Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-0381 In updateNotifications of DeviceStorageMonitorService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution pr... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0382 In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional exec... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0383 In done of CaptivePortalLoginActivity.java, there is a confused deputy. This could lead to local escalation of privilege in carrier settings with no additional execution privileges needed. User intera... | 7.8 | HIGH | — | 0 |
| CVE-2021-0385 In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscre... | 7.8 | HIGH | — | 0 |
| CVE-2021-0386 In onCreate of UsbConfirmActivity, there is a possible tapjacking vector due to an insecure default value. This could lead to local escalation of privilege with User execution privileges needed. User ... | 7.8 | HIGH | — | 0 |
| CVE-2021-0387 In FindQuotaDeviceForUuid of QuotaUtils.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User ... | 6.4 | MEDIUM | — | 0 |
| CVE-2021-0388 In onReceive of ImsPhoneCallTracker.java, there is a possible misattribution of data usage due to an incorrect broadcast handler. This could lead to local escalation of privilege resulting in attribut... | 7.8 | HIGH | — | 0 |
| CVE-2021-0389 In setNightModeActivated of UiModeManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User intera... | 7.8 | HIGH | — | 0 |
| CVE-2021-0449 In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User in... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0450 In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User in... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0451 In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User in... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0452 In the Titan M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User in... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0453 In the Titan-M chip firmware, there is a possible disclosure of stack memory due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User in... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0454 In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User inte... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0455 In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User inte... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0456 In the Citadel chip firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User inte... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0457 In the FingerTipS touch screen driver, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. ... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0458 In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User ... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0459 In fts_driver_test_write of fts_proc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. U... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0460 In the FingerTipS touch screen driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User ... | 4.4 | MEDIUM | — | 0 |
| CVE-2021-0461 In iaxxx_core_sensor_change_state of iaxxx-module.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privi... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0462 In the NXP NFC firmware, there is a possible insecure firmware update due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction i... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-0463 In convertToHidl of convert.cpp, there is a possible out of bounds read due to uninitialized data from ReturnFrameworkMessage. This could lead to local information disclosure with no additional execut... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-0464 In sound_trigger_event_alloc of platform.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privile... | 7.8 | HIGH | — | 0 |
| CVE-2021-0465 In GenerateFaceMask of face.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges neede... | 7.8 | HIGH | — | 0 |
| CVE-2021-20205 Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted GIF image. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-21772 A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can... | 8.1 | HIGH | — | 0 |
| CVE-2020-19417 Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account 'maint') to perform administrative tasks by sending specially crafted HTTP requests to the applicati... | 8.8 | HIGH | — | 0 |
| CVE-2020-19419 Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | 7.5 | HIGH | — | 0 |
| CVE-2020-27632 In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. | 7.5 | HIGH | — | 0 |
| CVE-2020-35221 The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to qui... | 8.8 | HIGH | — | 0 |
| CVE-2020-35223 The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. | 8.8 | HIGH | — | 0 |
| CVE-2020-35224 A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-27919 archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any fil... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-35225 The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of servi... | 6.8 | MEDIUM | — | 0 |
| CVE-2021-3034 An information exposure through log file vulnerability exists in Cortex XSOAR software where the secrets configured for the SAML single sign-on (SSO) integration can be logged to the '/var/log/demisto... | 5.1 | MEDIUM | — | 0 |
| CVE-2020-35226 NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. | 7.1 | HIGH | — | 0 |
| CVE-2020-35227 A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitel... | 7.2 | HIGH | — | 0 |
| CVE-2020-35228 A cross-site scripting (XSS) vulnerability in the administration web panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote attackers to inject arbitrary web script or HTML via the languag... | 4.8 | MEDIUM | — | 0 |
| CVE-2020-35229 The authentication token required to execute NSDP write requests on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices is not properly invalidated and can be reused until a new token is generated, which allo... | 8.8 | HIGH | — | 0 |
| CVE-2020-35230 Multiple integer overflow parameters were found in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices. Most of the integer parameters sent through the web server can be abused... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-35231 The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the... | 8.8 | HIGH | — | 0 |
| CVE-2020-35233 The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a deni... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-28134 Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal API... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-21334 In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/conta... | 6.3 | MEDIUM | — | 0 |
| CVE-2021-21371 Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pyp... | 5.0 | MEDIUM | — | 0 |
| CVE-2020-15260 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJ... | 6.8 | MEDIUM | — | 0 |
| CVE-2021-21375 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earli... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-27918 encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, ... | 7.5 | HIGH | — | 0 |
| CVE-2020-1898 The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. Th... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.