Skip to main content
CVE-2021-0325 HIGH PATCH This Week

In ih264d_parse_pslice of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-20353 HIGH PATCH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

IBM XXE Websphere Application Server
NVD
CVSS 3.1
8.2
EPSS
5.2%
CVE-2021-0339 HIGH PATCH This Week

In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-0337 HIGH PATCH This Week

In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0336 HIGH PATCH This Week

In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0334 HIGH PATCH This Week

In onTargetSelected of ResolverActivity.java, there is a possible settings bypass allowing an app to become the default handler for arbitrary domains. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0332 HIGH PATCH This Week

In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0330 HIGH PATCH This Week

In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0329 HIGH PATCH This Week

In several native functions called by AdvertiseManager.java, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0328 HIGH PATCH This Week

In onBatchScanReports and deliverBatchScan of GattService.java, there is a possible way to retrieve Bluetooth scan results without permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0327 HIGH PATCH This Week

In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0305 HIGH PATCH This Week

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-0302 HIGH PATCH This Week

In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-23876 HIGH This Week

Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Total Protection
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-23874 HIGH KEV THREAT This Week

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Total Protection
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-0341 HIGH PATCH This Week

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-0326 HIGH PATCH This Week

In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Google Android +2
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2021-0333 HIGH PATCH This Week

In onCreate of BluetoothPermissionActivity.java, there is a possible permissions bypass due to a tapjacking overlay that obscures the phonebook permissions dialog when a Bluetooth device is. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-0331 HIGH PATCH This Week

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-0314 HIGH PATCH This Week

In onCreate of UninstallerActivity, there is a possible way to uninstall an all without informed user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-25251 HIGH This Week

The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program's password protection and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Trend Micro Code Injection Antivirus Security 2020 Antivirus Security 2021 +6
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-0335 MEDIUM PATCH This Month

In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Google Memory Corruption Use After Free Information Disclosure +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-23873 MEDIUM This Month

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Total Protection
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-0338 MEDIUM PATCH This Month

In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-23878 MEDIUM This Month

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.0
EPSS
0.6%
CVE-2021-23881 MEDIUM This Month

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Endpoint Security
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-23883 MEDIUM This Month

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service Endpoint Security
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-23882 MEDIUM This Month

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Endpoint Security
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-23880 MEDIUM This Month

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Endpoint Security
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-21296 LOW PATCH Monitor

Fleet is an open source osquery manager. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Privilege Escalation RCE Denial Of Service Information Disclosure Fleet
NVD GitHub
CVSS 3.1
2.7
EPSS
1.9%
CVE-2021-22133 LOW PATCH Monitor

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Apm Agent
NVD
CVSS 3.1
2.4
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy