Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25397 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
|
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
|
|||||
| CVE-2021-25391 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
|
|||||
| CVE-2021-25390 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 4.0 MEDIUM |
|
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
|
|||||
| CVE-2021-25382 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
|
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.
|
|||||
| CVE-2021-25379 | 1 Samsung | 1 Gallery | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.
|
|||||
| CVE-2021-25378 | 1 Samsung | 1 Smartthings | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.
|
|||||
| CVE-2021-25374 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
|
|||||
| CVE-2021-25366 | 1 Samsung | 1 Internet | 2024-11-21 | 3.6 LOW | 3.2 LOW |
|
Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.
|
|||||
| CVE-2021-25361 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.9 HIGH |
|
An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.
|
|||||
| CVE-2021-25354 | 1 Samsung | 1 Internet | 2024-11-21 | 6.8 MEDIUM | 3.3 LOW |
|
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.
|
|||||
| CVE-2021-25351 | 2 Google, Samsung | 2 Android, Account | 2024-11-21 | 2.1 LOW | 3.2 LOW |
|
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
|
|||||
| CVE-2021-25349 | 2 Google, Samsung | 2 Android, Slow Motion Editor | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
|
Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.
|
|||||
| CVE-2021-25348 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 2.1 LOW |
|
Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.
|
|||||
| CVE-2021-25340 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.1 MEDIUM |
|
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.
|
|||||
| CVE-2021-25338 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
|
Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.
|
|||||
| CVE-2021-25336 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 2.8 LOW |
|
Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.
|
|||||
| CVE-2021-25322 | 2 Opensuse, Python-hyperkitty Project | 3 Factory, Leap, Python-hyperkitty | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.
|
|||||
| CVE-2021-25321 | 2 Opensuse, Suse | 6 Factory, Leap, Arpwatch and 3 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Clo ...
Show More |
|||||
| CVE-2021-25320 | 1 Rancher | 1 Rancher | 2024-11-21 | 4.0 MEDIUM | 9.9 CRITICAL |
|
A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16.
|
|||||
| CVE-2021-25246 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries.
|
|||||
| CVE-2021-25245 | 1 Trendmicro | 1 Worry-free Business Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.
|
|||||
| CVE-2021-25244 | 1 Trendmicro | 1 Worry-free Business Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.
|
|||||
| CVE-2021-25243 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
|
|||||
| CVE-2021-25242 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
|
|||||
| CVE-2021-25240 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
|
|||||
| CVE-2021-25239 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
|
|||||
| CVE-2021-25238 | 2 Microsoft, Trendmicro | 3 Windows, Officescan, Worry-free Business Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
|
|||||
| CVE-2021-25237 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.
|
|||||
| CVE-2021-25235 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.
|
|||||
| CVE-2021-25234 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
|
|||||
| CVE-2021-25233 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
|
|||||
| CVE-2021-25232 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.
|
|||||
| CVE-2021-25231 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Officescan and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
|
|||||
| CVE-2021-25230 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Officescan | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.
|
|||||
| CVE-2021-25229 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
|
|||||
| CVE-2021-25228 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
|
|||||
| CVE-2021-25141 | 2 Arubanetworks, Hpe | 30 Aruba 2530ya, Aruba 2530ya Firmware, Aruba 2530yb and 27 more | 2024-11-21 | 4.9 MEDIUM | 4.4 MEDIUM |
|
A security vulnerability has been identified in in certain HPE and Aruba L2/L3 switch firmware. A data processing error due to improper handling of an unexpected data type in user supplied information to the switch's management interface has been identified. The data processing error could be exploited to cause a crash or reboot in the switch management interface and/or possibly the switch itself leading to local denial of service (DoS). The user must have administrator privileges to exploit thi ...
Show More |
|||||
| CVE-2021-24928 | 1 Rearrange Woocommerce Products Project | 1 Rearrange Woocommerce Products | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post.
|
|||||
| CVE-2021-24916 | 1 Themeum | 1 Qubely | 2024-11-21 | N/A | 7.5 HIGH |
|
The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.
|
|||||
| CVE-2021-24845 | 1 Improved Include Page Project | 1 Improved Include Page | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as low as Contributor can gain access to content they are not supposed to.
|
|||||