CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2021-25344 276 2021-03-04 2021-03-11
2.1
None Local Low Not required Partial None None
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.
152 CVE-2021-25343 287 DoS 2021-03-04 2021-03-11
2.1
None Local Low Not required None None Partial
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.
153 CVE-2021-25342 287 DoS 2021-03-04 2021-03-11
2.1
None Local Low Not required None None Partial
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.
154 CVE-2021-25341 287 DoS 2021-03-04 2021-03-05
2.1
None Local Low Not required None None Partial
Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.
155 CVE-2021-25340 863 2021-03-04 2021-03-11
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.
156 CVE-2021-25339 20 2021-03-04 2021-03-11
2.1
None Local Low Not required None None Partial
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.
157 CVE-2021-25317 276 2021-05-05 2021-05-27
2.1
None Local Low Not required None Partial None
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.
158 CVE-2021-25316 377 2021-04-14 2021-04-21
2.1
None Local Low Not required None None Partial
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterprise Server 15-SP2 s390-tools versions prior to 2.11.0-9.20.1.
159 CVE-2021-25275 798 2021-02-03 2021-02-08
2.1
None Local Low Not required Partial None None
SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backend, and stores database credentials to access this backend in a file readable by unprivileged users. As a result, any user having access to the filesystem can read database login details from that file, including the login name and its associated password. Then, the credentials can be used to get database owner access to the SWNetPerfMon.DB database. This gives access to the data collected by SolarWinds applications, and leads to admin access to the applications by inserting or changing authentication data stored in the Accounts table of the database.
160 CVE-2021-25248 125 Exec Code +Info 2021-02-04 2021-02-05
2.1
None Local Low Not required Partial None None
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
161 CVE-2021-25226 400 Exec Code 2021-01-27 2021-02-01
2.1
None Local Low Not required None None Partial
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
162 CVE-2021-25225 400 Exec Code 2021-01-27 2021-02-01
2.1
None Local Low Not required None None Partial
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
163 CVE-2021-25224 400 Exec Code 2021-01-27 2021-02-01
2.1
None Local Low Not required None None Partial
A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
164 CVE-2021-24107 2021-03-11 2021-03-17
2.1
None Local Low Not required Partial None None
Windows Event Tracing Information Disclosure Vulnerability
165 CVE-2021-24106 200 +Info 2021-02-25 2021-03-03
2.1
None Local Low Not required Partial None None
Windows DirectX Information Disclosure Vulnerability
166 CVE-2021-24100 200 +Info 2021-02-25 2021-03-04
2.6
None Remote High Not required Partial None None
Microsoft Edge for Android Information Disclosure Vulnerability
167 CVE-2021-24098 DoS 2021-02-25 2021-03-03
2.1
None Local Low Not required None None Partial
Windows Console Driver Denial of Service Vulnerability
168 CVE-2021-24079 200 +Info 2021-02-25 2021-03-04
2.1
None Local Low Not required Partial None None
Windows Backup Engine Information Disclosure Vulnerability
169 CVE-2021-24076 200 +Info 2021-02-25 2021-03-04
2.1
None Local Low Not required Partial None None
Microsoft Windows VMSwitch Information Disclosure Vulnerability
170 CVE-2021-24031 276 2021-03-04 2021-04-14
2.1
None Local Low Not required Partial None None
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties.
171 CVE-2021-23977 367 2021-02-26 2021-05-01
2.6
None Remote High Not required Partial None None
Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious application to read sensitive data from application directories. Note: This issue is only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 86.
172 CVE-2021-23906 20 Exec Code 2021-05-13 2021-05-25
2.1
None Local Low Not required Partial None None
An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution.
173 CVE-2021-23896 319 2021-06-02 2021-06-11
2.7
None Local Network Low ??? Partial None None
Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted password of the McAfee Insights Server used to pass data to the Insights Server. This user is restricted to only have access to DBSec data in the Insights Server.
174 CVE-2021-23884 319 2021-04-15 2021-04-21
2.7
None Local Network Low ??? Partial None None
Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter (CSR) prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway (MWG) or the password of the McAfee Web Gateway Cloud Server (MWGCS) read only user used to retrieve log files for analysis in CSR.
