Skip to main content
CVE-2021-26995 HIGH This Week

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow privileged attackers to execute arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE E Series Santricity Os Controller
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-33205 HIGH This Week

Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Node.js Edgerover
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-28814 HIGH This Week

An improper access control vulnerability has been reported to affect QNAP NAS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Privilege Escalation Helpdesk
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-23205 HIGH This Week

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-25391 MEDIUM POC This Month

Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2021-25390 MEDIUM POC This Month

Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2021-0498 HIGH This Week

In memory management driver, there is a possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0497 HIGH This Week

In memory management driver, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0496 HIGH This Week

In memory management driver, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0495 HIGH This Week

In memory management driver, there is a possible out of bounds write due to uninitialized data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0494 HIGH This Week

In memory management driver, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Integer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0493 HIGH PATCH This Week

In memory management driver, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0492 HIGH PATCH This Week

In memory management driver, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0491 HIGH This Week

In memory management driver, there is a possible escalation of privilege due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0490 HIGH This Week

In memory management driver, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0489 HIGH PATCH This Week

In memory management driver, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0487 HIGH PATCH This Week

In onCreate of CalendarDebugActivity.java, there is a possible way to export calendar data to the sdcard without user consent due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0485 HIGH PATCH This Week

In getMinimalSize of PipBoundsAlgorithm.java, there is a possible bypass of restrictions on background processes due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0481 HIGH PATCH This Week

In onActivityResult of EditUserPhotoController.java, there is a possible access of unauthorized files due to an unexpected URI handler. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-0477 HIGH PATCH This Week

In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0472 HIGH PATCH This Week

In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22762 HIGH This Week

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in remote code execution, when a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2021-22761 HIGH This Week

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-22760 HIGH This Week

A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-22759 HIGH This Week

A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to use of unchecked input data, when. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-22758 HIGH This Week

A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-22757 HIGH This Week

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-22756 HIGH This Week

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-22755 HIGH This Week

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or remote code execution due to lack of sanity. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-22754 HIGH This Week

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack of proper validation of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-22753 HIGH This Week

A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing length checks, when a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-22752 HIGH This Week

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing size checks, when a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-22751 HIGH This Week

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in disclosure of information or execution of arbitrary code due to lack of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-22750 HIGH This Week

A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and prior that could result in loss of data or remote code execution due to missing length checks, when a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-25418 HIGH This Week

Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Privilege Escalation Internet
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25412 HIGH This Week

An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-25408 HIGH This Week

A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-25407 HIGH This Week

A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25401 HIGH This Week

Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25400 HIGH This Week

Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22766 HIGH This Week

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Powerlogic Egx100 Firmware Powerlogic Egx300 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-34679 HIGH This Week

Thycotic Password Reset Server before 5.3.0 allows credential disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Password Reset Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-32932 HIGH This Week

The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-27408 HIGH This Week

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Connex Central Station Connex Device Integration Suite Network Connectivity Engine +7
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-0466 HIGH PATCH This Week

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-28213 HIGH This Week

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edk2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20591 HIGH This Week

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service R00Cpu Firmware R01Cpu Firmware R02Cpu Firmware R04Cpu Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-25417 HIGH This Week

Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-26996 HIGH This Week

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Series Santricity Os Controller
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-28801 HIGH This Week

An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Information Disclosure Qss
NVD
CVSS 3.1
7.5
EPSS
0.7%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy