CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2021-26103 CSRF 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An insufficient verification of data authenticity vulnerability (CWE-345) in the user interface of FortiProxy verison 2.0.3 and below, 1.2.11 and below and FortiGate verison 7.0.0, 6.4.6 and below, 6.2.9 and below of SSL VPN portal may allow a remote, unauthenticated attacker to conduct a cross-site request forgery (CSRF) attack . Only SSL VPN in web mode or full mode are impacted by this vulnerability.
252 CVE-2021-25987 79 +Priv XSS 2021-11-30 2021-11-30
1.9
None Local Medium Not required None Partial None
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code.
253 CVE-2021-25927 DoS Exec Code 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
254 CVE-2021-25898 2021-04-23 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server.
255 CVE-2021-25839 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.
256 CVE-2021-25812 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.
257 CVE-2021-25811 DoS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device will not be able to access the webserver unless the listen_http_lan parameter to uhttpd.json is manually fixed.
258 CVE-2021-25810 XSS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.
259 CVE-2021-25755 862 2021-02-03 2021-04-02
1.9
None Local Medium Not required Partial None None
In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic.
260 CVE-2021-25527 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.
261 CVE-2021-25526 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.
262 CVE-2021-25525 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.
263 CVE-2021-25524 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
264 CVE-2021-25523 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
265 CVE-2021-25522 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.
266 CVE-2021-25521 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.
267 CVE-2021-25520 Exec Code 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.
268 CVE-2021-25519 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.
269 CVE-2021-25518 Exec Code 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.
270 CVE-2021-25517 Exec Code 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution.
271 CVE-2021-25516 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.
272 CVE-2021-25515 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.
273 CVE-2021-25514 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.
274 CVE-2021-25513 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.
275 CVE-2021-25512 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.
276 CVE-2021-25511 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.
277 CVE-2021-25510 Exec Code 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.
278 CVE-2021-25390 2021-06-11 2021-06-16
1.9
None Local Medium Not required Partial None None
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
279 CVE-2021-25335 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.
280 CVE-2021-25333 200 +Info 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.
281 CVE-2021-25332 200 +Info 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.
282 CVE-2021-25331 200 +Info 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.
283 CVE-2021-25284 312 2021-02-27 2021-11-23
1.9
None Local Medium Not required None Partial None
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
284 CVE-2021-25227 400 Exec Code 2021-02-04 2021-02-08
1.9
None Local Medium Not required None None Partial
Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability - i.e. the attacker must already have access to the target system (either legitimately or via another exploit).
285 CVE-2021-25165 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
286 CVE-2021-25164 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
287 CVE-2021-25154 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote escalation of privilege vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
288 CVE-2021-25153 Sql 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
289 CVE-2021-25151 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
290 CVE-2021-25147 Bypass 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
291 CVE-2021-24032 276 2021-03-04 2021-04-28
1.9
None Local Medium Not required Partial None None
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.
292 CVE-2021-23882 269 2021-02-10 2021-02-12
1.9
None Local Medium Not required None Partial None
Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by placing carefully crafted files where ENS will be installed. This is only applicable to clean installations of ENS as the Access Control rules will prevent modification prior to up an upgrade.
293 CVE-2021-23862 Exec Code 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).
294 CVE-2021-23861 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
295 CVE-2021-23860 XSS 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.
296 CVE-2021-23859 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859
297 CVE-2021-23364 DoS 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
298 CVE-2021-23239 59 2021-01-12 2021-02-10
1.9
None Local Medium Not required Partial None None
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
299 CVE-2021-22669 732 2021-04-26 2021-04-26
0.0
None ??? ??? ??? ??? ??? ???
Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal of WebAccess/SCADA Versions 9.0.1 and prior, which may allow a low-privileged user to update an administrator’s password and login as an administrator to escalate privileges on the system.
300 CVE-2021-22660 125 Exec Code 2021-04-27 2021-04-27
0.0
None ??? ??? ??? ??? ??? ???
CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
Total number of vulnerabilities : 1738   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.