Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-24663 Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-24667 Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | 8.8 | HIGH | β | 0 |
| CVE-2020-24668 Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03. | 5.4 | MEDIUM | β | 0 |
| CVE-2020-24671 Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. | 8.8 | HIGH | β | 0 |
| CVE-2020-23311 There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_obje... | 7.5 | HIGH | β | 0 |
| CVE-2020-25467 A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows an attacker to cause a denial of service (DOS) via a crafted compressed file. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-23022 On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions w... | 7.8 | HIGH | β | 0 |
| CVE-2021-27345 A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-27347 Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-33031 In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized actions for users without access to user management in order to, after successful exploitation, gain access ... | 3.1 | LOW | β | 0 |
| CVE-2020-23312 There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0. | 7.5 | HIGH | β | 0 |
| CVE-2021-34546 An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-34557 XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authe... | 4.6 | MEDIUM | β | 0 |
| CVE-2021-20329 Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject ... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-31839 Improper privilege management vulnerability in McAfee Agent for Windows prior to 5.7.3 allows a local user to modify event information in the MA event folder. This allows a local user to either add fa... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-31840 A vulnerability in the preloading mechanism of specific dynamic link libraries in McAfee Agent for Windows prior to 5.7.3 could allow an authenticated, local attacker to perform a DLL preloading attac... | 7.3 | HIGH | β | 0 |
| CVE-2020-23302 There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0 | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23303 There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23319 There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backwa... | 7.5 | HIGH | β | 0 |
| CVE-2020-23320 There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0. | 7.5 | HIGH | β | 0 |
| CVE-2020-23321 There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-23322 There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript... | 7.5 | HIGH | β | 0 |
| CVE-2020-23323 There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26194 An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-26195 An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file. | 8.8 | HIGH | β | 0 |
| CVE-2021-26197 An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-26198 An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-26199 An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-23393 This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing ... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-25682 It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. | 8.8 | HIGH | β | 0 |
| CVE-2021-25683 It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. | 8.8 | HIGH | β | 0 |
| CVE-2021-28801 An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This i... | 3.1 | LOW | β | 0 |
| CVE-2021-28805 Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This is... | 7.8 | HIGH | β | 0 |
| CVE-2021-28814 An improper access control vulnerability has been reported to affect QNAP NAS. If exploited, this vulnerability allows remote attackers to compromise the security of the software. This issue affects: ... | 8.8 | HIGH | β | 0 |
| CVE-2021-33205 Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Nod... | 8.8 | HIGH | β | 0 |
| CVE-2021-34540 Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-3013 ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26997 E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-26993 E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial o... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-26995 E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary cod... | 8.8 | HIGH | β | 0 |
| CVE-2021-37441 NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | 8.8 | HIGH | β | 0 |
| CVE-2021-37442 NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-37443 NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | 8.1 | HIGH | β | 0 |
| CVE-2021-37444 NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows... | 8.8 | HIGH | β | 0 |
| CVE-2021-37445 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-37446 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-37447 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. | 8.1 | HIGH | β | 0 |
| CVE-2021-37448 Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). | 5.4 | MEDIUM | β | 0 |
| CVE-2021-37449 Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). | 5.4 | MEDIUM | β | 0 |
| CVE-2021-21440 Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS A... | 5.2 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.