Skip to main content
CVE-2021-27859 HIGH This Week

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Authentication Bypass Ipvpn Firmware Mpvpn Firmware Warp Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-27855 HIGH This Week

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ipvpn Firmware Warp Firmware Mpvpn Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-0968 HIGH PATCH This Week

In osi_malloc and osi_calloc of allocator.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Buffer Overflow Integer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-0967 HIGH PATCH This Week

In vorbis_book_decodev_set of codebook.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google Information Disclosure Android
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-0965 HIGH PATCH This Week

In AndroidManifest.xml of Settings, there is a possible pairing of a Bluetooth device without user's consent due to a missing permission check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2021-0930 HIGH This Week

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-0918 HIGH This Week

In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Google Android
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-43877 HIGH PATCH This Week

ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Asp Net Core Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-42315 HIGH PATCH This Week

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Defender For Iot
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-42314 HIGH PATCH This Week

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Defender For Iot
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-42309 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Sharepoint Enterprise Server Sharepoint Foundation +1
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-41365 HIGH PATCH This Week

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

RCE SQLi Microsoft Defender For Iot
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-41870 HIGH This Week

An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP File Upload Remote View Pro Firmware
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-4117 MEDIUM POC PATCH This Month

yetiforcecrm is vulnerable to Business Logic Errors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-4111 MEDIUM POC PATCH This Month

yetiforcecrm is vulnerable to Business Logic Errors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Yetiforce Customer Relationship Management
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-43875 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-0933 HIGH This Week

In onCreate of CompanionDeviceActivity.java or DeviceChooserActivity.java, there is a possible way for HTML tags to interfere with a consent dialog due to improper input validation. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Java Android
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2021-43256 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Excel Rt +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-39653 HIGH This Week

In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-39651 HIGH PATCH This Week

In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-39640 HIGH PATCH This Week

In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1048 HIGH KEV PATCH THREAT This Week

In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1044 HIGH PATCH This Week

In eicOpsDecryptAes128Gcm of acropora/app/identity/identity_support.c, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1040 HIGH PATCH This Week

In onCreate of BluetoothPairingSelectionFragment.java, there is a possible EoP due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1039 HIGH PATCH This Week

In NotificationAccessActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1029 HIGH This Week

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1028 HIGH This Week

In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1027 HIGH This Week

In setTransactionState of SurfaceFlinger, there is possible arbitrary code execution in a privileged process due to improper casting. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1017 HIGH This Week

In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to disable bluetooth connection due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1004 HIGH This Week

In getConfiguredNetworks of WifiServiceImpl.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1003 HIGH This Week

In adjustStreamVolume of AudioService.java, there is a possible way for unprivileged app to change audio stream volume due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0999 HIGH PATCH This Week

In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0985 HIGH PATCH This Week

In onReceive of AlertReceiver.java, there is a possible way to dismiss system dialog due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0984 HIGH PATCH This Week

In onNullBinding of ManagedServices.java, there is a possible permission bypass due to an incorrectly unbound service. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0981 HIGH PATCH This Week

In enqueueNotificationInternal of NotificationManagerService.java, there is a possible way to run a foreground service without showing a notification due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0970 HIGH PATCH This Week

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Google Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0953 HIGH This Week

In setOnClickActivityIntent of SearchWidgetProvider.java, there is a possible way to access contacts and history bookmarks without permission due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0932 HIGH This Week

In showNotification of NavigationModeController.java, there is a possible confused deputy due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0929 HIGH This Week

In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0928 HIGH This Week

In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-0927 HIGH This Week

In requestChannelBrowsable of TvInputManagerService.java, there is a possible permission bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0926 HIGH This Week

In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user's consent due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0924 HIGH This Week

In xhci_vendor_get_ops of xhci.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Google Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0923 HIGH This Week

In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0922 HIGH This Week

In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass of INTERACT_ACROSS_PROFILES permission due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0921 HIGH This Week

In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0799 HIGH This Week

In ActivityThread.java, there is a possible way to collide the content provider's authorities. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0675 HIGH This Week

In alac decoder, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-0649 HIGH This Week

In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-43891 HIGH PATCH This Week

Visual Studio Code Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Visual Studio Code
NVD
CVSS 3.1
7.8
EPSS
11.7%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy