CVE List - 2021 / April
Showing 701 - 800 of 1817 CVEs for April 2021 (Page 8 of 19)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-0432 | 2021-04-13 | In ClearPullerCacheIfNecessary and ForceClearPullerCache of StatsPullerManager.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0431 | 2021-04-13 | In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a paired device with... |
| CVE-2021-0435 | 2021-04-13 | In avrc_proc_vendor_command of avrc_api.cc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User... |
| CVE-2021-0439 | 2021-04-13 | In setPowerModeWithHandle of com_android_server_power_PowerManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0426 | 2021-04-13 | In parsePrimaryFieldFirstUidAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0427 | 2021-04-13 | In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0442 | 2021-04-13 | In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0429 | 2021-04-13 | In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-0437 | 2021-04-13 | In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction... |
| CVE-2021-0471 | 2021-04-13 | In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-29437 | 2021-04-13 | Account compromise by man-in-the-middle attack |
| CVE-2021-0436 | 2021-04-13 | In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2021-0400 | 2021-04-13 | In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. This could lead to incorrect reporting of... |
| CVE-2021-0430 | 2021-04-13 | In rw_mfc_handle_read_op of rw_mfc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution via a malicious NFC packet... |
| CVE-2021-0444 | 2021-04-13 | In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. This could lead to local information disclosure of contact data with no additional execution privileges needed. User interaction... |
| CVE-2021-0468 | 2021-04-13 | In LK, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege for an attacker who has physical access... |
| CVE-2021-22716 | 2021-04-13 | A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could allow remote code execution when an unprivileged user modifies a file. Affected Product: C-Bus Toolkit (V1.15.9 and prior) |
| CVE-2021-22717 | 2021-04-13 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when processing... |
| CVE-2021-22718 | 2021-04-13 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring... |
| CVE-2021-22719 | 2021-04-13 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when a... |
| CVE-2021-22720 | 2021-04-13 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in C-Bus Toolkit (V1.15.7 and prior) that could allow a remote code execution when restoring... |
| CVE-2021-27598 | 2021-04-13 | SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing... |
| CVE-2021-21483 | 2021-04-13 | Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component... |
| CVE-2021-21482 | 2021-04-13 | SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user with access to the MDM Server subnet to find the password using a brute force method.... |
| CVE-2021-29438 | 2021-04-13 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs |
| CVE-2021-21492 | 2021-04-13 | SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing vulnerability when... |
| CVE-2021-27603 | 2021-04-13 | An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. An attacker... |
| CVE-2021-27602 | 2021-04-13 | SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules... |
| CVE-2021-27600 | 2021-04-13 | SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP... |
| CVE-2021-27601 | 2021-04-13 | SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this... |
| CVE-2021-27605 | 2021-04-13 | SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in... |
| CVE-2021-21485 | 2021-04-13 | An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes... |
| CVE-2021-27609 | 2021-04-13 | SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for... |
| CVE-2021-26413 | 2021-04-13 | Windows Installer Spoofing Vulnerability |
| CVE-2021-26415 | 2021-04-13 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2021-26416 | 2021-04-13 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2021-26417 | 2021-04-13 | Windows Overlay Filter Information Disclosure Vulnerability |
| CVE-2021-27064 | 2021-04-13 | Visual Studio Installer Elevation of Privilege Vulnerability |
| CVE-2021-27067 | 2021-04-13 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability |
| CVE-2021-27072 | 2021-04-13 | Win32k Elevation of Privilege Vulnerability |
| CVE-2021-27079 | 2021-04-13 | Windows Media Photo Codec Information Disclosure Vulnerability |
| CVE-2021-27086 | 2021-04-13 | Windows Services and Controller App Elevation of Privilege Vulnerability |
| CVE-2021-27088 | 2021-04-13 | Windows Event Tracing Elevation of Privilege Vulnerability |
| CVE-2021-27089 | 2021-04-13 | Microsoft Internet Messaging API Remote Code Execution Vulnerability |
| CVE-2021-27090 | 2021-04-13 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| CVE-2021-27091 | 2021-04-13 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability |
| CVE-2021-27092 | 2021-04-13 | Azure AD Web Sign-in Security Feature Bypass Vulnerability |
| CVE-2021-27093 | 2021-04-13 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2021-27094 | 2021-04-13 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability |
| CVE-2021-27095 | 2021-04-13 | Windows Media Video Decoder Remote Code Execution Vulnerability |
| CVE-2021-27096 | 2021-04-13 | NTFS Elevation of Privilege Vulnerability |
| CVE-2021-28309 | 2021-04-13 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2021-28310 | 2021-04-13 | Win32k Elevation of Privilege Vulnerability |
| CVE-2021-28311 | 2021-04-13 | Windows Application Compatibility Cache Denial of Service Vulnerability |
| CVE-2021-28312 | 2021-04-13 | Windows NTFS Denial of Service Vulnerability |
| CVE-2021-28313 | 2021-04-13 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability |
| CVE-2021-28314 | 2021-04-13 | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2021-28315 | 2021-04-13 | Windows Media Video Decoder Remote Code Execution Vulnerability |
| CVE-2021-28316 | 2021-04-13 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability |
| CVE-2021-28317 | 2021-04-13 | Microsoft Windows Codecs Library Information Disclosure Vulnerability |
| CVE-2021-28318 | 2021-04-13 | Windows GDI+ Information Disclosure Vulnerability |
| CVE-2021-28319 | 2021-04-13 | Windows TCP/IP Driver Denial of Service Vulnerability |
| CVE-2021-28320 | 2021-04-13 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability |
| CVE-2021-28321 | 2021-04-13 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability |
| CVE-2021-28322 | 2021-04-13 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability |
| CVE-2021-28323 | 2021-04-13 | Windows DNS Information Disclosure Vulnerability |
| CVE-2021-28324 | 2021-04-13 | Windows SMB Information Disclosure Vulnerability |
| CVE-2021-28325 | 2021-04-13 | Windows SMB Information Disclosure Vulnerability |
| CVE-2021-28326 | 2021-04-13 | Windows AppX Deployment Server Denial of Service Vulnerability |
| CVE-2021-28327 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28328 | 2021-04-13 | Windows DNS Information Disclosure Vulnerability |
| CVE-2021-28329 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28330 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28331 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28332 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28333 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28334 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28335 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28336 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28337 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28338 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28339 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28340 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28341 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28342 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28343 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28344 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28345 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28346 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28347 | 2021-04-13 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| CVE-2021-28348 | 2021-04-13 | Windows GDI+ Remote Code Execution Vulnerability |
| CVE-2021-28349 | 2021-04-13 | Windows GDI+ Remote Code Execution Vulnerability |
| CVE-2021-28350 | 2021-04-13 | Windows GDI+ Remote Code Execution Vulnerability |
| CVE-2021-28351 | 2021-04-13 | Windows Speech Runtime Elevation of Privilege Vulnerability |
| CVE-2021-28352 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28353 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28354 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28355 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28356 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| CVE-2021-28357 | 2021-04-13 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |