Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2021-3246 A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. | 8.8 | HIGH | — | 0 |
| CVE-2021-32669 TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settin... | 6.4 | MEDIUM | — | 0 |
| CVE-2021-32767 TYPO3 is an open source PHP based web content management system. In versions 9.0.0 through 9.5.27, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0, user credentials may been logged as plain-text. Th... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-20478 IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497. | 3.3 | LOW | — | 0 |
| CVE-2021-32763 OpenProject is open-source, web-based project management software. In versions prior to 11.3.3, the `MessagesController` class of OpenProject has a `quote` method that implements the logic behind the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-25205 The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-25206 The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to ... | 7.2 | HIGH | — | 0 |
| CVE-2021-33909 fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by... | 7.8 | HIGH | — | 0 |
| CVE-2020-23284 Information disclosure in aspx pages in MV's IDCE application v1.0 allows an attacker to copy and paste aspx pages in the end of the URL application that connect into the database which reveals intern... | 7.5 | HIGH | — | 0 |
| CVE-2021-36230 HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organiz... | 8.8 | HIGH | — | 0 |
| CVE-2021-36746 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-36747 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-32751 Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code ex... | 7.5 | HIGH | — | 0 |
| CVE-2021-2323 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Flex-Branch). Supported versions that are affected are 12.3, 12.4, 14.0-14.4 and . ... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-2324 Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Loans And Deposits). Supported versions that are affected are 12.0-12.4, 14.0-14.4 ... | 4.6 | MEDIUM | — | 0 |
| CVE-2021-2326 Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker hav... | 2.7 | LOW | — | 0 |
| CVE-2021-2328 Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attac... | 7.2 | HIGH | — | 0 |
| CVE-2021-2329 Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged att... | 7.2 | HIGH | — | 0 |
| CVE-2021-2330 Vulnerability in the Core RDBMS component of Oracle Database Server. The supported version that is affected is 19c. Easily exploitable vulnerability allows low privileged attacker having Create Table ... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-2333 Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged att... | 4.9 | MEDIUM | — | 0 |
| CVE-2020-20262 Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Ser... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-2448 Vulnerability in the Oracle Financial Services Crime and Compliance Investigation Hub product of Oracle Financial Services Applications (component: Reports). The supported version that is affected is ... | 3.7 | LOW | — | 0 |
| CVE-2021-2449 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability... | 7.5 | HIGH | — | 0 |
| CVE-2021-2450 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability... | 7.5 | HIGH | — | 0 |
| CVE-2021-2451 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability... | 7.5 | HIGH | — | 0 |
| CVE-2021-1102 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can lead to floating point exceptions, which may lead to denial of service. This affects vGPU version 1... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-2452 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability... | 7.5 | HIGH | — | 0 |
| CVE-2021-2453 Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability... | 7.5 | HIGH | — | 0 |
| CVE-2021-2454 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.24. Difficult to exploit vulnerability allows low p... | 7.0 | HIGH | — | 0 |
| CVE-2021-2455 Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). The supported version that is affected is 9.2. Easily exploitable vulnerabilit... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-2456 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). The supported version that is affected is 12.2.1.4.0. Easil... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-2458 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 11.1.2.2.0, 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Eas... | 7.6 | HIGH | — | 0 |
| CVE-2021-2460 Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability all... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-2462 Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. ... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-2463 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. E... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-20699 A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings. | 4.8 | MEDIUM | — | 0 |
| CVE-2021-1097 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest. This flaw allows a malicious guest to ... | 7.8 | HIGH | — | 0 |
| CVE-2021-1098 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. This flaw allows a malicious ... | 7.8 | HIGH | — | 0 |
| CVE-2021-1099 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. S... | 7.0 | HIGH | — | 0 |
| CVE-2021-1100 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in which a pointer to a user-space buffer is not validated before it is dereferenced, which may... | 6.2 | MEDIUM | — | 0 |
| CVE-2021-1101 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x (pr... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-1103 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x (pr... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-23409 The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header. | 7.5 | HIGH | — | 0 |
| CVE-2020-19609 Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff_expand_colormap() function when parsing TIFF files allowing attackers to cause a denial of service. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-20219 Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/igmp-proxy process. An authenticated remote attacker can cause a Denial of Service (NULL point... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-20221 Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of S... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-20700 A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text b... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-21932 A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid. | 5.3 | MEDIUM | — | 0 |
| CVE-2020-21933 An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package. | 7.5 | HIGH | — | 0 |
| CVE-2020-21934 An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.