High
CVE-2021-20157
It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden administrative command.
Read moreUncategorized 2021
Page 1/26.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2021-12-30
2021-12-29
High
CVE-2021-43876
Microsoft SharePoint Elevation of Privilege Vulnerability
Read more2021-12-28
High
CVE-2020-22061
SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140.
Read moreCritical
CVE-2020-22057
The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensi…
Read moreHigh
CVE-2018-17875
A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.
Read more2021-12-27
High
CVE-2021-45896
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
Read moreHigh
CVE-2021-23244
ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same…
Read moreHigh
CVE-2021-21751
ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high…
Read moreHigh
CVE-2021-45338
Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus…
Read moreHigh
CVE-2021-45337
Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.…
Read moreHigh
CVE-2021-45336
Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead…
Read moreCritical
CVE-2021-45705
An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer.
Read moreHigh
CVE-2021-45700
An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.
Read moreCritical
CVE-2021-45698
An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher…
Read moreCritical
CVE-2021-45697
An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result.
Read moreCritical
CVE-2021-45695
An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass.
Read moreHigh
CVE-2019-25055
An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary.
Read more2021-12-26
High
CVE-2021-45679
Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80.
Read moreCritical
CVE-2021-45678
NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code.
Read moreHigh
CVE-2021-45645
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122, SRK60 before 2.7.0.122, SRR60 before 2.7.0.122, SRS60 before 2.7.0.122, SXK…
Read moreMedium
CVE-2021-45644
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R623…
Read moreHigh
CVE-2021-45643
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, and XR1000 before 1.0.0.58.
Read moreHigh
CVE-2021-45642
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS5…
Read moreMedium
CVE-2021-45641
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 b…
Read moreLow
CVE-2021-45640
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 b…
Read moreMedium
CVE-2021-45519
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service.
Read moreMedium
CVE-2021-45518
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service.
Read moreMedium
CVE-2021-45517
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service.
Read moreMedium
CVE-2021-45516
Certain NETGEAR devices are affected by denial of service. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R8000 before 1.0.4.74, RBK852…
Read moreMedium
CVE-2021-45515
Certain NETGEAR devices are affected by denial of service. This affects EX7500 before 1.0.0.72, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, RBRE960 before 6.0.3.68, RBSE960 before 6.0.3.68, RBR750 b…
Read moreMedium
CVE-2021-45511
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08…
Read moreHigh
CVE-2021-45510
NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass.
Read moreCritical
CVE-2021-45509
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12,…
Read moreCritical
CVE-2021-45508
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RB…
Read moreCritical
CVE-2021-45507
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before 2.6.2.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS75…
Read moreCritical
CVE-2021-45506
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12,…
Read moreCritical
CVE-2021-45505
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12,…
Read moreCritical
CVE-2021-45504
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.
Read moreCritical
CVE-2021-45503
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12,…
Read moreCritical
CVE-2021-45502
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12,…
Read moreCritical
CVE-2021-45501
Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120…
Read moreCritical
CVE-2021-45500
Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68.
Read moreHigh
CVE-2021-45499
Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, R…
Read moreMedium
CVE-2021-45498
NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass.
Read moreCritical
CVE-2021-45497
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.
Read moreCritical
CVE-2021-45496
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.
Read moreMedium
CVE-2021-45495
NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass.
Read moreHigh
CVE-2021-45494
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.
Read more2021-12-24
Medium
CVE-2021-45471
In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.
Read more2021-12-23
Medium
CVE-2021-30767
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3.…
Read moreCritical
CVE-2021-27007
NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote D…
Read moreMedium
CVE-2021-27006
StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings…
Read moreMedium
CVE-2020-3896
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application…
Read moreCritical
CVE-2019-8703
This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.
Read moreCritical
CVE-2019-8643
CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..
Read moreLow
CVE-2017-2375
An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history ar…
Read moreMedium
CVE-2017-13910
An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files.
Read moreHigh
CVE-2017-13908
An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capita…
Read moreMedium
CVE-2017-13907
A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The…
Read moreHigh
CVE-2017-13892
An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Si…
Read moreHigh
CVE-2017-13880
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege.
Read moreCritical
CVE-2021-44526
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.
Read moreHigh
CVE-2021-45463
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of…
Read moreMedium
CVE-2021-4054
Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Read moreMedium
CVE-2021-38022
Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Read moreMedium
CVE-2021-38021
Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Read moreMedium
CVE-2021-38020
Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Read moreMedium
CVE-2021-38018
Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
Read moreMedium
CVE-2021-38010
Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML p…
Read more2021-12-22
Critical
CVE-2021-45461
FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 20…
Read moreCritical
CVE-2021-40612
An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution witho…
Read moreMedium
CVE-2021-40836
A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A…
Read more2021-12-21
Medium
CVE-2021-38900
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access con…
Read moreMedium
CVE-2021-45289
A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL.
