Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-29727 IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-29772 IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-29801 IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977. | 7.8 | HIGH | β | 0 |
| CVE-2021-29862 IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-37715 A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platfo... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-39161 Discourse is an open source platform for community discussion. In affected versions category names can be used for Cross-site scripting(XSS) attacks. This is mitigated by Discourse's default Content S... | 4.4 | MEDIUM | β | 0 |
| CVE-2021-39165 Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize ... | 8.1 | HIGH | β | 0 |
| CVE-2020-20675 Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoodsListByConditions/. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39167 OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details abou... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-28695 IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables t... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-39168 OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details abou... | 10.0 | CRITICAL | β | 0 |
| CVE-2021-40142 In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location ... | 7.5 | HIGH | β | 0 |
| CVE-2021-35342 The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT t... | 7.5 | HIGH | β | 0 |
| CVE-2021-39169 Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site... | 8.0 | HIGH | β | 0 |
| CVE-2021-28696 IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables t... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-40153 squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not valid... | 8.1 | HIGH | β | 0 |
| CVE-2021-29744 IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-36530 ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary. | 8.8 | HIGH | β | 0 |
| CVE-2021-36531 ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. | 8.8 | HIGH | β | 0 |
| CVE-2021-23434 This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular,... | 5.6 | MEDIUM | β | 0 |
| CVE-2020-23226 Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admi... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-32758 OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The l... | 7.2 | HIGH | β | 0 |
| CVE-2020-18998 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/custom/blog-plugin/add'. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-18999 Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers to execute arbitrary code via the component '/admin/submit-articles'. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-19000 Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary code via line 54 of the component 'simiki/blob/master/simiki/generators.py'. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-19001 Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-19002 Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than C... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-28233 Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c. | 8.8 | HIGH | β | 0 |
| CVE-2021-28694 IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables t... | 6.8 | MEDIUM | β | 0 |
| CVE-2021-28697 grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a g... | 7.8 | HIGH | β | 0 |
| CVE-2021-28698 long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-28699 inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a resul... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-28700 xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set... | 4.9 | MEDIUM | β | 0 |
| CVE-2021-3264 SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. | 7.2 | HIGH | β | 0 |
| CVE-2021-32759 OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload a... | 7.2 | HIGH | β | 0 |
| CVE-2021-39171 Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Prior to version 3.1.0, a malicious SAML payload can require transforms that consume significant s... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-39172 Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition ... | 8.8 | HIGH | β | 0 |
| CVE-2021-39173 Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arb... | 8.8 | HIGH | β | 0 |
| CVE-2021-40175 Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-39174 Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv fi... | 8.8 | HIGH | β | 0 |
| CVE-2021-38154 Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address s... | 7.5 | HIGH | β | 0 |
| CVE-2021-40172 Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings. | 8.8 | HIGH | β | 0 |
| CVE-2021-40173 Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy settings. | 8.8 | HIGH | β | 0 |
| CVE-2021-40174 Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security settings. | 8.8 | HIGH | β | 0 |
| CVE-2021-40176 Zoho ManageEngine Log360 before Build 5225 allows stored XSS. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-40177 Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-40178 Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings. | 6.1 | MEDIUM | β | 0 |
| CVE-2021-37749 MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-36359 OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFo... | 8.8 | HIGH | β | 0 |
| CVE-2021-33699 Task Hijacking is a vulnerability that affects the applications running on Android devices due to a misconfiguration in their AndroidManifest.xml with their Task Control features. This allows an unaut... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.