How severe is CVE-2021-41256?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2021-41256?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2021-41256 - HIGH Severity | CVSS 7.1

Vulnerability Description

nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible.

Related Vulnerabilities

CVE-2022-22308

HIGH

CVSS:7.1(High)

IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote fil...

CWE-8292022

CVE-2018-1122

HIGH

CVSS:7.0(High)

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escal...

CWE-8292018

CVE-2018-1000502

HIGH

CVSS:7.2(High)

MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance -> Task Manager -> Add New Task) that can result in Allows Local File Inclusion on modern PHP versions and...

CWE-8292018

CVE-2021-29427

HIGH

CVSS:7.2(High)

In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Grad...

CWE-8292021

CVE-2022-30037

HIGH

CVSS:7.2(High)

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php.

CWE-8292022

CVE-2023-36609

HIGH

CVSS:7.2(High)

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script onto the TBox host t...

CWE-8292023