Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2021-1624 A vulnerability in the Rate Limiting Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause high CPU utilization in the Cisco Quant... | 8.6 | HIGH | — | 0 |
| CVE-2021-1625 A vulnerability in the Zone-Based Policy Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent the Zone-Based Policy Firewall from correctly classifying ... | 5.8 | MEDIUM | — | 0 |
| CVE-2021-34696 A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL... | 5.8 | MEDIUM | — | 0 |
| CVE-2021-34697 A vulnerability in the Protection Against Distributed Denial of Service Attacks feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct denial of service (DoS) atta... | 5.8 | MEDIUM | — | 0 |
| CVE-2021-34699 A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause an affected device to reload. This vulnerability is due to an i... | 7.7 | HIGH | — | 0 |
| CVE-2021-34712 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected s... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-34714 A vulnerability in the Unidirectional Link Detection (UDLD) feature of Cisco FXOS Software, Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an un... | 7.4 | HIGH | — | 0 |
| CVE-2021-34723 A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affe... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-34724 A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root use... | 6.0 | MEDIUM | — | 0 |
| CVE-2021-34725 A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operati... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-32963 Null pointer dereference in SuiteLink server while processing commands 0x03/0x10 | 7.5 | HIGH | — | 0 |
| CVE-2021-34726 A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating syst... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-34727 A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to in... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-34729 A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on an affected ... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-34740 A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device... | 7.4 | HIGH | — | 0 |
| CVE-2021-34768 Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow... | 8.6 | HIGH | — | 0 |
| CVE-2021-33035 Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checke... | 7.8 | HIGH | — | 0 |
| CVE-2021-21993 The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in vCenter Server Content Library. An authorised user with access to content library ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-22006 The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue... | 7.5 | HIGH | — | 0 |
| CVE-2021-22007 The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sens... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-22008 The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue by sending... | 7.5 | HIGH | — | 0 |
| CVE-2021-32971 Null pointer dereference in SuiteLink server while processing command 0x07 | 7.5 | HIGH | — | 0 |
| CVE-2021-22009 The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service. A malicious actor with network access to port 443 on vCenter Server may exploit these issues to cr... | 7.5 | HIGH | — | 0 |
| CVE-2021-22010 The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to create a denial of service ... | 7.5 | HIGH | — | 0 |
| CVE-2021-22011 vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to p... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-22012 The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit ... | 7.5 | HIGH | — | 0 |
| CVE-2021-22013 The vCenter Server contains a file path traversal vulnerability leading to information disclosure in the appliance management API. A malicious actor with network access to port 443 on vCenter Server m... | 7.5 | HIGH | — | 0 |
| CVE-2021-32979 Null pointer dereference in SuiteLink server while processing commands 0x04/0x0a | 7.5 | HIGH | — | 0 |
| CVE-2021-22014 The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance Management Infrastructure). An authenticated VAMI user with network access to port 5480 on vCenter ... | 7.2 | HIGH | — | 0 |
| CVE-2021-22015 The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and directories. An authenticated local user with non-administrative privilege may ... | 7.8 | HIGH | — | 0 |
| CVE-2021-22016 The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim int... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-22018 The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle Manager plug-in. A malicious actor with network access to port 9087 on vCenter Server may exploit th... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-22019 The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malicious actor with network access to port 5480 on vCenter Server may exploit this issue by sending a sp... | 7.5 | HIGH | — | 0 |
| CVE-2021-32987 Null pointer dereference in SuiteLink server while processing command 0x0b | 7.5 | HIGH | — | 0 |
| CVE-2021-22020 The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter S... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-22948 Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be a... | 7.1 | HIGH | — | 0 |
| CVE-2021-22949 A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security CMS Research... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-22950 Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team" | 6.5 | MEDIUM | — | 0 |
| CVE-2021-22952 A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network... | 8.8 | HIGH | — | 0 |
| CVE-2021-22953 A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team" | 5.4 | MEDIUM | — | 0 |
| CVE-2025-22797 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oğulcan Özügenç Gallery and Lightbox allows Stored XSS.This issue affects Gallery and Lightbox: fr... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-32999 Improper handling of exceptional conditions in SuiteLink server while processing command 0x01 | 7.5 | HIGH | — | 0 |
| CVE-2021-21913 An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-3040 1.13B03. A specially-crafted network request can lead to command execution. An attacker can conne... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-26750 DLL hijacking in Panda Agent <=1.16.11 in Panda Security, S.L.U. Panda Adaptive Defense 360 <= 8.0.17 allows attacker to escalate privileges via maliciously crafted DLL file. | 7.8 | HIGH | — | 0 |
| CVE-2021-36872 Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type]. | 5.5 | MEDIUM | — | 0 |
| CVE-2021-3824 OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-41381 Payara Micro Community 5.2021.6 and below allows Directory Traversal. | 7.5 | HIGH | — | 0 |
| CVE-2020-4690 IBM Security Guardium 11.3 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-4803 IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | 3.3 | LOW | — | 0 |
| CVE-2020-4805 IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189539. | 3.3 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.