Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-24896 The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting at... | 4.8 | MEDIUM | β | 0 |
| CVE-2021-24922 The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings, and did not sanitise as well as escape some of them, which could allow attacker to make a logged in admin... | 9.0 | CRITICAL | β | 0 |
| CVE-2021-24925 The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the current_month_divider parameter of its mec_list_load_more AJAX call (available to both unauthenticated an... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-24932 The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.3 does not sanitise and escape the post_id parameter before outputting back in an admin page within a JS block, leading to a R... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-24945 The Like Button Rating β₯ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such ... | 8.0 | HIGH | β | 0 |
| CVE-2021-24946 The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to u... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24951 The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Inje... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-24954 The User Registration, Login Form, User Profile & Membership WordPress plugin before 3.2.3 does not sanitise and escape the ppress_cc_data parameter before outputting it back in an attribute of an adm... | 6.1 | MEDIUM | β | 0 |
| CVE-2021-41871 An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into the username field makes it possible to place a stored XSS payload. This is executed if an administrator ... | 5.4 | MEDIUM | β | 0 |
| CVE-2021-4078 Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | β | 0 |
| CVE-2021-4079 Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. | 8.8 | HIGH | β | 0 |
| CVE-2021-20049 A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1... | 7.5 | HIGH | β | 0 |
| CVE-2021-20050 An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. | 7.5 | HIGH | β | 0 |
| CVE-2021-45462 In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. | 7.5 | HIGH | β | 0 |
| CVE-2021-4144 TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. | 8.8 | HIGH | β | 0 |
| CVE-2022-21960 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 | MEDIUM | β | 0 |
| CVE-2021-44548 An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to anothe... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-44273 e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2gua... | 7.4 | HIGH | β | 0 |
| CVE-2021-44599 The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function ... | 7.5 | HIGH | β | 0 |
| CVE-2021-44526 Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. | 9.8 | CRITICAL | β | 0 |
| CVE-2021-23175 NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user inter... | 8.2 | HIGH | β | 0 |
| CVE-2017-13909 An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCl... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-43849 cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklas... | 6.2 | MEDIUM | β | 0 |
| CVE-2021-43854 NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulne... | 7.5 | HIGH | β | 0 |
| CVE-2021-4118 pytorch-lightning is vulnerable to Deserialization of Untrusted Data | 7.8 | HIGH | β | 0 |
| CVE-2021-40160 PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code. | 7.8 | HIGH | β | 0 |
| CVE-2021-40161 A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. | 7.8 | HIGH | β | 0 |
| CVE-2021-45469 In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. | 7.8 | HIGH | β | 0 |
| CVE-2017-13892 An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sie... | 7.5 | HIGH | β | 0 |
| CVE-2017-13905 A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capit... | 8.1 | HIGH | β | 0 |
| CVE-2017-13906 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS... | 7.8 | HIGH | β | 0 |
| CVE-2017-13907 A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The s... | 6.8 | MEDIUM | β | 0 |
| CVE-2017-13908 An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan... | 7.8 | HIGH | β | 0 |
| CVE-2017-2488 A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in A... | 7.5 | HIGH | β | 0 |
| CVE-2018-4302 A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing malici... | 7.8 | HIGH | β | 0 |
| CVE-2018-4478 A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical ... | 6.8 | MEDIUM | β | 0 |
| CVE-2019-8643 CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management.. | 9.8 | CRITICAL | β | 0 |
| CVE-2019-8702 This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user m... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-8703 This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-3886 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious ... | 7.8 | HIGH | β | 0 |
| CVE-2020-3896 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-20318 The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using ... | 7.2 | HIGH | β | 0 |
| CVE-2021-22657 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-23198 mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. | 10.0 | CRITICAL | β | 0 |
| CVE-2021-27006 StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings i... | 4.4 | MEDIUM | β | 0 |
| CVE-2022-21961 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability | 6.8 | MEDIUM | β | 0 |
| CVE-2021-27007 NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote De... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-30767 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. ... | 5.5 | MEDIUM | β | 0 |
| CVE-2021-35243 The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload dat... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-3584 A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injectio... | 7.2 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.