Total
165320 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0509 | 1 Google | 1 Android | 2021-06-23 | 4.4 MEDIUM | 7.0 HIGH |
| In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161 | |||||
| CVE-2021-27610 | 1 Sap | 2 Netweaver Abap, Netweaver As Abap | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | |||||
| CVE-2021-21554 | 1 Dell | 18 Poweredge Mx740c, Poweredge Mx740c Firmware, Poweredge Mx840c and 15 more | 2021-06-23 | 7.2 HIGH | 6.7 MEDIUM |
| Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. | |||||
| CVE-2021-21555 | 1 Dell | 18 Poweredge Mx740c, Poweredge Mx740c Firmware, Poweredge Mx840c and 15 more | 2021-06-23 | 7.2 HIGH | 6.7 MEDIUM |
| Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. | |||||
| CVE-2021-21999 | 2021-06-23 | N/A | N/A | ||
| VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges. | |||||
| CVE-2021-24383 | 2021-06-23 | N/A | N/A | ||
| The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue | |||||
| CVE-2021-23024 | 1 F5 | 1 Big-iq Centralized Management | 2021-06-23 | 9.0 HIGH | 7.2 HIGH |
| On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-31970 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-06-23 | 2.1 LOW | 5.5 MEDIUM |
| Windows TCP/IP Driver Security Feature Bypass Vulnerability | |||||
| CVE-2021-26420 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2021-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31963, CVE-2021-31966. | |||||
| CVE-2021-1531 | 1 Cisco | 1 Modeling Labs | 2021-06-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server. This vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected server. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web application, virl2, on the underlying operating system of the affected server. To exploit this vulnerability, the attacker must have valid user credentials on the web UI. | |||||
| CVE-2020-28872 | 1 Monitorr Project | 1 Monitorr | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials. | |||||
| CVE-2020-28871 | 1 Monitorr Project | 1 Monitorr | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | |||||
| CVE-2021-0510 | 1 Google | 1 Android | 2021-06-23 | 4.6 MEDIUM | 7.8 HIGH |
| In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622 | |||||
| CVE-2021-32556 | 1 Canonical | 1 Apport | 2021-06-23 | 2.1 LOW | 3.3 LOW |
| It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. | |||||
| CVE-2021-0511 | 1 Google | 1 Android | 2021-06-23 | 4.6 MEDIUM | 7.8 HIGH |
| In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795 | |||||
| CVE-2021-0512 | 1 Google | 1 Android | 2021-06-23 | 4.6 MEDIUM | 7.8 HIGH |
| In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel | |||||
| CVE-2021-21556 | 1 Dell | 18 Poweredge Mx740c, Poweredge Mx740c Firmware, Poweredge Mx840c and 15 more | 2021-06-23 | 7.2 HIGH | 6.7 MEDIUM |
| Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. | |||||
| CVE-2021-0513 | 1 Google | 1 Android | 2021-06-23 | 4.6 MEDIUM | 7.8 HIGH |
| In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809 | |||||
| CVE-2021-0517 | 1 Google | 1 Android | 2021-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179053823 | |||||
| CVE-2021-0516 | 1 Google | 1 Android | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448 | |||||