Skip to main content
CVE-2021-25408 HIGH This Week

A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-25407 HIGH This Week

A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25401 HIGH This Week

Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25400 HIGH This Week

Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22766 HIGH This Week

A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service via a specially. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Powerlogic Egx100 Firmware Powerlogic Egx300 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-34679 HIGH This Week

Thycotic Password Reset Server before 5.3.0 allows credential disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Password Reset Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-32932 HIGH This Week

The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to disclose information on the iView (versions prior to v5.7.03.6182). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-27408 HIGH This Week

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Connex Central Station Connex Device Integration Suite Network Connectivity Engine +7
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-0466 HIGH PATCH This Week

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-28213 HIGH This Week

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edk2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20591 HIGH This Week

Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R00/01/02CPU all versions, R04/08/16/32/120(EN)CPU all versions, R08/16/32/120SFCPU all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service R00Cpu Firmware R01Cpu Firmware R02Cpu Firmware R04Cpu Firmware +16
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-25417 HIGH This Week

Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-26996 HIGH This Week

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Series Santricity Os Controller
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-28801 HIGH This Week

An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Information Disclosure Qss
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-25399 HIGH This Week

Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Smart Manager
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-25388 HIGH This Week

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2021-0482 HIGH PATCH This Week

In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.0).

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2021-0476 HIGH PATCH This Week

In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).

Google Denial Of Service Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy