Total
539 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25365 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd. | ||||
| CVE-2021-23886 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-11-21 | 5.5 Medium |
| Denial of Service vulnerability in McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.100 allows a local, low privileged, attacker to cause a BSoD through suspending a process, modifying the processes memory and restarting it. This is triggered by the hdlphook driver reading invalid memory. | ||||
| CVE-2021-23859 | 1 Bosch | 9 Access Easy Controller, Access Easy Controller Firmware, Access Professional Edition and 6 more | 2024-11-21 | 9.1 Critical |
| An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local accessible lowering the CVSS base score. For a list of modified CVSS scores, please see the official Bosch Advisory Appendix chapter Modified CVSS Scores for CVE-2021-23859 | ||||
| CVE-2021-23429 | 1 Transpile Project | 1 Transpile | 2024-11-21 | 6.5 Medium |
| All versions of package transpile are vulnerable to Denial of Service (DoS) due to a lack of input sanitization or whitelisting, coupled with improper exception handling in the .to() function. | ||||
| CVE-2021-22922 | 7 Fedoraproject, Haxx, Netapp and 4 more | 25 Fedora, Curl, Cloud Backup and 22 more | 2024-11-21 | 6.5 Medium |
| When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. | ||||
| CVE-2021-22406 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 High |
| There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. | ||||
| CVE-2021-22285 | 1 Abb | 4 Pni800, Pni800 Firmware, Spiet800 and 1 more | 2024-11-21 | 7.5 High |
| Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. | ||||
| CVE-2021-21592 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 3.1 Low |
| Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remote low privileged user could potentially exploit this vulnerability, leading to unauthorized information disclosure. | ||||
| CVE-2021-21439 | 1 Otrs | 1 Otrs | 2024-11-21 | 6.5 Medium |
| DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.26 and prior versions; 8.0.x version 8.0.13 and prior versions. | ||||
| CVE-2021-20870 | 1 Konicaminolta | 174 Bizhub 224e, Bizhub 224e Firmware, Bizhub 226i and 171 more | 2024-11-21 | 4.6 Medium |
| Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out. | ||||
| CVE-2021-1894 | 1 Qualcomm | 234 Ar8031, Ar8031 Firmware, Ar8035 and 231 more | 2024-11-21 | 7.1 High |
| Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2021-1578 | 1 Cisco | 2 Application Policy Infrastructure Controller, Cloud Application Policy Infrastructure Controller | 2024-11-21 | 8.8 High |
| A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Application Policy Infrastructure Controller (Cloud APIC) could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected device. This vulnerability is due to an improper policy default setting. An attacker could exploit this vulnerability by using a non-privileged credential for Cisco ACI Multi-Site Orchestrator (MSO) to send a specific API request to a managed Cisco APIC or Cloud APIC device. A successful exploit could allow the attacker to obtain Administrator credentials on the affected device. | ||||
| CVE-2021-1495 | 2 Cisco, Snort | 22 1100-4g\/6g Integrated Services Router, 1101 Integrated Services Router, 1109 Integrated Services Router and 19 more | 2024-11-21 | 5.8 Medium |
| Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. | ||||
| CVE-2021-1356 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 4.3 Medium |
| Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. | ||||
| CVE-2021-1102 | 1 Nvidia | 1 Virtual Gpu | 2024-11-21 | 5.5 Medium |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can lead to floating point exceptions, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8). | ||||
| CVE-2021-0969 | 1 Google | 1 Android | 2024-11-21 | 6.5 Medium |
| In getTitle of AccessPoint.java, there is a possible unhandled exception due to a missing null check. This could lead to remote denial of service if a proximal Wi-Fi AP provides invalid information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-199922685 | ||||
| CVE-2021-0928 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 | ||||
| CVE-2021-0668 | 2 Google, Mediatek | 19 Android, Mt6873, Mt6875 and 16 more | 2024-11-21 | 6.7 Medium |
| In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05670521; Issue ID: ALPS05670521. | ||||
| CVE-2021-0478 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-169255797 | ||||
| CVE-2021-0299 | 1 Juniper | 1 Junos | 2024-11-21 | 7.5 High |
| An Improper Handling of Exceptional Conditions vulnerability in the processing of a transit or directly received malformed IPv6 packet in Juniper Networks Junos OS results in a kernel crash, causing the device to restart, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with IPv6 configured. Devices with only IPv4 configured are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1. | ||||