Total
12590 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25411 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2024-11-21 | 4.4 Medium |
| Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. | ||||
| CVE-2021-25410 | 1 Google | 1 Android | 2024-11-21 | 7.1 High |
| Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. | ||||
| CVE-2021-25401 | 1 Samsung | 1 Health | 2024-11-21 | 7.8 High |
| Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. | ||||
| CVE-2021-25378 | 1 Samsung | 1 Smartthings | 2024-11-21 | 4.3 Medium |
| Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. | ||||
| CVE-2021-25356 | 1 Google | 1 Android | 2024-11-21 | 7.1 High |
| An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. | ||||
| CVE-2021-25339 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 4.4 Medium |
| Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | ||||
| CVE-2021-25338 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 4.4 Medium |
| Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | ||||
| CVE-2021-25334 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. | ||||
| CVE-2021-25292 | 2 Python, Redhat | 3 Pillow, Enterprise Linux, Quay | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex. | ||||
| CVE-2021-25219 | 7 Debian, Fedoraproject, Isc and 4 more | 24 Debian Linux, Fedora, Bind and 21 more | 2024-11-21 | 5.3 Medium |
| In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing. | ||||
| CVE-2021-24894 | 1 Implecode | 1 Reviews Plus | 2024-11-21 | 6.5 Medium |
| The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page | ||||
| CVE-2021-24893 | 1 Stars Rating Project | 1 Stars Rating | 2024-11-21 | 7.5 High |
| The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated. | ||||
| CVE-2021-24033 | 1 Facebook | 1 React-dev-utils | 2024-11-21 | 5.6 Medium |
| react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you. | ||||
| CVE-2021-23906 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2024-11-21 | 1.8 Low |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution. | ||||
| CVE-2021-23862 | 1 Bosch | 8 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 5 more | 2024-11-21 | 7.2 High |
| A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000). | ||||
| CVE-2021-23853 | 1 Bosch | 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more | 2024-11-21 | 8.3 High |
| In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. | ||||
| CVE-2021-23835 | 1 Flatcore | 1 Flatcore | 2024-11-21 | 4.9 Medium |
| An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc. | ||||
| CVE-2021-23438 | 1 Mpath Project | 1 Mpath | 2024-11-21 | 5.6 Medium |
| This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 if parts[i] is ['__proto__']. This is because the method that has been called if the input is an array is Array.prototype.indexOf() and not String.prototype.indexOf(). They behave differently depending on the type of the input. | ||||
| CVE-2021-23279 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 8 High |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. | ||||
| CVE-2021-23278 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 8.7 High |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. | ||||