Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2020-22617 Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-30625 Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a craft... | 8.8 | HIGH | — | 0 |
| CVE-2021-30626 Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-30627 Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-30628 Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-30629 Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-30630 Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-42112 The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-24691 The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Slug setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scri... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-37956 Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted ... | 8.8 | HIGH | — | 0 |
| CVE-2021-37957 Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-37958 Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-37959 Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafte... | 8.8 | HIGH | — | 0 |
| CVE-2021-24709 The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (like *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting i... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-37961 Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-37962 Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTM... | 8.8 | HIGH | — | 0 |
| CVE-2021-37963 Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-37964 Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi imperson... | 3.3 | LOW | — | 0 |
| CVE-2020-28961 Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-42575 The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-42576 The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-23449 This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-29878 IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-36513 An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value. | 7.5 | HIGH | — | 0 |
| CVE-2021-41151 Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is execu... | 6.8 | MEDIUM | — | 0 |
| CVE-2021-41152 OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacke... | 7.7 | HIGH | — | 0 |
| CVE-2021-41153 The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Ge... | 8.7 | HIGH | — | 0 |
| CVE-2021-41156 anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of... | 6.8 | MEDIUM | — | 0 |
| CVE-2021-36548 A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafte... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-41154 Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitr... | 8.8 | HIGH | — | 0 |
| CVE-2021-41155 Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL quer... | 8.8 | HIGH | — | 0 |
| CVE-2021-20836 Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-25968 In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts a... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-36512 An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value. | 7.5 | HIGH | — | 0 |
| CVE-2021-42261 Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories t... | 7.5 | HIGH | — | 0 |
| CVE-2021-38462 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-38464 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or h... | 6.4 | MEDIUM | — | 0 |
| CVE-2021-38466 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected ... | 8.8 | HIGH | — | 0 |
| CVE-2021-38468 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system. | 8.7 | HIGH | — | 0 |
| CVE-2021-38470 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run comm... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-3863 snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 6.1 | MEDIUM | — | 0 |
| CVE-2021-38472 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an admini... | 4.7 | MEDIUM | — | 0 |
| CVE-2021-38474 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force... | 6.3 | MEDIUM | — | 0 |
| CVE-2021-38476 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate differe... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-38478 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely ru... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-38480 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This m... | 9.6 | CRITICAL | — | 0 |
| CVE-2021-38482 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of u... | 8.7 | HIGH | — | 0 |
| CVE-2021-38484 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-38486 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an ... | 8.0 | HIGH | — | 0 |
| CVE-2021-3846 firefly-iii is vulnerable to Unrestricted Upload of File with Dangerous Type | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.