Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2021-1738 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a malicio... | 7.8 | HIGH | — | 0 |
| CVE-2021-1741 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4... | 7.8 | HIGH | — | 0 |
| CVE-2021-1742 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadO... | 7.8 | HIGH | — | 0 |
| CVE-2021-1743 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4... | 7.8 | HIGH | — | 0 |
| CVE-2021-1744 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14... | 7.8 | HIGH | — | 0 |
| CVE-2021-1746 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadO... | 7.8 | HIGH | — | 0 |
| CVE-2021-1747 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14... | 7.8 | HIGH | — | 0 |
| CVE-2021-1748 A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary j... | 8.8 | HIGH | — | 0 |
| CVE-2021-1750 Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and ... | 7.8 | HIGH | — | 0 |
| CVE-2021-1751 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Mounting a maliciously crafte... | 7.8 | HIGH | — | 0 |
| CVE-2021-1754 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadO... | 7.8 | HIGH | — | 0 |
| CVE-2021-1755 A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access t... | 2.4 | LOW | — | 0 |
| CVE-2021-25362 An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. | 6.8 | MEDIUM | — | 0 |
| CVE-2021-25363 An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. | 6.8 | MEDIUM | — | 0 |
| CVE-2021-25364 A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. | 4.0 | MEDIUM | — | 0 |
| CVE-2021-25365 An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd. | 5.9 | MEDIUM | — | 0 |
| CVE-2021-25373 Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local at... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-25380 Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user. | 5.8 | MEDIUM | — | 0 |
| CVE-2021-25374 An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote... | 8.6 | HIGH | — | 0 |
| CVE-2021-25375 Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment. | 6.5 | MEDIUM | — | 0 |
| CVE-2021-25376 An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. | 3.1 | LOW | — | 0 |
| CVE-2021-25377 Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. | 3.3 | LOW | — | 0 |
| CVE-2021-25378 Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service. | 4.3 | MEDIUM | — | 0 |
| CVE-2021-25379 Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. | 4.0 | MEDIUM | — | 0 |
| CVE-2021-28475 Visual Studio Code Remote Code Execution Vulnerability | 7.8 | HIGH | — | 0 |
| CVE-2021-25381 Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without ... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-21194 Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-21195 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-21196 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-21197 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2021-21198 Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 7.4 | HIGH | — | 0 |
| CVE-2021-21199 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML pag... | 8.8 | HIGH | — | 0 |
| CVE-2021-30480 Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or... | 8.5 | HIGH | — | 0 |
| CVE-2021-20020 A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-30485 An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference whi... | 6.5 | MEDIUM | — | 0 |
| CVE-2015-20001 In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range p... | 7.5 | HIGH | — | 0 |
| CVE-2020-36317 In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could resu... | 7.5 | HIGH | — | 0 |
| CVE-2020-36318 In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or doubl... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-28875 In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow. | 7.5 | HIGH | — | 0 |
| CVE-2021-28876 In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panic... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-28877 In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due... | 7.5 | HIGH | — | 0 |
| CVE-2021-28878 In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used... | 7.5 | HIGH | — | 0 |
| CVE-2021-28879 In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is us... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-29379 An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payloa... | 8.8 | HIGH | — | 0 |
| CVE-2020-24285 INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. | 7.5 | HIGH | — | 0 |
| CVE-2021-23371 This affects the package chrono-node before 2.2.4. It hangs on a date-like string with lots of embedded spaces. | 7.5 | HIGH | — | 0 |
| CVE-2020-28872 An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials. | 9.8 | CRITICAL | — | 0 |
| CVE-2021-23368 The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | 5.3 | MEDIUM | — | 0 |
| CVE-2021-23369 The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. | 5.6 | MEDIUM | — | 0 |
| CVE-2021-23370 This affects the package swiper before 6.5.1. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.