Total
10389 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39771 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198661951 | |||||
| CVE-2021-39764 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Settings, there is a possible way to display an incorrect app name due to improper input validation. This could lead to local escalation of privilege via app spoofing with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-170642995 | |||||
| CVE-2021-39763 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In Settings, there is a possible way to make the user enable WiFi due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-199176115 | |||||
| CVE-2021-39740 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-209965112 | |||||
| CVE-2021-39701 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849 | |||||
| CVE-2021-39676 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-197228210 | |||||
| CVE-2021-39220 | 1 Nextcloud | 1 Mail | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-39186 | 1 Miraheze | 1 Globalnewfiles | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior to commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d, the username column of the GlobalNewFiles special page is vulnerable to a stored XSS. Commit number cee254e1b158cdb0ddbea716b1d3edc31fa4fb5d contains a patch. As a workaround, one may disallow <,> (or other characters required to insert html/js) from being used in account names so an XSS is not possible. | |||||
| CVE-2021-38985 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | |||||
| CVE-2021-38973 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | |||||
| CVE-2021-38972 | 1 Ibm | 2 Security Guardium Key Lifecycle Manager, Security Key Lifecycle Manager | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | |||||
| CVE-2021-38957 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. | |||||
| CVE-2021-38910 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. | |||||
| CVE-2021-38485 | 1 Emerson | 6 Wireless 1410 Gateway, Wireless 1410 Gateway Firmware, Wireless 1410d Gateway and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
| The affected product is vulnerable to improper input validation in the restore file. This enables an attacker to provide malicious config files to replace any file on disk. | |||||
| CVE-2021-38455 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 4.0 MEDIUM | 7.3 HIGH |
| The affected product’s OS Service does not verify any given parameter. A user can supply any type of parameter that will be passed to inner calls without checking the type of the parameter or the value. | |||||
| CVE-2021-38304 | 1 Ni | 1 Ni-pal | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-38182 | 1 Kyma-project | 1 Kyma | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. | |||||
| CVE-2021-38015 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2021-37996 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. | |||||
| CVE-2021-37914 | 1 Argo-workflows Project | 1 Argo-workflows | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated. | |||||