175 CVE-2021-23880 269 2021-02-10 2021-02-12
2.1
None Local Low Not required None Partial None
Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of the anti-malware engine via the running of a specific command with the correct parameters.
176 CVE-2021-23827 312 2021-02-23 2021-02-26
2.1
None Local Low Not required Partial None None
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.
177 CVE-2021-23331 2021-02-03 2021-02-08
2.1
None Local Low Not required Partial None None
This affects all versions of package com.squareup:connect. The method prepareDownloadFilecreates creates a temporary file with the permissions bits of -rw-r--r-- on unix-like systems. On unix-like systems, the system temporary directory is shared between users. As such, the contents of the file downloaded by downloadFileFromResponse will be visible to all other users on the local system. A workaround fix for this issue is to set the system property java.io.tmpdir to a safe directory as remediation. Note: This version of the SDK is end of life and no longer maintained, please upgrade to the latest version.
178 CVE-2021-23135 668 2021-05-12 2021-06-01
2.1
None Local Low Not required Partial None None
Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.
179 CVE-2021-23021 732 2021-06-01 2021-06-11
2.1
None Local Low Not required Partial None None
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.
180 CVE-2021-23020 330 2021-06-01 2021-06-11
2.1
None Local Low Not required Partial None None
The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.
181 CVE-2021-23002 2021-03-31 2021-04-05
2.7
None Local Network Low ??? Partial None None
When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
182 CVE-2021-22887 2021-03-16 2021-03-22
2.1
None Local Low Not required None Partial None
A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device.
183 CVE-2021-22747 754 2021-05-26 2021-06-07
2.1
None Local Low Not required None None Partial
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22746.
184 CVE-2021-22746 754 2021-05-26 2021-06-07
2.1
None Local Low Not required None None Partial
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22745, and CVE-2021-22747.
185 CVE-2021-22745 754 2021-05-26 2021-06-07
2.1
None Local Low Not required None None Partial
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22744, CVE-2021-22746, and CVE-2021-22747.
186 CVE-2021-22744 754 2021-05-26 2021-06-07
2.1
None Local Low Not required None None Partial
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique from CVE-2021-22742, CVE-2021-22745, CVE-2021-22746, and CVE-2021-22747.
187 CVE-2021-22743 754 2021-05-26 2021-06-07
2.1
None Local Low Not required None None Partial
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position.
188 CVE-2021-22742 754 2021-05-26 2021-06-07
2.1
None Local Low Not required None None Partial
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position.
189 CVE-2021-22364 DoS 2021-05-27 2021-06-08
2.1
None Local Low Not required None None Partial
There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E136R7P2) of HUAWEI Mate 30 (5G) . A module does not verify certain parameters sufficiently and it leads to some exceptions. Successful exploit could cause a denial of service condition.
190 CVE-2021-22310 532 +Info 2021-03-22 2021-03-26
2.1
None Local Low Not required Partial None None
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.
191 CVE-2021-22308 +Info 2021-06-03 2021-06-10
2.1
None Local Low Not required Partial None None
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage.
192 CVE-2021-22307 2021-02-06 2021-02-10
2.1
None Local Low Not required None Partial None
There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module.
193 CVE-2021-22306 125 2021-02-06 2021-02-10
2.1
None Local Low Not required None None Partial
There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service.
194 CVE-2021-22305 120 Overflow 2021-02-06 2021-02-10
2.1
None Local Low Not required None None Partial
There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service.
195 CVE-2021-22304 416 2021-02-06 2021-02-10
2.1
None Local Low Not required None None Partial
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.
196 CVE-2021-22294 Bypass 2021-03-02 2021-03-09
2.1
None Local Low Not required None None Partial
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.
197 CVE-2021-22194 312 2021-03-26 2021-03-30
2.1
None Local Low Not required Partial None None
In all versions of GitLab starting from 13.7, marshalled session keys were being stored in Redis.
198 CVE-2021-22184 200 +Info 2021-03-26 2021-03-30
2.1
None Local Low Not required Partial None None
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
199 CVE-2021-22152 20 DoS 2021-05-13 2021-05-21
2.1
None Local Low Not required None None Partial
A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.
200 CVE-2021-22133 532 +Info 2021-02-10 2021-02-16
2.7
None Local Network Low ??? Partial None None
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.