Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-18976 Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-e... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-39136 baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the ma... | 8.7 | HIGH | β | 0 |
| CVE-2021-39160 nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the... | 9.6 | CRITICAL | β | 0 |
| CVE-2021-1523 A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause a queue wedge on a leaf switch, whi... | 8.6 | HIGH | β | 0 |
| CVE-2021-21778 A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automation GmbH lib60870.NET 2.2.0. A specially crafted network request can lead to loss of communications. ... | 7.5 | HIGH | β | 0 |
| CVE-2021-21834 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the... | 8.8 | HIGH | β | 0 |
| CVE-2021-21835 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the... | 8.8 | HIGH | β | 0 |
| CVE-2021-21836 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the βcttsβ ... | 8.8 | HIGH | β | 0 |
| CVE-2020-19705 thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-21840 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process a... | 8.8 | HIGH | β | 0 |
| CVE-2021-21841 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an a... | 8.8 | HIGH | β | 0 |
| CVE-2021-21842 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an inte... | 8.8 | HIGH | β | 0 |
| CVE-2021-21848 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for ato... | 8.8 | HIGH | β | 0 |
| CVE-2020-19709 Insufficient filtering of the tag parameters in feehicms 0.1.3 allows attackers to execute arbitrary web or HTML via a crafted payload. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-19821 A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter. | 8.8 | HIGH | β | 0 |
| CVE-2021-21849 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an inte... | 8.8 | HIGH | β | 0 |
| CVE-2021-21850 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an inte... | 8.8 | HIGH | β | 0 |
| CVE-2021-21869 An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file ... | 7.8 | HIGH | β | 0 |
| CVE-2021-22236 Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is present in GitLab CE/EE since version 14.1. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-22237 Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This vulnerability is present in GitLab CE/EE versions befor... | 6.6 | MEDIUM | β | 0 |
| CVE-2025-53266 Missing Authorization vulnerability in EdwardBock Cron Logger cron-logger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cron Logger: from n/a through <= 1.... | N/A | NONE | β | 0 |
| CVE-2021-22242 Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | 8.7 | HIGH | β | 0 |
| CVE-2021-22243 Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to use an invite URL meant for another email address to gain access into a group. | 5.0 | MEDIUM | β | 0 |
| CVE-2021-22244 Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data | 3.1 | LOW | β | 0 |
| CVE-2021-22245 Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to make several pages in a project impossible to view | 2.7 | LOW | β | 0 |
| CVE-2021-22247 Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private projects to view CI/CD analytics | 4.3 | MEDIUM | β | 0 |
| CVE-2021-22250 Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and delete impersonation tokens that administrators created for their account | 5.4 | MEDIUM | β | 0 |
| CVE-2021-22256 Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to create issues for Sentry errors and track their status | 5.4 | MEDIUM | β | 0 |
| CVE-2021-31989 A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memo... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-32975 Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerabilit... | 7.8 | HIGH | β | 0 |
| CVE-2021-32995 Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerabili... | 7.8 | HIGH | β | 0 |
| CVE-2021-33015 Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker co... | 7.8 | HIGH | β | 0 |
| CVE-2021-39159 BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerabil... | 9.6 | CRITICAL | β | 0 |
| CVE-2021-3605 There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-3713 An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in versions prior to 6.2.0-rc0. The device uses the guest supplied stream number unchecked, which can lead... | 7.4 | HIGH | β | 0 |
| CVE-2020-18065 Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-1577 A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an unauthenticated... | 9.1 | CRITICAL | β | 0 |
| CVE-2021-1578 A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, ... | 8.8 | HIGH | β | 0 |
| CVE-2021-1579 A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, ... | 8.1 | HIGH | β | 0 |
| CVE-2021-1580 Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection o... | 6.5 | MEDIUM | β | 0 |
| CVE-2020-19822 A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | 7.2 | HIGH | β | 0 |
| CVE-2021-1581 Multiple vulnerabilities in the web UI and API endpoints of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow a remote attacker to perform a command injection o... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-1582 A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting at... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-1583 A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local ... | 4.4 | MEDIUM | β | 0 |
| CVE-2021-1584 A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to elevate privileges on an affected device. Th... | 6.0 | MEDIUM | β | 0 |
| CVE-2021-1586 A vulnerability in the Multi-Pod or Multi-Site network configurations for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remot... | 8.6 | HIGH | β | 0 |
| CVE-2021-1587 A vulnerability in the VXLAN Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software, known as NGOAM, could allow an unauthenticated, remote attacker to cause a denial of serv... | 8.6 | HIGH | β | 0 |
| CVE-2021-1588 A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) conditio... | 8.6 | HIGH | β | 0 |
| CVE-2021-1590 A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, c... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.