | 7.8 | HIGH | β | 0 |
| CVE-2021-28552 Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated atta... | 7.8 | HIGH | β | 0 |
| CVE-2021-28554 Acrobat Reader DC versions versions 2021.001.20155 (and earlier), 2020.001.30025 (and earlier) and 2017.011.30196 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated ... | 7.8 | HIGH | β | 0 |
| CVE-2021-28600 Adobe After Effects version 18.2 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability t... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-28601 Adobe After Effects version 18.2 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerabil... | 3.3 | LOW | β | 0 |
| CVE-2021-28602 Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to ... | 7.8 | HIGH | β | 0 |
| CVE-2021-28603 Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerab... | 7.8 | HIGH | β | 0 |
| CVE-2021-28604 Adobe After Effects version 18.2 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerab... | 7.8 | HIGH | β | 0 |
| CVE-2021-28605 Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to ... | 7.8 | HIGH | β | 0 |
| CVE-2021-28606 Adobe After Effects version 18.2 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnera... | N/A | NONE | β | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.