CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2021-25420 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
152 CVE-2021-25416 20 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
153 CVE-2021-25415 20 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.
154 CVE-2021-25413 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
155 CVE-2021-25411 20 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
156 CVE-2021-25409 863 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.
157 CVE-2021-25398 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts.
158 CVE-2021-25397 863 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
159 CVE-2021-25393 732 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
160 CVE-2021-25392 326 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
161 CVE-2021-25391 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
162 CVE-2021-25379 2021-04-09 2021-04-23
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.
163 CVE-2021-25369 863 2021-03-26 2021-03-31
2.1
None Local Low Not required Partial None None
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
164 CVE-2021-25364 200 +Info 2021-04-09 2021-04-26
2.1
None Local Low Not required Partial None None
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
165 CVE-2021-25359 276 2021-04-09 2021-04-19
2.1
None Local Low Not required Partial None None
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.
166 CVE-2021-25358 276 2021-04-09 2021-04-19
2.1
None Local Low Not required Partial None None
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.
167 CVE-2021-25357 269 2021-04-09 2021-04-20
2.1
None Local Low Not required Partial None None
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.
168 CVE-2021-25351 863 2021-03-25 2021-03-30
2.1
None Local Low Not required None Partial None
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
169 CVE-2021-25350 532 2021-03-25 2021-03-30
2.1
None Local Low Not required Partial None None
Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.
170 CVE-2021-25348 2021-03-04 2021-03-05
2.1
None Local Low Not required Partial None None
Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.
171 CVE-2021-25344 276 2021-03-04 2021-03-11
2.1
None Local Low Not required Partial None None
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.
172 CVE-2021-25343 287 DoS 2021-03-04 2021-03-11
2.1
None Local Low Not required None None Partial
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.
173 CVE-2021-25342 287 DoS 2021-03-04 2021-03-11
2.1
None Local Low Not required None None Partial
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.
174 CVE-2021-25341 287 DoS 2021-03-04 2021-03-05
2.1
None Local Low Not required None None Partial
Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.
175 CVE-2021-25340 863 2021-03-04 2021-03-11
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.
176 CVE-2021-25339 20 2021-03-04 2021-03-11
2.1
None Local Low Not required None None Partial
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.
177 CVE-2021-25317 276 2021-05-05 2021-05-27
2.1
None Local Low Not required None Partial None
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.
178 CVE-2021-25316 377 2021-04-14 2021-04-21
2.1
None Local Low Not required None None Partial
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.
179 CVE-2021-25275 798 2021-02-03 2021-02-08
2.1
None Local Low Not required Partial None None
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.
180 CVE-2021-25248 125 Exec Code +Info 2021-02-04 2021-02-05
2.1
None Local Low Not required Partial None None
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
181 CVE-2021-25226 400 Exec Code 2021-01-27 2021-02-01
2.1
None Local Low Not required None None Partial
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
182 CVE-2021-25225 400 Exec Code 2021-01-27 2021-02-01
2.1
None Local Low Not required None None Partial
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
183 CVE-2021-25224 400 Exec Code 2021-01-27 2021-02-01
2.1
None Local Low Not required None None Partial
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
184 CVE-2021-24107 2021-03-11 2021-03-17
2.1
None Local Low Not required Partial None None
Windows Event Tracing Information Disclosure Vulnerability
185 CVE-2021-24106 200 +Info 2021-02-25 2021-03-03
2.1
None Local Low Not required Partial None None
Windows DirectX Information Disclosure Vulnerability
186 CVE-2021-24100 200 +Info 2021-02-25 2021-03-04
2.6
None Remote High Not required Partial None None
Microsoft Edge for Android Information Disclosure Vulnerability
187 CVE-2021-24098 DoS 2021-02-25 2021-03-03
2.1
None Local Low Not required None None Partial
Windows Console Driver Denial of Service Vulnerability
188 CVE-2021-24079 200 +Info 2021-02-25 2021-03-04
2.1
None Local Low Not required Partial None None
Windows Backup Engine Information Disclosure Vulnerability
189 CVE-2021-24076 200 +Info 2021-02-25 2021-03-04
2.1
None Local Low Not required Partial None None
Microsoft Windows VMSwitch Information Disclosure Vulnerability
190 CVE-2021-24031 276 2021-03-04 2021-04-14
2.1
None Local Low Not required Partial None None
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
191 CVE-2021-23977 367 2021-02-26 2021-05-01
2.6
None Remote High Not required Partial None None
Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86.
192 CVE-2021-23906 20 Exec Code 2021-05-13 2021-05-25
2.1
None Local Low Not required Partial None None
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.
193 CVE-2021-23896 319 2021-06-02 2021-06-11
2.7
None Local Network Low ??? Partial None None
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.
194 CVE-2021-23884 319 2021-04-15 2021-04-21
2.7
None Local Network Low ??? Partial None None
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.
195 CVE-2021-23880 269 2021-02-10 2021-02-12
2.1
None Local Low Not required None Partial None
Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.
196 CVE-2021-23827 312 2021-02-23 2021-02-26
2.1
None Local Low Not required Partial None None
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.
197 CVE-2021-23331 2021-02-03 2021-02-08
2.1
None Local Low Not required Partial None None
This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version.
198 CVE-2021-23135 668 2021-05-12 2021-06-01
2.1
None Local Low Not required Partial None None
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.
199 CVE-2021-23021 732 2021-06-01 2021-06-11
2.1
None Local Low Not required Partial None None
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.
200 CVE-2021-23020 330 2021-06-01 2021-06-11
2.1
None Local Low Not required Partial None None
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
Total number of vulnerabilities : 4561   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.