CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2021-22327 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service abnormal. Affected product versions include:HUAWEI P30 versions 10.0.0.186(C10E7R5P1), 10.0.0.186(C461E4R3P1), 10.0.0.188(C00E85R2P11), 10.0.0.188(C01E88R2P11),10.0.0.188(C605E19R1P3), 10.0.0.190(C185E4R7P1), 10.0.0.190(C431E22R2P5), 10.0.0.190(C432E22R2P5),10.0.0.190(C605E19R1P3), 10.0.0.190(C636E4R3P4), 10.0.0.192(C635E3R2P4).
1302 CVE-2021-22330 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of the input parameter, successful exploit can cause the process and the service to be abnormal.
1303 CVE-2021-22331 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious application request to launch JavaScript injection. This may compromise normal service. Affected product versions include HUAWEI P30 versions earlier than 10.1.0.165(C01E165R2P11), 11.0.0.118(C635E2R1P3), 11.0.0.120(C00E120R2P5), 11.0.0.138(C10E4R5P3), 11.0.0.138(C185E4R7P3), 11.0.0.138(C432E8R2P3), 11.0.0.138(C461E4R3P3), 11.0.0.138(C605E4R1P3), and 11.0.0.138(C636E4R3P3).
1304 CVE-2021-22332 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.
1305 CVE-2021-22393 DoS 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because of module design weakness . Attackers can exploit this vulnerability by sending a large amount of specific messages to cause denial of service. This can compromise normal service.
1306 CVE-2021-22514 Exec Code 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM.
1307 CVE-2021-22547 2021-05-04 2021-05-04
0.0
None ??? ??? ??? ??? ??? ???
In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading the Google Cloud IoT Device SDK for Embedded C used to 1.0.3 or greater.
1308 CVE-2021-22660 125 Exec Code 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
1309 CVE-2021-22669 732 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
1310 CVE-2021-23138 Exec Code Overflow 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.
1311 CVE-2021-23154 Exec Code 2022-01-10 2022-01-10
0.0
None ??? ??? ??? ??? ??? ???
In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.
1312 CVE-2021-23157 Exec Code Overflow 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.
1313 CVE-2021-23218 DoS 2022-01-10 2022-01-10
0.0
None ??? ??? ??? ??? ??? ???
When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.
1314 CVE-2021-23227 CSRF 2022-01-13 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
Cross-Site Request Forgery (CSRF) vulnerability discovered in PHP Everywhere (WordPress plugin) versions (<= 2.0.2).
1315 CVE-2021-23239 59 2021-01-12 2021-02-10
1.9
None Local Medium Not required Partial None None
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
1316 CVE-2021-23364 DoS 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
1317 CVE-2021-23514 2022-01-13 2022-01-13
0.0
None ??? ??? ??? ??? ??? ???
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch arbitrary files from the server.
1318 CVE-2021-23566 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
The package nanoid before 3.1.31 are vulnerable to Information Exposure via the valueOf() function which allows to reproduce the last id generated.
1319 CVE-2021-23567 DoS 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module. Unfortunately this appears to have been a purposeful attempt by a maintainer of colors to make the package unusable, other maintainers' controls over this package appear to have been revoked in an attempt to prevent them from fixing the issue. Vulnerable Code js for (let i = 666; i < Infinity; i++;) { Alternative Remediation Suggested * Pin dependancy to 1.4.0
1320 CVE-2021-23824 XSS 2022-01-13 2022-01-13
0.0
None ??? ??? ??? ??? ??? ???
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.
1321 CVE-2021-23882 269 2021-02-10 2021-02-12
1.9
None Local Medium Not required None Partial None
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.
1322 CVE-2021-24032 276 2021-03-04 2021-04-28
1.9
None Local Medium Not required Partial None None
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
1323 CVE-2021-24044 2022-01-15 2022-01-15
0.0
None ??? ??? ??? ??? ??? ???
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.
1324 CVE-2021-24046 2022-01-14 2022-01-14
0.0
None ??? ??? ??? ??? ??? ???
A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0.
1325 CVE-2021-24838 601 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
1326 CVE-2021-24909 79 XSS 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue
1327 CVE-2021-24948 200 +Info 2022-01-10 2022-01-10
0.0
None ??? ??? ??? ??? ??? ???
The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts
1328 CVE-2021-24949 89 Sql 2022-01-10 2022-01-10
0.0
None ??? ??? ??? ??? ??? ???
The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection
1329 CVE-2021-25005 XSS 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The SEUR Oficial WordPress plugin before 1.7.0 does not sanitize and escape some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
1330 CVE-2021-25024 79 XSS 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues
1331 CVE-2021-25025 862 CSRF 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events
1332 CVE-2021-25032 862 CSRF 2022-01-10 2022-01-10
0.0
None ??? ??? ??? ??? ??? ???
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary blog options, such as the default role and make any new registered user with an administrator role.
1333 CVE-2021-25036 287 Exec Code 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users with low-privileged accounts, like subscribers, to perform remote code execution on affected sites.
1334 CVE-2021-25037 89 Sql 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords).
1335 CVE-2021-25046 79 XSS 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The Modern Events Calendar Lite WordPress plugin before 6.2.0 alloed any logged-in user, even a subscriber user, may add a category whose parameters are incorrectly escaped in the admin panel, leading to stored XSS.
1336 CVE-2021-25047 79 XSS 2022-01-10 2022-01-10
0.0
None ??? ??? ??? ??? ??? ???
The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users
1337 CVE-2021-25061 79 XSS 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page.
1338 CVE-2021-25065 79 XSS 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The Smash Balloon Social Post Feed WordPress plugin before 4.1.1 was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.
1339 CVE-2021-25067 79 XSS 2022-01-17 2022-01-17
0.0
None ??? ??? ??? ??? ??? ???
The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.
1340 CVE-2021-25147 Bypass 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
1341 CVE-2021-25151 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
1342 CVE-2021-25153 Sql 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
1343 CVE-2021-25154 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
1344 CVE-2021-25164 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
1345 CVE-2021-25165 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
1346 CVE-2021-25227 400 Exec Code 2021-02-04 2021-02-08
1.9
None Local Medium Not required None None Partial
Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability - i.e. the attacker must already have access to the target system (either legitimately or via another exploit).
1347 CVE-2021-25284 312 2021-02-27 2022-01-03
1.9
None Local Medium Not required None Partial None
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
1348 CVE-2021-25331 200 +Info 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.
1349 CVE-2021-25332 200 +Info 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.
1350 CVE-2021-25333 200 +Info 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.
Total number of vulnerabilities : 1589   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29 30 31 32
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.