Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11157 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25652 | 1 Avaya | 1 Aura Appliance Virtualization Platform | 2024-11-21 | 4.9 Medium |
| An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU. | ||||
| CVE-2021-25640 | 1 Apache | 1 Dubbo | 2024-11-21 | 6.1 Medium |
| In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | ||||
| CVE-2021-25515 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. | ||||
| CVE-2021-25432 | 2 Google, Samsung | 2 Android, Samsung Members | 2024-11-21 | 3.3 Low |
| Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. | ||||
| CVE-2021-25376 | 1 Samsung | 1 Email | 2024-11-21 | 3.1 Low |
| An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. | ||||
| CVE-2021-25364 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. | ||||
| CVE-2021-25357 | 1 Google | 1 Android | 2024-11-21 | 5.6 Medium |
| A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information. | ||||
| CVE-2021-25352 | 1 Samsung | 1 Bixby Voice | 2024-11-21 | 5.5 Medium |
| Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. | ||||
| CVE-2021-25323 | 1 Misp | 1 Misp | 2024-11-21 | 9.1 Critical |
| The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password. | ||||
| CVE-2021-25322 | 2 Opensuse, Python-hyperkitty Project | 3 Factory, Leap, Python-hyperkitty | 2024-11-21 | 6.8 Medium |
| A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1. | ||||
| CVE-2021-25321 | 2 Opensuse, Suse | 6 Factory, Leap, Arpwatch and 3 more | 2024-11-21 | 7.8 High |
| A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. | ||||
| CVE-2021-25314 | 1 Suse | 2 Hawk2, Linux Enterprise High Availability Extension | 2024-11-21 | 7.8 High |
| A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9. | ||||
| CVE-2021-25218 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2024-11-21 | 7.5 High |
| In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition. | ||||
| CVE-2021-25215 | 7 Debian, Fedoraproject, Isc and 4 more | 31 Debian Linux, Fedora, Bind and 28 more | 2024-11-21 | 7.5 High |
| In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. | ||||
| CVE-2021-25214 | 6 Debian, Fedoraproject, Isc and 3 more | 25 Debian Linux, Fedora, Bind and 22 more | 2024-11-21 | 6.5 Medium |
| In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. | ||||
| CVE-2021-25165 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 8.1 High |
| A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | ||||
| CVE-2021-25164 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.5 Medium |
| A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | ||||
| CVE-2021-25163 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 8.1 High |
| A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | ||||
| CVE-2021-25111 | 1 English Wordpress Admin Project | 1 English Wordpress Admin | 2024-11-21 | 6.1 Medium |
| The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue | ||||
| CVE-2021-25096 | 1 Ip2location | 1 Country Blocker | 2024-11-21 | 6.5 Medium |
| The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL | ||||