Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0679 | 2 Google, Mediatek | 12 Android, Mt6873, Mt6875 and 9 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781. | |||||
| CVE-2021-0678 | 2 Google, Mediatek | 12 Android, Mt6873, Mt6875 and 9 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511. | |||||
| CVE-2021-0676 | 2 Google, Mediatek | 44 Android, Mt6762, Mt6765 and 41 more | 2023-08-08 | 2.1 LOW | 4.4 MEDIUM |
| In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009. | |||||
| CVE-2021-0674 | 2 Google, Mediatek | 57 Android, Mt6570, Mt6580 and 54 more | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237. | |||||
| CVE-2021-39649 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049006References: N/A | |||||
| CVE-2021-39640 | 1 Google | 1 Android | 2023-08-08 | 7.2 HIGH | 7.8 HIGH |
| In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-157294279References: N/A | |||||
| CVE-2021-1001 | 1 Google | 1 Android | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| In PVInitVideoEncoder of mp4enc_api.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-190435883 | |||||
| CVE-2021-0964 | 1 Google | 1 Android | 2023-08-08 | 7.1 HIGH | 6.5 MEDIUM |
| In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621 | |||||
| CVE-2021-43215 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-08-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | |||||
| CVE-2021-44847 | 2 Fedoraproject, Toktok | 2 Fedora, Toxcore | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet. | |||||
| CVE-2021-41694 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2023-08-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php. | |||||
| CVE-2021-36190 | 1 Fortinet | 1 Fortiweb | 2023-08-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests. | |||||
| CVE-2021-42757 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2023-08-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments. | |||||
| CVE-2021-37079 | 1 Huawei | 1 Harmonyos | 2023-08-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. | |||||
| CVE-2021-37078 | 1 Huawei | 1 Harmonyos | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote Denial of Service. | |||||
| CVE-2021-37021 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-08-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. | |||||
| CVE-2021-37020 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2023-08-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. | |||||
| CVE-2021-37014 | 1 Huawei | 1 Harmonyos | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to device cannot be used properly. | |||||
| CVE-2021-37042 | 1 Huawei | 2 Emui, Magic Ui | 2023-08-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. | |||||
| CVE-2021-37041 | 1 Huawei | 2 Emui, Magic Ui | 2023-08-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. | |||||
| CVE-2021-44077 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. | |||||
| CVE-2021-43996 | 1 Facade | 1 Ignition | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control. | |||||
| CVE-2021-43414 | 1 Gnu | 1 Hurd | 2023-08-08 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. | |||||
| CVE-2021-35368 | 3 Debian, Fedoraproject, Owasp | 3 Debian Linux, Fedora, Owasp Modsecurity Core Rule Set | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. | |||||
| CVE-2021-40985 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2023-08-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. | |||||
| CVE-2021-22406 | 1 Huawei | 2 Emui, Magic Ui | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. | |||||
| CVE-2021-30807 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2023-08-08 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2021-27561 | 1 Yealink | 1 Device Management | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. | |||||
| CVE-2021-41357 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-40450 | 1 Microsoft | 6 Windows 10, Windows 11, Windows Server and 3 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-40449 | 1 Microsoft | 11 Windows 10, Windows 11, Windows 7 and 8 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-40325 | 1 Cobbler Project | 1 Cobbler | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Cobbler before 3.3.0 allows authorization bypass for modification of settings. | |||||
| CVE-2021-22005 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. | |||||
| CVE-2021-38163 | 1 Sap | 1 Netweaver | 2023-08-08 | 9.0 HIGH | 8.8 HIGH |
| SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker authenticated as a non-administrative user can upload a malicious file over a network and trigger its processing, which is capable of running operating system commands with the privilege of the Java Server process. These commands can be used to read or modify any information on the server or shut the server down making it unavailable. | |||||
| CVE-2021-40870 | 1 Aviatrix | 1 Controller | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. | |||||
