Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-26192 Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vu... | 7.8 | HIGH | β | 0 |
| CVE-2020-26193 Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution... | 7.8 | HIGH | β | 0 |
| CVE-2020-26194 Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE ... | 7.0 | HIGH | β | 0 |
| CVE-2020-26195 Dell EMC PowerScale OneFS versions 8.1.2 β 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take ad... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-26196 Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the abi... | 5.5 | MEDIUM | β | 0 |
| CVE-2020-35125 A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-... | 9.6 | CRITICAL | β | 0 |
| CVE-2021-21502 Dell PowerScale OneFS versions 8.1.0 β 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired accou... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26951 An issue was discovered in the calamine crate before 0.17.0 for Rust. It allows attackers to overwrite heap-memory locations because Vec::set_len is used without proper memory claiming, and this unini... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26952 An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read. | 7.5 | HIGH | β | 0 |
| CVE-2021-26953 An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementa... | 7.5 | HIGH | β | 0 |
| CVE-2021-26954 An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop. | 5.3 | MEDIUM | β | 0 |
| CVE-2021-26955 An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated by... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26957 An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-26958 An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmu... | 8.8 | HIGH | β | 0 |
| CVE-2020-28870 In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-28871 Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36244 The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-20654 Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site. | 5.4 | MEDIUM | β | 0 |
| CVE-2021-23878 Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and cred... | 7.3 | HIGH | β | 0 |
| CVE-2021-23880 Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of th... | 6.7 | MEDIUM | β | 0 |
| CVE-2021-23882 Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by pl... | 8.2 | HIGH | β | 0 |
| CVE-2021-23883 A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system... | 4.0 | MEDIUM | β | 0 |
| CVE-2021-23873 Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially ... | 7.8 | HIGH | β | 0 |
| CVE-2021-23876 Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially ca... | 7.8 | HIGH | β | 0 |
| CVE-2021-23881 A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event wh... | 4.8 | MEDIUM | β | 0 |
| CVE-2020-29171 Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 f... | 6.1 | MEDIUM | β | 0 |
| CVE-2020-24837 An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a ne... | 7.5 | HIGH | β | 0 |
| CVE-2020-24838 An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued w... | 7.5 | HIGH | β | 0 |
| CVE-2021-27135 xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-13546 In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon us... | 7.8 | HIGH | β | 0 |
| CVE-2020-5023 IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659. | 7.5 | HIGH | β | 0 |
| CVE-2021-0302 In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges ne... | 7.8 | HIGH | β | 0 |
| CVE-2021-0305 In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges ne... | 7.8 | HIGH | β | 0 |
| CVE-2021-0314 In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with ... | 7.3 | HIGH | β | 0 |
| CVE-2021-0325 In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges... | 8.8 | HIGH | β | 0 |
| CVE-2021-0326 In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct sear... | 7.5 | HIGH | β | 0 |
| CVE-2021-0327 In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no addition... | 7.8 | HIGH | β | 0 |
| CVE-2021-0340 In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional ... | 8.8 | HIGH | β | 0 |
| CVE-2021-0328 In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to loc... | 7.8 | HIGH | β | 0 |
| CVE-2021-0329 In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth se... | 7.8 | HIGH | β | 0 |
| CVE-2021-0330 In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution... | 7.8 | HIGH | β | 0 |
| CVE-2021-0331 In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification acces... | 7.3 | HIGH | β | 0 |
| CVE-2021-0332 In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User inter... | 7.8 | HIGH | β | 0 |
| CVE-2021-0339 In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege w... | 7.8 | HIGH | β | 0 |
| CVE-2021-0333 In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting... | 7.3 | HIGH | β | 0 |
| CVE-2021-0334 In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege ... | 7.8 | HIGH | β | 0 |
| CVE-2021-0335 In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User ... | 6.5 | MEDIUM | β | 0 |
| CVE-2021-0336 In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission chec... | 7.8 | HIGH | β | 0 |
| CVE-2021-0337 In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User in... | 7.8 | HIGH | β | 0 |
| CVE-2021-0338 In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges need... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.