Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45043 | 1 Hd-network Real-time Monitoring System Project | 1 Hd-network Real-time Monitoring System | 2021-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang s_Language parameter. | |||||
| CVE-2020-10638 | 1 Advantech | 1 Webaccess | 2021-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | |||||
| CVE-2021-44524 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2021-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. | |||||
| CVE-2021-41560 | 1 Opencats | 1 Opencats | 2021-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. | |||||
| CVE-2021-43829 | 1 Patrowl | 1 Patrowlmanager | 2021-12-17 | 6.5 MEDIUM | 8.8 HIGH |
| PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.7.7 PatrowlManager unrestrictly handle upload files in the findings import feature. This vulnerability is capable of uploading dangerous type of file to server leading to XSS attacks and potentially other forms of code injection. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2021-0952 | 1 Google | 1 Android | 2021-12-17 | 4.7 MEDIUM | 5.0 MEDIUM |
| In doCropPhoto of PhotoSelectionHandler.java, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure of user's contacts with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-195748381 | |||||
| CVE-2021-0921 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697 | |||||
| CVE-2021-0963 | 1 Google | 1 Android | 2021-12-17 | 3.3 LOW | 7.1 HIGH |
| In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199754277 | |||||
| CVE-2021-0919 | 1 Google | 1 Android | 2021-12-17 | 1.9 LOW | 5.0 MEDIUM |
| In getService of IServiceManager.cpp, there is a possible unhandled exception due to an integer overflow. This could lead to local denial of service making the lockscreen unusable with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-197336441 | |||||
| CVE-2021-0964 | 1 Google | 1 Android | 2021-12-17 | 7.1 HIGH | 6.5 MEDIUM |
| In C2SoftMP3::process() of C2SoftMp3Dec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-193363621 | |||||
| CVE-2021-0922 | 1 Google | 1 Android | 2021-12-17 | 4.6 MEDIUM | 7.8 HIGH |
| In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195630721 | |||||
| CVE-2020-16155 | 1 Cpan\ | 1 \ | 2021-12-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data. | |||||
| CVE-2021-0918 | 1 Google | 1 Android | 2021-12-17 | 8.3 HIGH | 8.8 HIGH |
| In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-197536150 | |||||
| CVE-2021-0889 | 1 Google | 1 Android | 2021-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-8.1 Android-9Android ID: A-180745296 | |||||
| CVE-2021-0704 | 1 Google | 1 Android | 2021-12-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| In createNoCredentialsPermissionNotification and related functions of AccountManagerService.java, there is a possible way to retrieve accounts from the device without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-179338675 | |||||
| CVE-2021-4116 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2021-12-17 | 3.5 LOW | 5.4 MEDIUM |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-43117 | 1 Fastadmin | 1 Fastadmin | 2021-12-17 | 10.0 HIGH | 9.8 CRITICAL |
| fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. | |||||
| CVE-2021-41844 | 1 Crocoblock | 1 Jetengine | 2021-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. | |||||
| CVE-2021-44523 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2021-12-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. | |||||
| CVE-2021-41870 | 1 Socomec | 2 Remote View Pro, Remote View Pro Firmware | 2021-12-16 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files. | |||||