Total
2456 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1143 | 1 Cisco | 1 Connected Mobile Experiences | 2024-11-21 | 4.3 Medium |
| A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. The vulnerability is due to a lack of authorization checks for certain API GET requests. An attacker could exploit this vulnerability by sending specific API GET requests to an affected device. A successful exploit could allow the attacker to enumerate users of the CMX system. | ||||
| CVE-2021-1086 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2024-11-21 | 7.1 High |
| NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it allows guests to control unauthorized resources, which may lead to integrity and confidentiality loss or information disclosure. This affects vGPU version 12.x (prior to 12.2), version 11.x (prior to 11.4) and version 8.x (prior to 8.7). | ||||
| CVE-2021-1054 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-11-21 | 5.5 Medium |
| NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service. | ||||
| CVE-2021-0694 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114 | ||||
| CVE-2021-0649 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. This could lead to local escalation of privilege CONTROL_ALWAYS_ON_VPN with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-191382886 | ||||
| CVE-2021-0645 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157320644 | ||||
| CVE-2021-0571 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936 | ||||
| CVE-2021-0472 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-176801033 | ||||
| CVE-2021-0382 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In checkSlicePermission of SliceManagerService.java, there is a possible resource exposure due to an incorrect permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140727941 | ||||
| CVE-2021-0376 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In checkUriPermission and related functions of MediaProvider.java, there is a possible way to access external files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-115619667 | ||||
| CVE-2021-0319 | 1 Google | 1 Android | 2024-11-21 | 7.3 High |
| In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. This could lead to local escalation of privilege that grants access to nearby MAC addresses, with User execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, Android-11; Android ID: A-167244818. | ||||
| CVE-2021-0317 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-10, Android-11, Android-8.0, Android-8.1, Android-9; Android ID: A-168319670. | ||||
| CVE-2020-9712 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 5.5 Medium |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass. | ||||
| CVE-2020-9492 | 3 Apache, Oracle, Redhat | 5 Hadoop, Solr, Financial Services Crime And Compliance Management Studio and 2 more | 2024-11-21 | 8.8 High |
| In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification. | ||||
| CVE-2020-9381 | 1 Totaljs | 1 Total.js Cms | 2024-11-21 | 7.5 High |
| controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954. | ||||
| CVE-2020-8919 | 1 Google | 1 Gerrit | 2024-11-21 | 3.5 Low |
| An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restricted access. | ||||
| CVE-2020-8806 | 1 Electriccoin | 1 Zcashd | 2024-11-21 | 7.5 High |
| Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced. | ||||
| CVE-2020-8278 | 1 Nextcloud | 1 Social | 2024-11-21 | 5.3 Medium |
| Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | ||||
| CVE-2020-8212 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 9.8 Critical |
| Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality. | ||||
| CVE-2020-8151 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Active Resource | 2024-11-21 | 7.5 High |
| There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. | ||||