Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-20457 A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive informa... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-47684 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | N/A | NONE | — | 0 |
| CVE-2024-20504 A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, rem... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-20511 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could al... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-20514 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-20536 A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to e... | 8.8 | HIGH | — | 0 |
| CVE-2024-20540 A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a st... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-47685 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | N/A | NONE | — | 0 |
| CVE-2024-43426 A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed. | 7.5 | HIGH | — | 0 |
| CVE-2024-43436 A SQL injection risk flaw was found in the XMLDB editor tool available to site administrators. | 7.2 | HIGH | — | 0 |
| CVE-2024-43438 A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report. | 7.5 | HIGH | — | 0 |
| CVE-2024-46954 An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal. | 7.8 | HIGH | — | 0 |
| CVE-2024-46891 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenti... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-20871 A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote a... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-46894 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-8534 Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR t... | 8.1 | HIGH | — | 0 |
| CVE-2024-8535 Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount... | 8.1 | HIGH | — | 0 |
| CVE-2023-4458 A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the e... | 4.0 | MEDIUM | — | 0 |
| CVE-2024-7730 A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit t... | 7.4 | HIGH | — | 0 |
| CVE-2022-20931 A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the softw... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-20154 A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vuln... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-20373 A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthentic... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-20626 A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a us... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20631 A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. ... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-20634 A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to impro... | 4.7 | MEDIUM | — | 0 |
| CVE-2021-1491 A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying file system of the d... | N/A | NONE | — | 0 |
| CVE-2022-20654 A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based i... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-20656 A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To ex... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-20657 A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of a... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-20663 A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site ... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-20793 A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimat... | 6.8 | MEDIUM | — | 0 |
| CVE-2024-45652 IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to v... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-20814 A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.&... | 7.4 | HIGH | — | 0 |
| CVE-2022-20846 A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process ... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-20849 A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continu... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-20853 A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on... | 7.4 | HIGH | — | 0 |
| CVE-2024-11268 A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary me... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-20939 A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vuln... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-20004 Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These ... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-20036 A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected ... | 9.9 | CRITICAL | — | 0 |
| CVE-2023-20039 A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the applic... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-20060 A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-52361 IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 stores user credentials in plain text which can be read by an authenticated user with access to the pod. | 5.7 | MEDIUM | — | 0 |
| CVE-2023-20090 A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access co... | 6.7 | MEDIUM | — | 0 |
| CVE-2023-20091 A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnera... | 5.1 | MEDIUM | — | 0 |
| CVE-2023-20092 Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These ... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-20093 Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These ... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-20094 A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device. This vulnerability exists because the affe... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-48394 An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the... | 4.7 | MEDIUM | — | 0 |
| CVE-2021-1464 A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an a... | 5.0 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.