Total
11767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25436 | 1 Linux | 1 Tizen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol. | |||||
| CVE-2021-25435 | 1 Linux | 1 Tizen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode. | |||||
| CVE-2021-25434 | 1 Linux | 1 Tizen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode. | |||||
| CVE-2021-25428 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. | |||||
| CVE-2021-25416 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. | |||||
| CVE-2021-25415 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. | |||||
| CVE-2021-25414 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. | |||||
| CVE-2021-25413 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. | |||||
| CVE-2021-25411 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. | |||||
| CVE-2021-25410 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. | |||||
| CVE-2021-25401 | 1 Samsung | 1 Health | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. | |||||
| CVE-2021-25378 | 1 Samsung | 1 Smartthings | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. | |||||
| CVE-2021-25356 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.1 HIGH |
| An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. | |||||
| CVE-2021-25339 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | |||||
| CVE-2021-25338 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | |||||
| CVE-2021-25334 | 1 Google | 1 Android | 2024-11-21 | 4.7 MEDIUM | 5.5 MEDIUM |
| Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. | |||||
| CVE-2021-24894 | 1 Implecode | 1 Reviews Plus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page | |||||
| CVE-2021-24893 | 1 Stars Rating Project | 1 Stars Rating | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated. | |||||
| CVE-2021-23906 | 1 Mercedes-benz | 8 A 220, A 220 4matic, E 350 and 5 more | 2024-11-21 | 2.1 LOW | 1.8 LOW |
| An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. A Message Length is not checked in the HiQnet Protocol, leading to remote code execution. | |||||
| CVE-2021-23862 | 1 Bosch | 8 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 5 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000). | |||||