Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2021-22796 A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2... | 7.8 | HIGH | — | 0 |
| CVE-2021-22798 A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext� ComBox... | 7.5 | HIGH | — | 0 |
| CVE-2021-22800 A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218... | 7.5 | HIGH | — | 0 |
| CVE-2021-22801 A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: Co... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-22802 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is r... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-22803 A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-22805 A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network m... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-22806 A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (... | 7.5 | HIGH | — | 0 |
| CVE-2021-22823 A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network m... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-22824 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received... | 7.5 | HIGH | — | 0 |
| CVE-2021-31932 Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-39616 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 | 9.8 | CRITICAL | — | 0 |
| CVE-2021-39619 In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation o... | 7.8 | HIGH | — | 0 |
| CVE-2021-39631 In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-39635 ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the caller's permissions,so that normal apps (No phone permissions) can obtain some VoLTE sensitive info... | 9.1 | CRITICAL | — | 0 |
| CVE-2021-39658 ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system service,but it does not check the permissions of the caller,resulting in permission leaks。Third-part... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-39662 In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation... | 7.8 | HIGH | — | 0 |
| CVE-2021-39663 In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User... | 7.8 | HIGH | — | 0 |
| CVE-2021-39664 In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additio... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-39665 In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges ... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-24926 Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices. | 5.7 | MEDIUM | — | 0 |
| CVE-2021-39666 In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges neede... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-39668 In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI... | 7.8 | HIGH | — | 0 |
| CVE-2021-39669 In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation ... | 7.8 | HIGH | — | 0 |
| CVE-2021-39671 In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges nee... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-39672 In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is n... | 7.8 | HIGH | — | 0 |
| CVE-2021-39674 In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User inte... | 7.8 | HIGH | — | 0 |
| CVE-2021-39675 In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed.... | 9.8 | CRITICAL | — | 0 |
| CVE-2022-30063 ftcms <=2.1 was discovered to be vulnerable to code execution attacks . | 9.8 | CRITICAL | — | 0 |
| CVE-2021-39688 In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exp... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-44111 A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup. | 4.4 | MEDIUM | — | 0 |
| CVE-2021-4035 A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an a... | 3.5 | LOW | — | 0 |
| CVE-2021-4046 The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-0382 An information leak flaw was found due to uninitialized memory in the Linux kernel's TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a lo... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0483 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53 | 7.8 | HIGH | — | 0 |
| CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF fi... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. ... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-22291 Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-22292 Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. | 7.1 | HIGH | — | 0 |
| CVE-2022-23425 Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. | 8.6 | HIGH | — | 0 |
| CVE-2022-23426 A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. | 4.4 | MEDIUM | — | 0 |
| CVE-2022-23427 PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. | 3.9 | LOW | — | 0 |
| CVE-2022-23428 An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | 8.4 | HIGH | — | 0 |
| CVE-2022-23429 An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-23431 An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | 6.4 | MEDIUM | — | 0 |
| CVE-2022-23432 An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | 6.4 | MEDIUM | — | 0 |
| CVE-2022-23433 Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-23434 A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modi... | 4.4 | MEDIUM | — | 0 |
| CVE-2022-23707 An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index patter... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-23853 The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.