Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-36244 The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-20654 Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site. | 5.4 | MEDIUM | — | 0 |
| CVE-2021-23878 Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and cred... | 7.3 | HIGH | — | 0 |
| CVE-2021-23880 Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of th... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-23882 Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by pl... | 8.2 | HIGH | — | 0 |
| CVE-2021-23883 A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific system... | 4.0 | MEDIUM | — | 0 |
| CVE-2021-23873 Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially ... | 7.8 | HIGH | — | 0 |
| CVE-2021-23876 Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially ca... | 7.8 | HIGH | — | 0 |
| CVE-2021-23881 A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event wh... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-29171 Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 f... | 6.1 | MEDIUM | — | 0 |
| CVE-2020-24837 An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a ne... | 7.5 | HIGH | — | 0 |
| CVE-2020-24838 An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued w... | 7.5 | HIGH | — | 0 |
| CVE-2021-27135 xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-13546 In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon us... | 7.8 | HIGH | — | 0 |
| CVE-2020-5023 IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659. | 7.5 | HIGH | — | 0 |
| CVE-2021-0302 In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges ne... | 7.8 | HIGH | — | 0 |
| CVE-2021-0305 In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges ne... | 7.8 | HIGH | — | 0 |
| CVE-2021-0314 In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with ... | 7.3 | HIGH | — | 0 |
| CVE-2021-0325 In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges... | 8.8 | HIGH | — | 0 |
| CVE-2021-0326 In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution if the target device is performing a Wi-Fi Direct sear... | 7.5 | HIGH | — | 0 |
| CVE-2021-0327 In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no addition... | 7.8 | HIGH | — | 0 |
| CVE-2021-0340 In parseNextBox of IsoInterface.java, there is a possible leak of unredacted location information due to improper input validation. This could lead to remote information disclosure with no additional ... | 8.8 | HIGH | — | 0 |
| CVE-2021-0328 In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. This could lead to loc... | 7.8 | HIGH | — | 0 |
| CVE-2021-0329 In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth se... | 7.8 | HIGH | — | 0 |
| CVE-2021-0330 In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution... | 7.8 | HIGH | — | 0 |
| CVE-2021-0331 In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification acces... | 7.3 | HIGH | — | 0 |
| CVE-2021-0332 In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User inter... | 7.8 | HIGH | — | 0 |
| CVE-2021-0339 In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege w... | 7.8 | HIGH | — | 0 |
| CVE-2021-0333 In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is connecting... | 7.3 | HIGH | — | 0 |
| CVE-2021-0334 In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. This could lead to local escalation of privilege ... | 7.8 | HIGH | — | 0 |
| CVE-2021-0335 In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-0336 In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission chec... | 7.8 | HIGH | — | 0 |
| CVE-2021-0337 In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User in... | 7.8 | HIGH | — | 0 |
| CVE-2021-0338 In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges need... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0341 In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with ... | 7.5 | HIGH | — | 0 |
| CVE-2021-20353 IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to e... | 8.2 | HIGH | — | 0 |
| CVE-2020-26299 ftp-srv is an open-source FTP server designed to be simple yet configurable. In ftp-srv before version 4.4.0 there is a path-traversal vulnerability. Clients of FTP servers utilizing ftp-srv hosted on... | 6.3 | MEDIUM | — | 0 |
| CVE-2021-26936 The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output pat... | 7.8 | HIGH | — | 0 |
| CVE-2021-26938 A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17 is simply the P... | 5.4 | MEDIUM | — | 0 |
| CVE-2021-26939 An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem | 7.5 | HIGH | — | 0 |
| CVE-2021-3033 An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. This vulnerability enables an attacker to bypass signature validation d... | 9.1 | CRITICAL | — | 0 |
| CVE-2020-7021 Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-22133 The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTT... | 2.4 | LOW | — | 0 |
| CVE-2021-27139 An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract information from the device without authentication by disabling JavaScript and visiting /info.asp. | 7.5 | HIGH | — | 0 |
| CVE-2021-27140 An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find passwords and authentication cookies stored in cleartext in the web.log HTTP logs. | 7.5 | HIGH | — | 0 |
| CVE-2021-27141 An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (Th... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27142 An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions. | 7.5 | HIGH | — | 0 |
| CVE-2021-27143 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27144 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-27145 An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.