CVE List - 2021 / June
Showing 701 - 800 of 1691 CVEs for June 2021 (Page 8 of 17)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-25682 | 2021-06-11 | apport improperly parses /proc/pid/status |
| CVE-2021-25683 | 2021-06-11 | apport improperly parses /proc/pid/stat |
| CVE-2021-25684 | 2021-06-11 | apport can be stalled by reading a FIFO |
| CVE-2021-24035 | 2021-06-11 | A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files. |
| CVE-2021-28801 | 2021-06-11 | Out-of-Bounds Read Vulnerability in QSS |
| CVE-2021-28805 | 2021-06-11 | Inclusion of Sensitive Information in QSS |
| CVE-2021-28814 | 2021-06-11 | Improper Access Control Vulnerability in Helpdesk |
| CVE-2021-26829 | 2021-06-11 | OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. |
| CVE-2021-26828 | 2021-06-11 | OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. |
| CVE-2021-3013 | 2021-06-11 | ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag. |
| CVE-2021-34540 | 2021-06-11 | Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. |
| CVE-2021-33205 | 2021-06-11 | Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is... |
| CVE-2021-26997 | 2021-06-11 | E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information via error messaging... |
| CVE-2021-26996 | 2021-06-11 | E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system configuration and application... |
| CVE-2021-26995 | 2021-06-11 | E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary code. |
| CVE-2021-26993 | 2021-06-11 | E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial of... |
| CVE-2020-5003 | 2021-06-11 | IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information... |
| CVE-2021-20396 | 2021-06-11 | IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM... |
| CVE-2021-29754 | 2021-06-11 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vulnerability when using the SAML Web Inbound Trust Association Interceptor (TAI). IBM X-Force ID: 202006. |
| CVE-2021-25407 | 2021-06-11 | A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. |
| CVE-2021-25408 | 2021-06-11 | A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. |
| CVE-2021-25409 | 2021-06-11 | Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. |
| CVE-2021-25410 | 2021-06-11 | Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. |
| CVE-2021-25411 | 2021-06-11 | Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. |
| CVE-2021-25412 | 2021-06-11 | An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications. |
| CVE-2021-25413 | 2021-06-11 | Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. |
| CVE-2021-25414 | 2021-06-11 | Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. |
| CVE-2021-25415 | 2021-06-11 | Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. |
| CVE-2021-25416 | 2021-06-11 | Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. |
| CVE-2021-25417 | 2021-06-11 | Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. |
| CVE-2021-25418 | 2021-06-11 | Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. |
| CVE-2021-25419 | 2021-06-11 | Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. |
| CVE-2021-25420 | 2021-06-11 | Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. |
| CVE-2021-25421 | 2021-06-11 | Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. |
| CVE-2021-25422 | 2021-06-11 | Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. |
| CVE-2021-25423 | 2021-06-11 | Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. |
| CVE-2021-25424 | 2021-06-11 | Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. |
| CVE-2021-25425 | 2021-06-11 | Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. |
| CVE-2021-25383 | 2021-06-11 | An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. |
| CVE-2021-25384 | 2021-06-11 | An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. |
| CVE-2021-25385 | 2021-06-11 | An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. |
| CVE-2021-25386 | 2021-06-11 | An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. |
| CVE-2021-25387 | 2021-06-11 | An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process. |
| CVE-2021-25388 | 2021-06-11 | Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. |
| CVE-2021-25389 | 2021-06-11 | Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. |
| CVE-2021-25390 | 2021-06-11 | Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. |
| CVE-2021-25391 | 2021-06-11 | Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. |
| CVE-2021-25392 | 2021-06-11 | Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. |
| CVE-2021-25393 | 2021-06-11 | Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. |
| CVE-2021-25396 | 2021-06-11 | An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. |
| CVE-2021-25397 | 2021-06-11 | An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. |
| CVE-2021-25398 | 2021-06-11 | Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. |
| CVE-2021-25394 | 2021-06-11 | A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. |
| CVE-2021-25395 | 2021-06-11 | A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. |
| CVE-2021-25399 | 2021-06-11 | Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. |
| CVE-2021-25400 | 2021-06-11 | Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. |
| CVE-2021-25401 | 2021-06-11 | Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. |
| CVE-2021-25402 | 2021-06-11 | Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. |
| CVE-2021-25403 | 2021-06-11 | Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider... |
| CVE-2021-25404 | 2021-06-11 | Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. |
| CVE-2021-25405 | 2021-06-11 | An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. |
| CVE-2021-25406 | 2021-06-11 | Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. |
| CVE-2021-28689 | 2021-06-11 | x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386... |
| CVE-2021-28687 | 2021-06-11 | HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions.... |
| CVE-2020-13663 | 2021-06-11 | Cross Site Request Forgery vulnerability in Drupal Core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities. |
| CVE-2020-13688 | 2021-06-11 | Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects:... |
| CVE-2021-28210 | 2021-06-11 | An unlimited recursion in DxeCore in EDK II. |
| CVE-2021-28211 | 2021-06-11 | A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. |
| CVE-2021-28213 | 2021-06-11 | Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. |
| CVE-2021-22175 | 2021-06-11 | When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated... |
| CVE-2021-22749 | 2021-06-11 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU... |
| CVE-2021-22750 | 2021-06-11 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a... |
| CVE-2021-22751 | 2021-06-11 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of input validation,... |
| CVE-2021-22752 | 2021-06-11 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a... |
| CVE-2021-22753 | 2021-06-11 | A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a... |
| CVE-2021-22754 | 2021-06-11 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of... |
| CVE-2021-22755 | 2021-06-11 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on... |
| CVE-2021-22756 | 2021-06-11 | A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of user-supplied data validation,... |
| CVE-2021-22757 | 2021-06-11 | A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity checks on... |
| CVE-2021-22758 | 2021-06-11 | A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of... |
| CVE-2021-22759 | 2021-06-11 | A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input... |
| CVE-2021-22760 | 2021-06-11 | A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing... |
| CVE-2021-22761 | 2021-06-11 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote... |
| CVE-2021-22762 | 2021-06-11 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a malicious CGF... |
| CVE-2021-22763 | 2021-06-11 | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could allow... |
| CVE-2021-22764 | 2021-06-11 | A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could cause loss of connectivity to the... |
| CVE-2021-22765 | 2021-06-11 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via... |
| CVE-2021-22766 | 2021-06-11 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially crafted HTTP... |
| CVE-2021-22767 | 2021-06-11 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via... |
| CVE-2021-22768 | 2021-06-11 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via... |
| CVE-2021-22769 | 2021-06-11 | A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an... |
| CVE-2021-22181 | 2021-06-11 | A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. |
| CVE-2021-23136 | 2021-06-11 | Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to... |
| CVE-2021-23140 | 2021-06-11 | Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior... |
| CVE-2021-23182 | 2021-06-11 | Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command... |
| CVE-2021-23204 | 2021-06-11 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command... |
| CVE-2021-23205 | 2021-06-11 | Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects:... |
| CVE-2021-23211 | 2021-06-11 | Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command... |
| CVE-2021-23230 | 2021-06-11 | A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command... |
| CVE-2021-22898 | 2021-06-11 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due... |