Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-30992 This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Li... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-30993 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. An attacker in a privileged network p... | 8.1 | HIGH | β | 0 |
| CVE-2021-30994 An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs. | 3.3 | LOW | β | 0 |
| CVE-2021-30995 A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, w... | 7.0 | HIGH | β | 0 |
| CVE-2021-30996 A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with ke... | 7.0 | HIGH | β | 0 |
| CVE-2021-30997 A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker may be ab... | 7.5 | HIGH | β | 0 |
| CVE-2021-30998 A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's e... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-30999 The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be unable to fully delete browsing history. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-40086 An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can onl... | 2.2 | LOW | β | 0 |
| CVE-2021-31000 A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read se... | 3.3 | LOW | β | 0 |
| CVE-2021-31001 An access issue was addressed with improved access restrictions. This issue is fixed in iOS 15 and iPadOS 15. An attacker in a privileged network position may be able to leak sensitive user informatio... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-31002 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code wi... | 7.8 | HIGH | β | 0 |
| CVE-2021-31004 A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. | 7.0 | HIGH | β | 0 |
| CVE-2021-31005 Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, macOS Monterey 12.0.1. Turning off "Block all remote content" may not apply to all... | 7.5 | HIGH | β | 0 |
| CVE-2021-40087 An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were ... | 2.7 | LOW | β | 0 |
| CVE-2021-31006 Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privac... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-31007 Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-31008 A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously craf... | 8.8 | HIGH | β | 0 |
| CVE-2021-31009 Multiple issues were addressed by removing HDF5. This issue is fixed in iOS 15.2 and iPadOS 15.2, macOS Monterey 12.1. Multiple issues in HDF5. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-31013 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. Processing a maliciously crafted font may... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-39157 detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The pr... | 7.5 | HIGH | β | 0 |
| CVE-2021-39509 An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct the u... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39510 An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request parameter is used in the handler function of /goform/form2userconfig.cgi route, which can construct th... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18913 EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive ... | 7.5 | HIGH | β | 0 |
| CVE-2020-18917 The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | 8.8 | HIGH | β | 0 |
| CVE-2020-19547 Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php. | 6.5 | MEDIUM | β | 0 |
| CVE-2021-32777 Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the externa... | 8.6 | HIGH | β | 0 |
| CVE-2021-32778 Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoyβs procedure for resetting a HTTP/2 stream has O(N^2) complex... | 5.8 | MEDIUM | β | 0 |
| CVE-2021-32779 Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the... | 8.6 | HIGH | β | 0 |
| CVE-2021-32780 Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it rec... | 8.6 | HIGH | β | 0 |
| CVE-2021-32781 Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop furthe... | 8.6 | HIGH | β | 0 |
| CVE-2021-39155 Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. According to [RFC 4343... | 8.3 | HIGH | β | 0 |
| CVE-2021-39156 Istio is an open source platform for providing a uniform way to integrate microservices, manage traffic flow across microservices, enforce policies and aggregate telemetry data. Istio 1.11.0, 1.10.3 a... | 8.1 | HIGH | β | 0 |
| CVE-2021-40083 Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). | 7.5 | HIGH | β | 0 |
| CVE-2021-40084 opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysus... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40088 An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for re... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-40089 An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the S... | 2.3 | LOW | β | 0 |
| CVE-2021-39112 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affe... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-33882 A Missing Authentication for Critical Function vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to reconfigure the device from an unknown source because of lack of auth... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-33883 A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote attacker to obtain sensitive information by snooping on the network traffic. T... | 5.9 | MEDIUM | β | 0 |
| CVE-2020-19703 A cross-site scripting (XSS) vulnerability in the referer parameter of Dzzoffice 2.02 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-33884 An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the w... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-33885 An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used i... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-33886 An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external stri... | 8.1 | HIGH | β | 0 |
| CVE-2021-33605 Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow versions 1.2.0 prior to 2.0.0 (Vaadin 12.0.0 prior to 14.0.0), 2.0.0 prior to 3.0.0 (Vaadin 14.0.0 prior to 14.5.0), 3.0.0 through 4.... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-19704 A stored cross-site scripting (XSS) vulnerability via ResourceController.java in spring-boot-admin as of 20190710 allows attackers to execute arbitrary web scripts or HTML. | 5.4 | MEDIUM | β | 0 |
| CVE-2018-10790 The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by mp... | 7.5 | HIGH | β | 0 |
| CVE-2020-18971 Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'. | 5.5 | MEDIUM | β | 0 |
| CVE-2020-18972 Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.