| CVE-2021-26084 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | |||||
| CVE-2021-30983 | 1 Apple | 2 Ipados, Iphone Os | 2023-08-08 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-36762 | 1 Hcc-embedded | 1 Nichestack | 2023-08-08 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c TFTP packet processing function doesn't ensure that a filename is adequately '\0' terminated; therefore, a subsequent call to strlen for the filename might read out of bounds of the protocol packet buffer (if no '\0' byte exists within a reasonable range). | |||||
| CVE-2021-35395 | 1 Realtek | 1 Realtek Jungle Sdk | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: - stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter - stack buffer overflow in formWsc due to unsafe copy of submit-url parameter - stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter - stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter - stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter - stack buffer overflow in formWsc due to unsafe copy of 'peerPin' parameter - arbitrary command execution in formSysCmd via the sysCmd parameter - arbitrary command injection in formWsc via the 'peerPin' parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device. | |||||
| CVE-2021-35394 | 1 Realtek | 1 Realtek Jungle Sdk | 2023-08-08 | 10.0 HIGH | 9.8 CRITICAL |
| Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote unauthenticated attackers. | |||||
| CVE-2021-37788 | 1 Gurock | 1 Testrail | 2023-08-08 | 4.3 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link. | |||||
| CVE-2021-24018 | 1 Fortinet | 1 Fortios | 2023-08-08 | 5.8 MEDIUM | 8.8 HIGH |
| A buffer underwrite vulnerability in the firmware verification routine of FortiOS before 7.0.1 may allow an attacker located in the adjacent network to potentially execute arbitrary code via a specifically crafted firmware image. | |||||
| CVE-2021-30116 | 1 Kaseya | 2 Vsa Agent, Vsa Server | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\Program Files (x86)\Kaseya\XXXXXXXXXX\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813&pw=113cc622839a4077a84837485ced6b93e440bf66d44057713cb2f95e503a06d9) This request authenticates the client and returns a sessionId cookie that can be used in subsequent attacks to bypass authentication. Security issues discovered --- * Unauthenticated download page leaks credentials * Credentials of agent software can be used to obtain a sessionId (cookie) that can be used for services not intended for use by agents * dl.asp accepts credentials via a GET request * Access to KaseyaD.ini gives an attacker access to sufficient information to penetrate the Kaseya installation and its clients. Impact --- Via the page /dl.asp enough information can be obtained to give an attacker a sessionId that can be used to execute further (semi-authenticated) attacks against the system. | |||||
| CVE-2021-34548 | 1 Torproject | 1 Tor | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. | |||||
| CVE-2021-0511 | 1 Google | 1 Android | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 | |||||
| CVE-2021-28689 | 1 Xen | 1 Xen | 2023-08-08 | 2.1 LOW | 5.5 MEDIUM |
| x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to virtualization. In AMD64, Xen had to use a different implementation approach, so Xen does not use ring 1 to support 64-bit guests. With the focus now being on 64-bit systems, and the availability of explicit hardware support for virtualization, fixing speculation issues in ring 1 is not a priority for processor companies. Indirect Branch Restricted Speculation (IBRS) is an architectural x86 extension put together to combat speculative execution sidechannel attacks, including Spectre v2. It was retrofitted in microcode to existing CPUs. For more details on Spectre v2, see: http://xenbits.xen.org/xsa/advisory-254.html However, IBRS does not architecturally protect ring 0 from predictions learnt in ring 1. For more details, see: https://software.intel.com/security-software-guidance/deep-dives/deep-dive-indirect-branch-restricted-speculation Similar situations may exist with other mitigations for other kinds of speculative execution attacks. The situation is quite likely to be similar for speculative execution attacks which have yet to be discovered, disclosed, or mitigated. | |||||
| CVE-2021-0056 | 1 Intel | 4 Lapbc510, Lapbc510 Firmware, Lapbc710 and 1 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-31249 | 1 Chiyu-tech | 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more | 2023-08-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple CGI components. | |||||
| CVE-2021-31207 | 1 Microsoft | 1 Exchange Server | 2023-08-08 | 6.5 MEDIUM | 6.6 MEDIUM |
| Microsoft Exchange Server Security Feature Bypass Vulnerability | |||||
| CVE-2021-1083 | 6 Citrix, Linux, Microsoft and 3 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2023-08-08 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4). | |||||