Export limit exceeded: 10117 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10117 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25515 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. | ||||
| CVE-2021-25432 | 2 Google, Samsung | 2 Android, Samsung Members | 2024-11-21 | 3.3 Low |
| Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. | ||||
| CVE-2021-25376 | 1 Samsung | 1 Email | 2024-11-21 | 3.1 Low |
| An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. | ||||
| CVE-2021-25364 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. | ||||
| CVE-2021-25357 | 1 Google | 1 Android | 2024-11-21 | 5.6 Medium |
| A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information. | ||||
| CVE-2021-25352 | 1 Samsung | 1 Bixby Voice | 2024-11-21 | 5.5 Medium |
| Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. | ||||
| CVE-2021-25323 | 1 Misp | 1 Misp | 2024-11-21 | 9.1 Critical |
| The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. | ||||
| CVE-2021-25322 | 2 Opensuse, Python-hyperkitty Project | 3 Factory, Leap, Python-hyperkitty | 2024-11-21 | 6.8 Medium |
| A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1. | ||||
| CVE-2021-25321 | 2 Opensuse, Suse | 6 Factory, Leap, Arpwatch and 3 more | 2024-11-21 | 7.8 High |
| A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. | ||||
| CVE-2021-25314 | 1 Suse | 2 Hawk2, Linux Enterprise High Availability Extension | 2024-11-21 | 7.8 High |
| A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9. | ||||
| CVE-2021-25218 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2024-11-21 | 7.5 High |
| In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition. | ||||
| CVE-2021-25215 | 7 Debian, Fedoraproject, Isc and 4 more | 31 Debian Linux, Fedora, Bind and 28 more | 2024-11-21 | 7.5 High |
| In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. | ||||
| CVE-2021-25214 | 6 Debian, Fedoraproject, Isc and 3 more | 25 Debian Linux, Fedora, Bind and 22 more | 2024-11-21 | 6.5 Medium |
| In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. | ||||
| CVE-2021-25165 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 8.1 High |
| A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | ||||
| CVE-2021-25164 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.5 Medium |
| A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | ||||
| CVE-2021-25163 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 8.1 High |
| A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | ||||
| CVE-2021-25111 | 1 English Wordpress Admin Project | 1 English Wordpress Admin | 2024-11-21 | 6.1 Medium |
| The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue | ||||
| CVE-2021-25096 | 1 Ip2location | 1 Country Blocker | 2024-11-21 | 6.5 Medium |
| The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL | ||||
| CVE-2021-25074 | 1 Webp Converter For Media Project | 1 Webp Converter For Media | 2024-11-21 | 6.1 Medium |
| The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue | ||||
| CVE-2021-25033 | 1 Noptin | 1 Noptin | 2024-11-21 | 6.1 Medium |
| The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue | ||||