Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2022-23647 Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The com... | 7.5 | HIGH | — | 0 |
| CVE-2022-25323 ZEROF Web Server 2.0 allows /admin.back XSS. | 6.1 | MEDIUM | — | 0 |
| CVE-2016-2124 A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | 5.9 | MEDIUM | — | 0 |
| CVE-2020-25717 A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | 8.1 | HIGH | — | 0 |
| CVE-2020-25718 A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | 8.8 | HIGH | — | 0 |
| CVE-2021-20321 A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system... | 4.7 | MEDIUM | — | 0 |
| CVE-2020-25719 A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents i... | 7.2 | HIGH | — | 0 |
| CVE-2020-25722 Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. | 8.8 | HIGH | — | 0 |
| CVE-2020-8242 Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack. | 7.2 | HIGH | — | 0 |
| CVE-2021-20315 A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allow... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-20320 A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may le... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-45007 Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-spec... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-20322 A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw all... | 7.4 | HIGH | — | 0 |
| CVE-2021-20325 Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Ent... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-26618 An improper input validation leading to arbitrary file creation was discovered in ToWord of ToOffice. Remote attackers use this vulnerability to execute arbitrary file included malicious code. | 7.1 | HIGH | — | 0 |
| CVE-2021-26619 An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent. Remote attackers can use this vulnerability to delete arbitrary files of unspecified number of users. | 7.1 | HIGH | — | 0 |
| CVE-2021-30650 A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-38935 IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 210892. | 7.5 | HIGH | — | 0 |
| CVE-2021-39026 IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attack... | 5.9 | MEDIUM | — | 0 |
| CVE-2021-3657 A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>=2GiB) IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-3930 An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-3947 A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious use... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-3948 An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cl... | 6.3 | MEDIUM | — | 0 |
| CVE-2022-30863 FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. | 4.8 | MEDIUM | — | 0 |
| CVE-2021-44968 A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or... | 7.8 | HIGH | — | 0 |
| CVE-2021-45401 A Command injection vulnerability exists in Tenda AC10U AC1200 Smart Dual-band Wireless Router AC10U V1.0 Firmware V15.03.06.49_multi via the setUsbUnload functionality. The vulnerability is caused be... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-4090 An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw,... | 7.1 | HIGH | — | 0 |
| CVE-2021-4093 A flaw was found in the KVM's AMD code for supporting the Secure Encrypted Virtualization-Encrypted State (SEV-ES). A KVM guest using SEV-ES can trigger out-of-bounds reads and writes in the host kern... | 8.8 | HIGH | — | 0 |
| CVE-2022-0138 MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 has a deserialization function that does not validate o... | 7.5 | HIGH | — | 0 |
| CVE-2022-0646 A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing devic... | 7.8 | HIGH | — | 0 |
| CVE-2022-0671 A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. | 9.1 | CRITICAL | — | 0 |
| CVE-2022-0672 A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redirect could allow unauthorized access to sensitive information locally if LemMinX is run under a privileged user. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0673 A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoning of external schema files due to directory traversal. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-21141 MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multipl... | 10.0 | CRITICAL | — | 0 |
| CVE-2022-21143 MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input on several locati... | 7.5 | HIGH | — | 0 |
| CVE-2022-21176 MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not properly sanitize user input, which may allow ... | 8.6 | HIGH | — | 0 |
| CVE-2022-21196 MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authenticatio... | 10.0 | CRITICAL | — | 0 |
| CVE-2022-21215 This vulnerability could allow an attacker to force the server to create and execute a web request granting access to backend APIs that are only accessible to the Mimosa MMP server, or request pages t... | 10.0 | CRITICAL | — | 0 |
| CVE-2022-21800 MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 uses the MD5 algorithm to hash the passwords before sto... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-23981 The vulnerability allows Subscriber+ level users to create brands in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4). | 4.3 | MEDIUM | — | 0 |
| CVE-2022-23982 The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0.4) allows server information exposure. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-25335 RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the... | 7.5 | HIGH | — | 0 |
| CVE-2022-25336 Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be c... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-25337 Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46036 An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 allows attackers to execute arbitrary code. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-46037 MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /template/unzip.do. | 8.1 | HIGH | — | 0 |
| CVE-2021-23702 The package object-extend from 0.0.0 are vulnerable to Prototype Pollution via object-extend. | 7.6 | HIGH | — | 0 |
| CVE-2021-46062 MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component oldFileName. | 7.1 | HIGH | — | 0 |
| CVE-2021-46063 MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. | 9.1 | CRITICAL | — | 0 |
| CVE-2021-46082 Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.