Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-1592 A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulner... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-28070 Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=user&act=multidelete. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-37153 ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37154 In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37334 Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occu... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40145 gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to... | 7.5 | HIGH | β | 0 |
| CVE-2020-18116 A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection. | 8.8 | HIGH | β | 0 |
| CVE-2021-20793 Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and exec... | 7.8 | HIGH | β | 0 |
| CVE-2021-20808 Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Adv... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20809 Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movabl... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20810 Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Mova... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-14160 An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote URL to PDF conversion, which results in a remote attacker being able to read local files or fetch intranet resources. | 7.5 | HIGH | β | 0 |
| CVE-2021-20811 Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20812 Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20813 Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Typ... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20814 Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-20815 Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movabl... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-14161 It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-27944 Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not enforce access controls, allowing an unauthenticated threat actor to access privileged functionalit... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-38559 DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-3734 yourls is vulnerable to Improper Restriction of Rendered UI Layers or Frames | 8.8 | HIGH | β | 0 |
| CVE-2021-36352 Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Information Management 2.7 Alpha. The vulnerability has found POST requests in /modules/registration_admission/patient_register.php p... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-32076 Access Restriction Bypass via referrer spoof was discovered in SolarWinds Web Help Desk 12.7.2. An attacker can access the 'Web Help Desk Getting Started Wizard', especially the admin account creation... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-40147 EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18468 Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP requ... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-18469 Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary ... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-18470 Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or ... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-18475 Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-18476 SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field. | 8.8 | HIGH | β | 0 |
| CVE-2020-18477 SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. | 8.8 | HIGH | β | 0 |
| CVE-2021-30590 Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-1809 A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS... | 7.5 | HIGH | β | 0 |
| CVE-2021-30591 Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-30592 Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a craft... | 8.8 | HIGH | β | 0 |
| CVE-2021-30593 Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted ... | 8.1 | HIGH | β | 0 |
| CVE-2021-30594 Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | 6.8 | MEDIUM | β | 0 |
| CVE-2021-30596 Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-30597 Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device. | 6.8 | MEDIUM | β | 0 |
| CVE-2021-30598 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-30599 Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-30600 Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-30601 Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted ... | 8.8 | HIGH | β | 0 |
| CVE-2021-30602 Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-30603 Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 7.5 | HIGH | β | 0 |
| CVE-2021-30604 Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-36928 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 6.0 | MEDIUM | β | 0 |
| CVE-2021-36929 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 6.3 | MEDIUM | β | 0 |
| CVE-2021-36931 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 4.4 | MEDIUM | β | 0 |
| CVE-2021-29487 octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of ... | 7.4 | HIGH | β | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.