Total
3024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43030 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an uninitialized pointer vulnerability that allows remote attackers to disclose arbitrary data on affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of MP4 files. The issue results from the lack of proper initialization of memory prior to accessing it. | |||||
| CVE-2022-22272 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | |||||
| CVE-2021-22033 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations, Vrealize Suite Lifecycle Manager | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
| Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. | |||||
| CVE-2020-4951 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | |||||
| CVE-2021-44186 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file. | |||||
| CVE-2021-25457 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. | |||||
| CVE-2021-44187 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file. | |||||
| CVE-2021-29846 | 1 Ibm | 1 Security Guardium Insights | 2023-12-10 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256. | |||||
| CVE-2021-37176 | 1 Siemens | 1 Simcenter Femap | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-14260) | |||||
| CVE-2021-25524 | 1 Samsung | 1 Contacts | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
| CVE-2020-4803 | 1 Ibm | 1 Edge Application Manager | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| IBM Edge 4.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 189535. | |||||
| CVE-2021-39220 | 1 Nextcloud | 1 Mail | 2023-12-10 | 3.5 LOW | 3.5 LOW |
| Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended that the Nextcloud Mail application is upgraded to 1.10.4 or 1.11.0. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-22799 | 1 Schneider-electric | 1 Software Update | 2023-12-10 | 2.1 LOW | 3.8 LOW |
| A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1 | |||||
| CVE-2021-38440 | 1 Fatek | 1 Winproladder | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information. | |||||
| CVE-2021-25519 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. | |||||
| CVE-2021-45059 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2017-2375 | 1 Apple | 1 Iphone Os | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud. | |||||
| CVE-2021-1032 | 1 Google | 1 Android | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| In getMimeGroup of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184745603 | |||||
| CVE-2021-34916 | 1 Bentley | 2 Bentley View, Microstation | 2023-12-10 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14894. | |||||
| CVE-2021-45486 | 2 Linux, Oracle | 4 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more | 2023-12-10 | 2.7 LOW | 3.5 LOW |
| In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. | |||||