CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2021-1256 552 Dir. Trav. 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite files on the file system of an affected device by using directory traversal techniques. A successful exploit could cause system instability if important system files are overwritten. This vulnerability is due to insufficient validation of user input for the file path in a specific CLI command. An attacker could exploit this vulnerability by logging in to a targeted device and issuing a specific CLI command with crafted user input. A successful exploit could allow the attacker to overwrite arbitrary files on the file system of the affected device. The attacker would need valid user credentials on the device.
452 CVE-2021-1087 Bypass 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin), which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization (ASLR) bypass. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).
453 CVE-2021-1086 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7).
454 CVE-2021-1083 DoS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2) and version 11.x (prior to 11.4).
455 CVE-2021-1082 DoS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7)
456 CVE-2021-1081 DoS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and Virtual GPU manager (vGPU plugin), in which an input length is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).
457 CVE-2021-1080 DoS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), in which certain input data is not validated, which may lead to information disclosure, tampering of data, or denial of service. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior 8.7).
458 CVE-2021-0467 2021-06-14 2021-06-15
0.0
None ??? ??? ??? ??? ??? ???
In Chromecast bootROM, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the bootloader, with physical USB access, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-174490700
459 CVE-2021-0324 2021-06-14 2021-06-15
0.0
None ??? ??? ??? ??? ??? ???
Product: AndroidVersions: Android SoCAndroid ID: A-175402462
460 CVE-2021-0143 2021-06-17 2021-06-17
0.0
None ??? ??? ??? ??? ??? ???
Improper permissions in the installer for the Intel(R) Brand Verification Tool before version 11.0.0.1225 may allow an authenticated user to potentially enable escalation of privilege via local access.
461 CVE-2021-0134 DoS 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Improper input validation in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access.
462 CVE-2021-0133 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Key exchange without entity authentication in the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access.
463 CVE-2021-0132 DoS 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Missing release of resource after effective lifetime in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access.
464 CVE-2021-0131 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access.
465 CVE-2021-0129 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access.
466 CVE-2021-0112 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.
467 CVE-2021-0108 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.
468 CVE-2021-0106 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable escalation of privilege via local access.
469 CVE-2021-0105 DoS 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Insecure inherited permissions in some Intel(R) ProSet/Wireless WiFi drivers may allow an authenticated user to potentially enable information disclosure and denial of service via adjacent access.
470 CVE-2021-0104 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of privilege via local access.
471 CVE-2021-0102 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.
472 CVE-2021-0098 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.
473 CVE-2021-0095 DoS 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access.
474 CVE-2021-0094 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.
475 CVE-2021-0090 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access.
476 CVE-2021-0089 2021-06-09 2021-06-17
0.0
None ??? ??? ??? ??? ??? ???
Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
477 CVE-2021-0086 2021-06-09 2021-06-17
0.0
None ??? ??? ??? ??? ??? ???
Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
478 CVE-2021-0077 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
479 CVE-2021-0074 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access.
480 CVE-2021-0073 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
481 CVE-2021-0067 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
 Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
482 CVE-2021-0058 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
483 CVE-2021-0057 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
484 CVE-2021-0056 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
485 CVE-2021-0055 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop Kit LAN Drivers before version 10.42 may allow an authenticated user to potentially enable escalation of privilege via local access.
486 CVE-2021-0054 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
487 CVE-2021-0052 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may allow an authenticated user to potentially enable an escalation of privilege via local access.
488 CVE-2021-0051 DoS 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Improper input validation in the Intel(R) SPS versions before SPS_E5_04.04.04.023.0, SPS_E5_04.04.03.228.0 or SPS_SoC-A_05.00.03.098.0 may allow a privileged user to potentially enable denial of service via local access.
489 CVE-2021-0001 2021-06-09 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access.
490 CVE-2020-36389 CSRF 2021-06-17 2021-06-17
0.0
None ??? ??? ??? ??? ??? ???
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
491 CVE-2020-36388 2021-06-17 2021-06-17
0.0
None ??? ??? ??? ??? ??? ???
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
492 CVE-2020-36387 2021-06-07 2021-06-07
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.
493 CVE-2020-36321 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Improper URL validation in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.4.1 (Vaadin 14.0.0 through 14.4.2), and 3.0 prior to 5.0 (Vaadin 15 prior to 18) allows attacker to request arbitrary files stored outside of intended frontend resources folder.
494 CVE-2020-36320 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses.
495 CVE-2020-36319 2021-04-23 2021-04-23
0.0
None ??? ??? ??? ??? ??? ???
Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController
496 CVE-2020-35542 XSS 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack.
497 CVE-2020-35373 XSS 2021-06-17 2021-06-17
0.0
None ??? ??? ??? ??? ??? ???
In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.
498 CVE-2020-29215 Exec Code XSS 2021-06-15 2021-06-15
0.0
None ??? ??? ??? ??? ??? ???
A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account.
499 CVE-2020-29214 Sql Bypass 2021-06-15 2021-06-15
0.0
None ??? ??? ??? ??? ??? ???
SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject SQL payload to bypass the authentication via admin/login.php.
500 CVE-2020-28945 XSS 2021-05-03 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, such as ![](http://onerror=Function.constructor, in a Notes item.
Total number of vulnerabilities : 799   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.