Total
3294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25672 | 1 Mendix | 1 Forgot Password | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts. | |||||
| CVE-2021-25501 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.7 MEDIUM |
| An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers. | |||||
| CVE-2021-25463 | 1 Samsung | 1 Penup | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview. | |||||
| CVE-2021-25448 | 1 Samsung | 1 Smart Touch Call | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview. | |||||
| CVE-2021-25447 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. | |||||
| CVE-2021-25446 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. | |||||
| CVE-2021-25440 | 1 Samsung | 1 Factorycamerafb | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege. | |||||
| CVE-2021-25439 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview. | |||||
| CVE-2021-25438 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview. | |||||
| CVE-2021-25431 | 2 Google, Samsung | 2 Android, Cameralyzer | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer. | |||||
| CVE-2021-25412 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications. | |||||
| CVE-2021-25405 | 1 Samsung | 1 Notes | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. | |||||
| CVE-2021-25359 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications. | |||||
| CVE-2021-25349 | 2 Google, Samsung | 2 Android, Slow Motion Editor | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2021-25340 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.1 MEDIUM |
| Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. | |||||
| CVE-2021-25320 | 1 Rancher | 1 Rancher | 2024-11-21 | 4.0 MEDIUM | 9.9 CRITICAL |
| A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16. | |||||
| CVE-2021-24859 | 1 User Meta Shortcodes Project | 1 User Meta Shortcodes | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a parameter. This makes the WP instance vulnerable to data extrafiltration, including password hashes | |||||
| CVE-2021-24853 | 1 Qr Redirector Project | 1 Qr Redirector | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The QR Redirector WordPress plugin before 1.6 does not have capability and CSRF checks when saving bulk QR Redirector settings via the qr_save_bulk AJAX action, which could allow any authenticated user, such as subscriber to change the redirect response status code of arbitrary QR Redirects | |||||
| CVE-2021-24845 | 1 Improved Include Page Project | 1 Improved Include Page | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to. | |||||
| CVE-2021-24816 | 1 Phoenix Media Rename Project | 1 Phoenix Media Rename | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. | |||||