Skip to main content
CVE-2021-3118 CRITICAL POC Act Now

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Ecs Imaging
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2020-23630 HIGH POC This Week

A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zzcms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-3116 HIGH POC PATCH This Week

before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts incorrect Proxy-Authorization header data because of a boolean confusion (and versus or). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Proxy Py
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-0316 CRITICAL PATCH Act Now

In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2021-3121 HIGH PATCH This Week

An issue was discovered in GoGo Protobuf before 1.3.2. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Protobuf HashiCorp Consul
NVD GitHub
CVSS 3.1
8.6
EPSS
3.5%
CVE-2018-8726 HIGH This Week

K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Antivrius Enterprise Security Total Security +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-8725 HIGH This Week

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Antivrius Enterprise Security Total Security +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2018-9333 HIGH This Week

K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Antivrius Enterprise Security Total Security +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-8044 HIGH This Week

K7Computing Pvt Ltd K7Antivirus Premium 15.1.0.53 is affected by: Incorrect Access Control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Antivrius Enterprise Security Total Security Ultimate Security
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2018-9332 HIGH This Week

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Incorrect Access Control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Antivrius Enterprise Security Total Security Ultimate Security
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2018-8724 HIGH This Week

K7Computing Pvt Ltd K7AntiVirus Premium 15.1.0.53 is affected by: Incorrect Access Control. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Antivrius Enterprise Security Total Security Ultimate Security
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0318 HIGH This Week

In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0317 HIGH PATCH This Week

In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Java Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0310 HIGH This Week

In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0307 HIGH This Week

In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0306 HIGH This Week

In addAllPermissions of PermissionManagerService.java, there is a possible permissions bypass when upgrading major Android versions which allows an app to gain the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0313 HIGH PATCH This Week

In isWordBreakAfter of LayoutUtils.cpp, there is a possible way to slow or crash a TextView due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-21241 HIGH PATCH This Week

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Python Flask Security Too
NVD GitHub
CVSS 3.1
7.4
EPSS
0.9%
CVE-2021-0319 HIGH PATCH This Week

In checkCallerIsSystemOr of CompanionDeviceManagerService.java, there is a possible way to get a nearby Bluetooth device's MAC address without appropriate permissions due to a permissions bypass. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-0315 HIGH PATCH This Week

In onCreate of GrantCredentialsPermissionActivity.java, there is a possible way to convince the user to grant an app access to an account due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-0303 HIGH This Week

In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Google Denial Of Service Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2021-0308 MEDIUM This Month

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-0301 MEDIUM This Month

In ged, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0342 MEDIUM PATCH This Month

In tun_get_user of tun.c, there is possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0312 MEDIUM This Month

In WAVSource::read of WAVExtractor.cpp, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-0311 MEDIUM This Month

In ElementaryStreamQueue::dequeueAccessUnitH264() of ESQueue.cpp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-0321 MEDIUM PATCH This Month

In enforceDumpPermissionForPackage of ActivityManagerService.java, there is a possible way to determine if a package is installed due to side channel information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0309 MEDIUM This Month

In onCreate of grantCredentialsPermissionActivity, there is a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0304 MEDIUM This Month

In several functions of GlobalScreenshot.java, there is a possible permission bypass due to an unsafe PendingIntent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-23253 MEDIUM This Month

Opera Mini for Android below 53.1 displays URL left-aligned in the address field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Opera Mini
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-0322 MEDIUM PATCH This Month

In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2021-0320 MEDIUM PATCH This Month

In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. Rated medium severity (CVSS 4.7).

Google Information Disclosure Race Condition Android
NVD
CVSS 3.1
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy