CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2017-14451 An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequen... | 10.0 | CRITICAL | — | 0 |
| CVE-2017-2910 An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An att... | 8.8 | HIGH | — | 0 |
| CVE-2020-13493 A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflo... | 7.8 | HIGH | — | 0 |
| CVE-2020-13494 A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-13496 An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfTo... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-35513 A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if bo... | 4.9 | MEDIUM | — | 0 |
| CVE-2020-35576 A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metachar... | 8.8 | HIGH | — | 0 |
| CVE-2020-35753 The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, all... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-35843 FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x956e. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-35844 FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0xbe9c4. | 7.8 | HIGH | — | 0 |
| CVE-2020-35845 FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted image file) at FSViewer.exe+0x96cf. | 7.8 | HIGH | — | 0 |
| CVE-2020-35854 Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Body parameter. | 4.8 | MEDIUM | — | 0 |
| CVE-2020-36011 A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart Hospital Management System 3.1 allows a remote attacker to inject arbitrary code via the Name, Guardian Name, Email, Address, Rema... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-36199 TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-36200 TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated attacker to send an HTTP GET request to the crafted URLs. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-36201 An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 797... | 7.5 | HIGH | — | 0 |
| CVE-2020-36202 An issue was discovered in the async-h1 crate before 2.3.0 for Rust. Request smuggling can occur when used behind a reverse proxy. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-36203 An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption. | 4.7 | MEDIUM | — | 0 |
| CVE-2020-36204 An issue was discovered in the im crate through 2020-11-09 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur. | 4.7 | MEDIUM | — | 0 |
| CVE-2020-36219 An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption<T> implements Sync unconditionally, a data race can occur. | 5.9 | MEDIUM | — | 0 |
| CVE-2020-36220 An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur. | 5.9 | MEDIUM | — | 0 |
| CVE-2020-36221 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssue... | 7.5 | HIGH | — | 0 |
| CVE-2020-36222 A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2020-36223 A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). | 7.5 | HIGH | — | 0 |
| CVE-2020-36224 A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2020-36225 A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2020-36226 A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2020-36227 A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2020-36228 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2021-25864 node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file. | 7.5 | HIGH | — | 0 |
| CVE-2020-36229 A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2020-6779 Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with... | 10.0 | CRITICAL | — | 0 |
| CVE-2020-6780 Use of Password Hash With Insufficient Computational Effort in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows a remote attacker with admin privi... | 4.4 | MEDIUM | — | 0 |
| CVE-2020-8288 The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-8292 Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-8293 A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage wit... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-8295 A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user. | 7.5 | HIGH | — | 0 |
| CVE-2020-9492 In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. | 8.8 | HIGH | — | 0 |
| CVE-2021-21615 Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-21723 Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operati... | 7.5 | HIGH | — | 0 |
| CVE-2021-22697 A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which ... | 7.8 | HIGH | — | 0 |
| CVE-2021-22698 A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to ... | 7.8 | HIGH | — | 0 |
| CVE-2021-22871 Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php t... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-22872 Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in mod... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-22873 Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been availa... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-25863 Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account. | 8.8 | HIGH | — | 0 |
| CVE-2021-25900 An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-25901 An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-25902 An issue was discovered in the glsl-layout crate before 0.4.0 for Rust. When a panic occurs, map_array can perform a double drop. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.