Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
caldera vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-42558
An issue exists in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers.
Mitre Caldera
490
VMScore
CVE-2021-42562
An issue exists in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.
Mitre Caldera
641
VMScore
CVE-2001-1062
Buffer overflow in mana in OpenServer 5.0.6a and previous versions allows local users to execute arbitrary code.
Caldera Openserver
NA
CVE-2022-41139
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gist contact configuration field), leading to execution of arbitrary commands on agents.
Mitre Caldera
NA
CVE-2022-40605
MITRE CALDERA prior to 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606.
Mitre Caldera
NA
CVE-2022-40606
MITRE CALDERA prior to 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605.
Mitre Caldera
445
VMScore
CVE-2002-1199
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote malicious users to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
Sco Openserver 5.0.5
Sco Openserver 5.0.6
Sco Openserver 5.0.6a
Sun Sunos 5.7
Caldera Openlinux 2.2
Sun Sunos 5.8
Sun Solaris 9.0
Caldera Openlinux 2.3
Caldera Openlinux 2.4
445
VMScore
CVE-2001-0851
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote malicious users to bypass firewall rules by brute force guessing the cookie.
Caldera Openlinux Server 3.1
Caldera Openlinux Workstation 3.1
Caldera Openlinux Eserver 2.3.1
Linux Linux Kernel 2.0
Suse Suse Linux 7.2
Suse Suse Linux 7.3
Linux Linux Kernel 2.2.0
Linux Linux Kernel 2.4.0
Suse Suse Linux 6.3
Suse Suse Linux 6.4
Caldera Openlinux 2.3
Caldera Openlinux Edesktop 2.4
Suse Suse Linux 7.0
Suse Suse Linux 7.1
641
VMScore
CVE-2002-0105
CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating systems, allows local users to gain privileges via a symlink attack on /var/dt/Xerrors since /var/dt is world-writable.
Caldera Unixware 7.1.0
312
VMScore
CVE-2021-24896
The Caldera Forms WordPress plugin prior to 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Calderaforms Caldera Forms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »