Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-18657 ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function. | 5.3 | MEDIUM | β | 0 |
| CVE-2019-10219 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-19790 Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server throug... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-15024 In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-29853 An authentication bypass vulnerability in Veeam Agent for Microsoft Windows allows for local privilege escalation. | N/A | NONE | β | 0 |
| CVE-2019-16535 In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-20208 dimC_Read in isomedia/box_code_3gpp.c in GPAC from 0.5.2 to 0.8.0 has a stack-based buffer overflow. | 5.5 | MEDIUM | β | 0 |
| CVE-2019-19886 Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service)... | 7.5 | HIGH | β | 0 |
| CVE-2019-20444 HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid... | 9.1 | CRITICAL | β | 0 |
| CVE-2019-15253 A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) at... | 4.8 | MEDIUM | β | 0 |
| CVE-2024-29213 Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | N/A | NONE | β | 0 |
| CVE-2013-2018 Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-19300 A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530... | 7.5 | HIGH | β | 0 |
| CVE-2020-1171 A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Exe... | 8.8 | HIGH | β | 0 |
| CVE-2020-1192 A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Executi... | 7.8 | HIGH | β | 0 |
| CVE-2020-3411 A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of auth... | 7.5 | HIGH | β | 0 |
| CVE-2020-3466 Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a use... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-42389 Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 6.5 | MEDIUM | β | 0 |
| CVE-2020-15598 Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there... | 7.5 | HIGH | β | 0 |
| CVE-2020-26939 In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inpu... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-28095 On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change password API will trigger the router to crash and enter an infinite boot loop. | 7.5 | HIGH | β | 0 |
| CVE-2021-1669 Windows Remote Desktop Security Feature Bypass Vulnerability | 8.8 | HIGH | β | 0 |
| CVE-2021-1130 A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the in... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-1257 A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate a... | 8.8 | HIGH | β | 0 |
| CVE-2021-1264 A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input valid... | 9.6 | CRITICAL | β | 0 |
| CVE-2021-1265 A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of manag... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-1303 A vulnerability in the user management roles of Cisco DNA Center could allow an authenticated, remote attacker to execute unauthorized commands on an affected device. The vulnerability is due to impro... | 8.8 | HIGH | β | 0 |
| CVE-2021-3186 A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 version V15.03.06.47_multi allows remote attackers to inject arbitrary web script or HTML via the Wifi... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-26700 Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-28141 An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attack... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-28967 The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace because of lint configuration settings. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25043 ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header. | 5.3 | MEDIUM | β | 0 |
| CVE-2020-15522 Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about t... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-18442 Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file". | 3.3 | LOW | β | 0 |
| CVE-2021-42390 Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-1134 A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitiv... | 7.4 | HIGH | β | 0 |
| CVE-2021-22145 A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query ... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-34535 Remote Desktop Client Remote Code Execution Vulnerability | 8.8 | HIGH | β | 0 |
| CVE-2021-36875 Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin β uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin β uListing: from n/a thr... | 5.9 | MEDIUM | β | 0 |
| CVE-2021-34782 A vulnerability in the API endpoints for Cisco DNA Center could allow an authenticated, remote attacker to gain access to sensitive information that should be restricted. The attacker must have valid ... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-40116 Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulne... | 8.6 | HIGH | β | 0 |
| CVE-2021-38665 Remote Desktop Protocol Client Information Disclosure Vulnerability | 7.4 | HIGH | β | 0 |
| CVE-2021-42717 ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate req... | 7.5 | HIGH | β | 0 |
| CVE-2022-23302 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service... | 8.8 | HIGH | β | 0 |
| CVE-2021-42391 Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 6.5 | MEDIUM | β | 0 |
| CVE-2022-20630 A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sen... | 4.4 | MEDIUM | β | 0 |
| CVE-2022-26490 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | 7.8 | HIGH | β | 0 |
| CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability | 5.4 | MEDIUM | β | 0 |
| CVE-2021-42387 Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from t... | 8.1 | HIGH | β | 0 |
| CVE-2021-42388 Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from t... | 8.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.