Vulnerabilities (CVE)

Total 165320 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-0509 1 Google 1 Android 2021-06-23 4.4 MEDIUM 7.0 HIGH
In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444161
CVE-2021-27610 1 Sap 2 Netweaver Abap, Netweaver As Abap 2021-06-23 7.5 HIGH 9.8 CRITICAL
SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system.
CVE-2021-21554 1 Dell 18 Poweredge Mx740c, Poweredge Mx740c Firmware, Poweredge Mx840c and 15 more 2021-06-23 7.2 HIGH 6.7 MEDIUM
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
CVE-2021-21555 1 Dell 18 Poweredge Mx740c, Poweredge Mx740c Firmware, Poweredge Mx840c and 15 more 2021-06-23 7.2 HIGH 6.7 MEDIUM
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
CVE-2021-21999 2021-06-23 N/A N/A
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.
CVE-2021-24383 2021-06-23 N/A N/A
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue
CVE-2021-23024 1 F5 1 Big-iq Centralized Management 2021-06-23 9.0 HIGH 7.2 HIGH
On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2021-31970 1 Microsoft 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more 2021-06-23 2.1 LOW 5.5 MEDIUM
Windows TCP/IP Driver Security Feature Bypass Vulnerability
CVE-2021-26420 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2021-06-23 6.5 MEDIUM 8.8 HIGH
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31963, CVE-2021-31966.
CVE-2021-1531 1 Cisco 1 Modeling Labs 2021-06-23 9.0 HIGH 8.8 HIGH
A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server. This vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected server. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web application, virl2, on the underlying operating system of the affected server. To exploit this vulnerability, the attacker must have valid user credentials on the web UI.
CVE-2020-28872 1 Monitorr Project 1 Monitorr 2021-06-23 7.5 HIGH 9.8 CRITICAL
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials.
CVE-2020-28871 1 Monitorr Project 1 Monitorr 2021-06-23 7.5 HIGH 9.8 CRITICAL
Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.
CVE-2021-0510 1 Google 1 Android 2021-06-23 4.6 MEDIUM 7.8 HIGH
In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-176444622
CVE-2021-32556 1 Canonical 1 Apport 2021-06-23 2.1 LOW 3.3 LOW
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
CVE-2021-0511 1 Google 1 Android 2021-06-23 4.6 MEDIUM 7.8 HIGH
In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-178055795
CVE-2021-0512 1 Google 1 Android 2021-06-23 4.6 MEDIUM 7.8 HIGH
In __hidinput_change_resolution_multipliers of hid-input.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173843328References: Upstream kernel
CVE-2021-21556 1 Dell 18 Poweredge Mx740c, Poweredge Mx740c Firmware, Poweredge Mx840c and 15 more 2021-06-23 7.2 HIGH 6.7 MEDIUM
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a stack-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
CVE-2021-0513 1 Google 1 Android 2021-06-23 4.6 MEDIUM 7.8 HIGH
In deleteNotificationChannel and related functions of NotificationManagerService.java, there is a possible permission bypass due to improper state validation. This could lead to local escalation of privilege via hidden services with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-156090809
CVE-2021-0517 1 Google 1 Android 2021-06-23 5.0 MEDIUM 7.5 HIGH
In updateCapabilities of ConnectivityService.java, there is a possible incorrect network state determination due to a logic error in the code. This could lead to biasing of networking tasks to occur on non-VPN networks, which could lead to remote information disclosure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179053823
CVE-2021-0516 1 Google 1 Android 2021-06-23 7.5 HIGH 9.8 CRITICAL
In p2p_process_prov_disc_req of p2p_pd.c, there is a possible out of bounds read and write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-181660448