Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-20509 IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file cont... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-37646 TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.raw_ops.StringNGrams` is vulnerable to an integer overflow issue caused by convert... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-38291 FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion failure at src/libavutil/mathematics.c. | 7.5 | HIGH | β | 0 |
| CVE-2021-38599 WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backu... | 7.5 | HIGH | β | 0 |
| CVE-2021-38606 reNgine through 0.5 relies on a predictable directory name. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-18445 Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2020-18446 Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php. | 4.8 | MEDIUM | β | 0 |
| CVE-2021-32808 ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allow... | 7.6 | HIGH | β | 0 |
| CVE-2021-32809 ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. Th... | 4.6 | MEDIUM | β | 0 |
| CVE-2020-18449 Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php | 5.4 | MEDIUM | β | 0 |
| CVE-2020-18451 Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. | 4.8 | MEDIUM | β | 0 |
| CVE-2020-18454 Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html. | 6.8 | MEDIUM | β | 0 |
| CVE-2020-18455 Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php. | 4.8 | MEDIUM | β | 0 |
| CVE-2020-18456 Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php. | 4.8 | MEDIUM | β | 0 |
| CVE-2020-18457 Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html. | 6.8 | MEDIUM | β | 0 |
| CVE-2021-26423 .NET Core and Visual Studio Denial of Service Vulnerability | 7.5 | HIGH | β | 0 |
| CVE-2021-26424 Windows TCP/IP Remote Code Execution Vulnerability | 9.9 | CRITICAL | β | 0 |
| CVE-2021-26425 Windows Event Tracing Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-26426 Windows User Account Profile Picture Elevation of Privilege Vulnerability | 7.0 | HIGH | β | 0 |
| CVE-2021-26428 Azure Sphere Information Disclosure Vulnerability | 4.4 | MEDIUM | β | 0 |
| CVE-2021-26429 Azure Sphere Elevation of Privilege Vulnerability | 7.7 | HIGH | β | 0 |
| CVE-2021-26430 Azure Sphere Denial of Service Vulnerability | 6.0 | MEDIUM | β | 0 |
| CVE-2021-26431 Windows Recovery Environment Agent Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-26432 Windows Services for NFS ONCRPC XDR Driver Remote Code Execution Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26433 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 | HIGH | β | 0 |
| CVE-2021-33762 Azure CycleCloud Elevation of Privilege Vulnerability | 7.0 | HIGH | β | 0 |
| CVE-2021-34471 Microsoft Windows Defender Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34478 Microsoft Office Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34480 Scripting Engine Memory Corruption Vulnerability | 6.8 | MEDIUM | β | 0 |
| CVE-2021-34483 Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34485 .NET Core and Visual Studio Information Disclosure Vulnerability | 5.0 | MEDIUM | β | 0 |
| CVE-2021-34524 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | 8.1 | HIGH | β | 0 |
| CVE-2021-34530 Windows Graphics Component Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2020-20988 A cross site scripting (XSS) vulnerability in the /domains/cost-by-owner.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "or Expi... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-34532 ASP.NET Core and Visual Studio Information Disclosure Vulnerability | 5.5 | MEDIUM | β | 0 |
| CVE-2021-34533 Windows Graphics Component Font Parsing Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-34534 Windows MSHTML Platform Remote Code Execution Vulnerability | 6.8 | MEDIUM | β | 0 |
| CVE-2021-34537 Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2020-20989 A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs. | 4.3 | MEDIUM | β | 0 |
| CVE-2021-36921 AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying... | 8.8 | HIGH | β | 0 |
| CVE-2021-36926 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 | HIGH | β | 0 |
| CVE-2021-36927 Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-36932 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 | HIGH | β | 0 |
| CVE-2020-20990 A cross site scripting (XSS) vulnerability in the /segments/edit.php component of Domainmod 4.13 allows attackers to execute arbitrary web scripts or HTML via the Segment Name parameter. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-36933 Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability | 7.5 | HIGH | β | 0 |
| CVE-2021-36936 Windows Print Spooler Remote Code Execution Vulnerability | 8.8 | HIGH | β | 0 |
| CVE-2021-36937 Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2021-36938 Windows Cryptographic Primitives Library Information Disclosure Vulnerability | 5.5 | MEDIUM | β | 0 |
| CVE-2021-36940 Microsoft SharePoint Server Spoofing Vulnerability | 7.6 | HIGH | β | 0 |
| CVE-2021-36946 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | 5.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.