Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-25924 In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a mal... | 8.8 | HIGH | β | 0 |
| CVE-2021-3447 A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-19613 Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function in ImagesService.java in sunkaifei FlyCMS version 20190503. | 7.5 | HIGH | β | 0 |
| CVE-2020-19616 Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-21982 VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMwar... | 9.1 | CRITICAL | β | 0 |
| CVE-2021-26072 The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind Server-Side... | 4.3 | MEDIUM | β | 0 |
| CVE-2021-26580 A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following soft... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-26581 A potential security vulnerability has been identified in HPE Superdome Flex server. A denial of service attack can be remotely exploited leaving hung connections to the BMC web interface. The monarch... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-26718 KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-27653 Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. | 6.6 | MEDIUM | β | 0 |
| CVE-2020-19618 Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-28969 eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. According to the vendor, the issu... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-28970 eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. Accordin... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-29421 models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. | 7.5 | HIGH | β | 0 |
| CVE-2021-28047 Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fie... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-21416 django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-re... | 3.7 | LOW | β | 0 |
| CVE-2021-21420 vscode-stripe is an extension for Visual Studio Code. A vulnerability in Stripe for Visual Studio Code extension exists when it loads an untrusted source-code repository containing malicious settings.... | 7.5 | HIGH | β | 0 |
| CVE-2021-21421 node-etsy-client is a NodeJs Etsy ReST API Client. Applications that are using node-etsy-client and reporting client error to the end user will offer api key value too This is fixed in node-etsy-clien... | 8.1 | HIGH | β | 0 |
| CVE-2021-23921 An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements. | 9.1 | CRITICAL | β | 0 |
| CVE-2021-23922 An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-23923 An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. | 8.1 | HIGH | β | 0 |
| CVE-2021-23924 An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files. | 7.5 | HIGH | β | 0 |
| CVE-2021-23925 An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-30002 An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338... | 6.2 | MEDIUM | β | 0 |
| CVE-2020-19720 An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS). | 6.5 | MEDIUM | β | 0 |
| CVE-2021-30003 An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-30004 In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-30000 An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-22696 CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)).... | 7.5 | HIGH | β | 0 |
| CVE-2021-25893 Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-28113 A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS... | 6.7 | MEDIUM | β | 0 |
| CVE-2021-25894 Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-29011 DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php). | 6.1 | MEDIUM | β | 0 |
| CVE-2021-29012 DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is lo... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-29651 Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). | 6.1 | MEDIUM | β | 0 |
| CVE-2021-29652 Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process | 6.1 | MEDIUM | β | 0 |
| CVE-2021-21400 wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the type... | 7.1 | HIGH | β | 0 |
| CVE-2021-28445 Windows Network File System Remote Code Execution Vulnerability | 8.1 | HIGH | β | 0 |
| CVE-2021-28446 Windows Portmapping Information Disclosure Vulnerability | 7.1 | HIGH | β | 0 |
| CVE-2021-28447 Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | 4.4 | MEDIUM | β | 0 |
| CVE-2021-28448 Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-28449 Microsoft Office Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-28450 Microsoft SharePoint Denial of Service Vulnerability | 5.0 | MEDIUM | β | 0 |
| CVE-2021-28451 Microsoft Excel Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-28452 Microsoft Outlook Memory Corruption Vulnerability | 7.1 | HIGH | β | 0 |
| CVE-2021-28453 Microsoft Word Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-28454 Microsoft Excel Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-28456 Microsoft Excel Information Disclosure Vulnerability | 5.5 | MEDIUM | β | 0 |
| CVE-2021-28457 Visual Studio Code Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-28458 Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.