Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25410 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. | |||||
| CVE-2021-25401 | 1 Samsung | 1 Health | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. | |||||
| CVE-2021-25378 | 1 Samsung | 1 Smartthings | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. | |||||
| CVE-2021-25356 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.1 HIGH |
| An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. | |||||
| CVE-2021-25339 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | |||||
| CVE-2021-25338 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | |||||
| CVE-2021-25334 | 1 Google | 1 Android | 2024-11-21 | 4.7 MEDIUM | 5.5 MEDIUM |
| Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. | |||||
| CVE-2021-24894 | 1 Implecode | 1 Reviews Plus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page | |||||
| CVE-2021-24893 | 1 Stars Rating Project | 1 Stars Rating | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated. | |||||
| CVE-2021-23906 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2024-11-21 | 2.1 LOW | 1.8 LOW |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution. | |||||
| CVE-2021-23862 | 1 Bosch | 8 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 5 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000). | |||||
| CVE-2021-23853 | 1 Bosch | 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. | |||||
| CVE-2021-23835 | 1 Flatcore | 1 Flatcore | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability was identified in the docs_file HTTP request body parameter for the acp interface. This can be exploited with admin access rights. The affected parameter (which retrieves the contents of the specified file) was found to be accepting malicious user input without proper sanitization, thus leading to retrieval of backend server sensitive files, e.g., /etc/passwd, SQLite database files, PHP source code, etc. | |||||
| CVE-2021-23279 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 6.4 MEDIUM | 8.0 HIGH |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to unauthenticated arbitrary file delete vulnerability induced due to improper input validation in meta_driver_srv.js class with saveDriverData action using invalidated driverID. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. | |||||
| CVE-2021-23278 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 5.5 MEDIUM | 8.7 HIGH |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file delete vulnerability induced due to improper input validation at server/maps_srv.js with action removeBackground and server/node_upgrade_srv.js with action removeFirmware. An attacker can send specially crafted packets to delete the files on the system where IPM software is installed. | |||||
| CVE-2021-23192 | 1 Samba | 1 Samba | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. | |||||
| CVE-2021-23131 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! 3.2.0 through 3.9.24. Missing input validation within the template manager. | |||||
| CVE-2021-23051 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23048 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when GPRS Tunneling Protocol (GTP) iRules commands or a GTP profile is configured on a virtual server, undisclosed GTP messages can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23045 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when an SCTP profile with multiple paths is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||