Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-36192 An issue was discovered in the Source Integration plugin before 2.4.1 for MantisBT. An attacker can gain access to the Summary field of private Issues (either marked as Private, or part of a private P... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-25176 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, ... | 7.8 | HIGH | — | 0 |
| CVE-2021-25177 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, pote... | 7.8 | HIGH | — | 0 |
| CVE-2021-25178 An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. Th... | 7.8 | HIGH | — | 0 |
| CVE-2020-28473 The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), t... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-7343 Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The p... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-29450 Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload featur... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-20619 Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-3178 fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLU... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-22850 HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-22851 HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-22852 HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data. | 8.8 | HIGH | — | 0 |
| CVE-2020-28472 This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSh... | 7.3 | HIGH | — | 0 |
| CVE-2020-28477 This affects all versions of package immer. | 7.5 | HIGH | — | 0 |
| CVE-2020-28478 This affects the package gsap before 3.6.0. | 7.5 | HIGH | — | 0 |
| CVE-2020-20950 Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack t... | 5.9 | MEDIUM | — | 0 |
| CVE-2020-23522 Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter. | 6.8 | MEDIUM | — | 0 |
| CVE-2020-23342 A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. | 8.8 | HIGH | — | 0 |
| CVE-2020-35128 Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an e... | 9.0 | CRITICAL | — | 0 |
| CVE-2020-35129 Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could ... | 9.0 | CRITICAL | — | 0 |
| CVE-2020-28479 The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. | 5.9 | MEDIUM | — | 0 |
| CVE-2020-28480 The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the objec... | 7.3 | HIGH | — | 0 |
| CVE-2020-28481 The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-28482 This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token w... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-3181 rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-3182 D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | 8.0 | HIGH | — | 0 |
| CVE-2021-3183 Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access after a logout and a removal of a login profile. | 7.5 | HIGH | — | 0 |
| CVE-2020-27733 Zoho ManageEngine Applications Manager before 14 build 14880 allows an authenticated SQL Injection via a crafted Alarmview request. | 8.8 | HIGH | — | 0 |
| CVE-2020-4871 IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-4873 IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-4881 IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted r... | 7.5 | HIGH | — | 0 |
| CVE-2021-22498 XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and ear... | 8.1 | HIGH | — | 0 |
| CVE-2021-25323 The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. | 9.1 | CRITICAL | — | 0 |
| CVE-2021-25324 MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-25325 MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-3184 MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-27270 SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in tran... | 5.7 | MEDIUM | — | 0 |
| CVE-2021-2103 Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily ex... | 8.2 | HIGH | — | 0 |
| CVE-2021-2104 Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily ex... | 8.2 | HIGH | — | 0 |
| CVE-2021-2105 Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easi... | 8.2 | HIGH | — | 0 |
| CVE-2021-2106 Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easi... | 8.2 | HIGH | — | 0 |
| CVE-2021-2107 Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easi... | 8.2 | HIGH | — | 0 |
| CVE-2021-2108 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability all... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-2109 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1... | 7.2 | HIGH | — | 0 |
| CVE-2021-2110 Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Letters). The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows l... | 5.0 | MEDIUM | — | 0 |
| CVE-2021-2111 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high pr... | 6.0 | MEDIUM | — | 0 |
| CVE-2021-2112 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high pr... | 6.0 | MEDIUM | — | 0 |
| CVE-2021-2113 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: On Demand Billing). Supported versions that are affected are... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-2114 Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Applications Calendar). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.1... | 8.2 | HIGH | — | 0 |
| CVE-2021-2115 Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploi... | 7.6 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.