Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-28179 The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28180 The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As ... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28181 The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. ... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28182 The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the pri... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28183 The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. A... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28184 The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining th... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28185 The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28186 The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability.... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28187 The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obt... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28188 The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. ... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28189 The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28190 The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. A... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28191 The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged pe... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28192 The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As ob... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28193 The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28194 The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. ... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28195 The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileg... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28196 The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. A... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28197 The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining th... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28198 The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining t... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28199 The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. ... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28200 The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privil... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28201 The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privi... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28202 The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privi... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28203 The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injec... | 7.2 | HIGH | — | 0 |
| CVE-2021-28204 The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attacker... | 7.2 | HIGH | — | 0 |
| CVE-2021-28205 The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers ca... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28206 The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can us... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-30456 An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-28207 The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use th... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28208 The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use t... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-28209 The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can us... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-30144 The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-30149 Composr 10.0.36 allows upload and execution of PHP files. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-30151 Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-30154 An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-30157 An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-fil... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-30158 An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user mig... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-30457 An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25026 Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-36306 Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-36307 Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-36308 Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-30161 An issue was discovered on LG mobile devices with Android OS 11 software. Attackers can bypass the lockscreen protection mechanism after an incoming call has been terminated. The LG ID is LVE-SMP-2100... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-28173 The file upload function of Vangene deltaFlow E-platform does not perform access controlled properly. Remote attackers can upload and execute arbitrary files without login. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27089 Microsoft Internet Messaging API Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2021-27090 Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2021-27091 RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2021-27092 Azure AD Web Sign-in Security Feature Bypass Vulnerability | 6.8 | MEDIUM | — | 0 |
| CVE-2021-27093 Windows Kernel Information Disclosure Vulnerability | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.