Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2021-22758 A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of... | 7.8 | HIGH | — | 0 |
| CVE-2021-22759 A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when a... | 7.8 | HIGH | — | 0 |
| CVE-2021-22760 A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing ch... | 7.8 | HIGH | — | 0 |
| CVE-2021-22761 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of informati... | 7.8 | HIGH | — | 0 |
| CVE-2021-22762 A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malici... | 7.8 | HIGH | — | 0 |
| CVE-2021-22767 A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code executio... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-22763 A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for ... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-22764 A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could ... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-22765 A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code executio... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-22766 A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted... | 7.5 | HIGH | — | 0 |
| CVE-2021-22768 A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code executio... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-22769 A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an atta... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-22895 Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. | 5.9 | MEDIUM | — | 0 |
| CVE-2021-22896 Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-22897 curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The se... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-22901 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use ... | 8.1 | HIGH | — | 0 |
| CVE-2021-22902 The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of Ac... | 7.5 | HIGH | — | 0 |
| CVE-2021-22903 The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authori... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-22904 The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive r... | 7.5 | HIGH | — | 0 |
| CVE-2021-22905 Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using th... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-22906 Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-22912 Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a gl... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-22913 Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-22915 Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an atta... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-23136 Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre ... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-23140 Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Cent... | 9.9 | CRITICAL | — | 0 |
| CVE-2021-23182 Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gall... | 6.0 | MEDIUM | — | 0 |
| CVE-2021-23204 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gall... | 8.1 | HIGH | — | 0 |
| CVE-2021-23205 Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue ... | 8.1 | HIGH | — | 0 |
| CVE-2021-23211 Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affec... | 6.0 | MEDIUM | — | 0 |
| CVE-2021-0491 In memory management driver, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges nee... | 7.8 | HIGH | — | 0 |
| CVE-2021-23230 A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects:... | 9.9 | CRITICAL | — | 0 |
| CVE-2021-28210 An unlimited recursion in DxeCore in EDK II. | 7.8 | HIGH | — | 0 |
| CVE-2021-28211 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | 6.7 | MEDIUM | — | 0 |
| CVE-2021-28213 Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | 7.5 | HIGH | — | 0 |
| CVE-2019-9475 In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed.... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0466 In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no addition... | 7.5 | HIGH | — | 0 |
| CVE-2021-0472 In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additi... | 7.8 | HIGH | — | 0 |
| CVE-2021-0492 In memory management driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. Use... | 7.8 | HIGH | — | 0 |
| CVE-2021-1524 A vulnerability in the API of Cisco Meeting Server could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because r... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-1541 Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary co... | 7.2 | HIGH | — | 0 |
| CVE-2021-1542 Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary co... | 7.2 | HIGH | — | 0 |
| CVE-2021-1543 Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary co... | 7.2 | HIGH | — | 0 |
| CVE-2021-1566 A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an... | 7.4 | HIGH | — | 0 |
| CVE-2021-1567 A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device... | 7.0 | HIGH | — | 0 |
| CVE-2021-1568 A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerabili... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-1569 Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-1570 Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for Mac, and Cisco Jabber for mobile platforms could allow an attacker to access sensitive information or cause a denial of service (... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-1571 Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary co... | 7.2 | HIGH | — | 0 |
| CVE-2021-34551 PHPMailer before 6.5.0 on Windows allows remote code execution if lang_path is untrusted data and has a UNC pathname. | 8.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.