Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26351 | 1 Amd | 98 Ryzen 3 3100, Ryzen 3 3100 Firmware, Ryzen 3 3300g and 95 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.
|
|||||
| CVE-2021-26331 | 1 Amd | 116 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 113 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution.
|
|||||
| CVE-2021-26327 | 1 Amd | 40 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.
|
|||||
| CVE-2021-26325 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.
|
|||||
| CVE-2021-26323 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity.
|
|||||
| CVE-2021-26321 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP.
|
|||||
| CVE-2021-26036 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.
|
|||||
| CVE-2021-25748 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | N/A | 7.6 HIGH |
|
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
|
|||||
| CVE-2021-25746 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | 5.5 MEDIUM | 7.6 HIGH |
|
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
|
|||||
| CVE-2021-25745 | 1 Kubernetes | 1 Ingress-nginx | 2024-11-21 | 5.5 MEDIUM | 7.6 HIGH |
|
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
|
|||||
| CVE-2021-25742 | 2 Kubernetes, Netapp | 2 Ingress-nginx, Trident | 2024-11-21 | 5.5 MEDIUM | 7.6 HIGH |
|
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
|
|||||
| CVE-2021-25741 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 5.5 MEDIUM | 8.8 HIGH |
|
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
|
|||||
| CVE-2021-25738 | 1 Kubernetes | 1 Java | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.
|
|||||
| CVE-2021-25683 | 1 Canonical | 1 Apport | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
|
|||||
| CVE-2021-25682 | 1 Canonical | 1 Apport | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
|
|||||
| CVE-2021-25520 | 1 Samsung | 1 Internet | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.
|
|||||
| CVE-2021-25517 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.7 HIGH |
|
An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution.
|
|||||
| CVE-2021-25512 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.1 MEDIUM |
|
An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.
|
|||||
| CVE-2021-25511 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
|
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.
|
|||||
| CVE-2021-25510 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.
|
|||||
| CVE-2021-25509 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 3.6 LOW | 5.9 MEDIUM |
|
A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders.
|
|||||
| CVE-2021-25504 | 1 Samsung | 1 Group Sharing | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.
|
|||||
| CVE-2021-25503 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
|
Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.
|
|||||
| CVE-2021-25500 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2024-11-21 | 2.1 LOW | 7.2 HIGH |
|
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.
|
|||||
| CVE-2021-25485 | 1 Google | 1 Android | 2024-11-21 | 5.8 MEDIUM | 7.5 HIGH |
|
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.
|
|||||
| CVE-2021-25471 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
|
A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.
|
|||||
| CVE-2021-25468 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
|
|||||
| CVE-2021-25465 | 1 Samsung | 1 Themes | 2024-11-21 | 4.4 MEDIUM | 3.3 LOW |
|
An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack.
|
|||||
| CVE-2021-25457 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 2.1 LOW | 5.9 MEDIUM |
|
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
|
|||||
| CVE-2021-25453 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.1 MEDIUM |
|
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
|
|||||
| CVE-2021-25452 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
|
|||||
| CVE-2021-25450 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 4.5 MEDIUM |
|
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
|
|||||
| CVE-2021-25444 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
|
|||||
| CVE-2021-25441 | 2 Google, Samsung | 2 Android, Ar Emoji Editor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege.
|
|||||
| CVE-2021-25437 | 1 Linux | 1 Tizen | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.
|
|||||
| CVE-2021-25436 | 1 Linux | 1 Tizen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol.
|
|||||
| CVE-2021-25435 | 1 Linux | 1 Tizen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode.
|
|||||
| CVE-2021-25434 | 1 Linux | 1 Tizen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode.
|
|||||
| CVE-2021-25428 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.
|
|||||
| CVE-2021-25416 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
|
|||||