Read moreHigh
CVE-2021-44877
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management,…
Read moreMedium
CVE-2021-45091
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.
Read moreCritical
CVE-2021-45090
Stormshield Endpoint Security before 2.1.2 allows remote code execution.
Read moreMedium
CVE-2021-45089
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.
Read more2021-12-20
High
CVE-2021-22057
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to ob…
Read more2021-12-17
High
CVE-2021-32497
SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further…
Read moreHigh
CVE-2021-20608
Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Wo…
Read moreHigh
CVE-2020-8968
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confid…
Read moreCritical
CVE-2020-18078
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.
Read moreMedium
CVE-2021-44035
Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files.
Read moreMedium
CVE-2021-45042
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions t…
Read more2021-12-16
High
CVE-2020-35214
An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.
Read moreHigh
CVE-2020-35211
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext.
Read moreHigh
CVE-2020-35209
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.
Read moreMedium
CVE-2021-40835
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be…
Read moreHigh
CVE-2021-45101
An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemo…
Read moreHigh
CVE-2021-45099
The addon.stdin service in addon-ssh (aka Home Assistant Community Add-on: SSH & Web Terminal) before 10.0.0 has an attack surface that requires social engineering. NOTE: the vendor does not agree th…
Read moreHigh
CVE-2021-45098
An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. Af…
Read moreCritical
CVE-2021-45092
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter.
Read more2021-12-15
Medium
CVE-2021-29847
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtai…
Read moreCritical
CVE-2021-27856
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe s…
Read moreCritical
CVE-2021-39655
Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A
Read moreHigh
CVE-2021-39653
In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding…
Read moreHigh
CVE-2021-39646
Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A
Read moreCritical
CVE-2021-39645
Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A
Read moreCritical
CVE-2021-39644
Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A
Read moreCritical
CVE-2021-39641
Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A
Read moreHigh
CVE-2021-1045
Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A
Read moreMedium
CVE-2021-1043
In TBD of TBD, there is a possible downgrade attack due to under utilized anti-rollback protections. This could lead to local information disclosure with no additional execution privileges needed. Us…
Read moreMedium
CVE-2021-1024
In onEventReceived of EventResultPersister.java, there is a possible intent redirection due to a confused deputy. This could lead to local escalation of privilege with System execution privileges nee…
Read moreHigh
CVE-2021-1019
In snoozeNotification of NotificationListenerService.java, there is a possible permission confusion due to a misleading user consent dialog. This could lead to local escalation of privilege with User…
Read moreMedium
CVE-2021-1008
In addSubInfo of SubscriptionController.java, there is a possible way to force the user to make a factory reset due to a logic error in the code. This could lead to local denial of service with Syste…
Read moreMedium
CVE-2021-0993
In getOffsetBeforeAfter of TextLine.java, there is a possible denial of service due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed.…
Read moreHigh
CVE-2021-0981
In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. This could lead…
Read moreMedium
CVE-2021-0958
In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. This could lead to local denial of service with User execution privileges needed.…
Read moreMedium
CVE-2021-0952
In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional exe…
Read moreHigh
CVE-2021-0932
In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. This could lead to local escalation of privilege that allows actions performe…
Read moreMedium
CVE-2021-0931
In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution…
Read moreCritical
CVE-2021-0889
In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User inte…
Read moreHigh
CVE-2021-0799
In ActivityThread.java, there is a possible way to collide the content provider's authorities. This could lead to local escalation of privilege with no additional execution privileges needed. User in…
Read moreHigh
CVE-2021-0769
In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requirements due to unclear UI. This could lead to local escalation of privilege with no additional exec…
Read moreHigh
CVE-2021-0434
In onReceive of BluetoothPermissionRequest.java, there is a possible phishing attack allowing a malicious Bluetooth device to acquire permissions based on insufficient information presented to the us…
Read moreMedium
CVE-2021-4117
yetiforcecrm is vulnerable to Business Logic Errors
Read moreHigh
CVE-2021-44657
In StackStorm versions prior to 3.6.0, the jinja interpreter was not run in sandbox mode and thus allows execution of unsafe system commands. Jinja does not enable sandboxed mode by default due to ba…
Read moreMedium
CVE-2021-43908
Visual Studio Code Spoofing Vulnerability
Read moreCritical
CVE-2021-43907
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
Read more