Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44422 | 1 Opendesign | 1 Drawings Sdk | 2021-12-27 | 6.8 MEDIUM | 7.8 HIGH |
| An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2020-10204 | 1 Sonatype | 1 Nexus | 2021-12-22 | 9.0 HIGH | 7.2 HIGH |
| Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. | |||||
| CVE-2021-37863 | 1 Mattermost | 1 Mattermost Server | 2021-12-21 | 3.5 LOW | 5.7 MEDIUM |
| Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. | |||||
| CVE-2020-10289 | 1 Openrobotics | 1 Robot Operating System | 2021-12-20 | 6.5 MEDIUM | 8.8 HIGH |
| Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug. | |||||
| CVE-2021-1020 | 1 Google | 1 Android | 2021-12-17 | 4.4 MEDIUM | 7.3 HIGH |
| In snoozeNotification of NotificationListenerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195111725 | |||||
| CVE-2021-1021 | 1 Google | 1 Android | 2021-12-17 | 4.4 MEDIUM | 7.3 HIGH |
| In snoozeNotificationInt of NotificationManagerService.java, there is a possible way to disable notification for an arbitrary user due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195031703 | |||||
| CVE-2021-0921 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-195962697 | |||||
| CVE-2021-42070 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-16 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application | |||||
| CVE-2021-42068 | 1 Sap | 1 3d Visual Enterprise Viewer | 2021-12-16 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-25742 | 2 Kubernetes, Netapp | 2 Ingress-nginx, Trident | 2021-12-15 | 5.5 MEDIUM | 7.1 HIGH |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. | |||||
| CVE-2021-33059 | 1 Intel | 1 Administrative Tools For Intel Network Adapters | 2021-12-14 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-0199 | 1 Intel | 6 Ethernet Network Controller E810-cam1, Ethernet Network Controller E810-cam1 Firmware, Ethernet Network Controller E810-cam2 and 3 more | 2021-12-14 | 2.1 LOW | 4.4 MEDIUM |
| Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2021-37206 | 1 Siemens | 3 Siprotec 5 With Cpu Variant Cp050, Siprotec 5 With Cpu Variant Cp100, Siprotec 5 With Cpu Variant Cp300 | 2021-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP100 (All versions < V8.80), SIPROTEC 5 relays with CPU variants CP300 (All versions < V8.80). Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device. | |||||
| CVE-2021-33098 | 1 Intel | 4 Ethernet 500 Series Controllers Driver, Ethernet Connection X540, Ethernet Connection X550 and 1 more | 2021-12-14 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-25520 | 1 Samsung | 1 Internet | 2021-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | |||||
| CVE-2021-25510 | 1 Google | 1 Android | 2021-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. | |||||
| CVE-2021-21085 | 1 Adobe | 1 Connect | 2021-12-10 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Connect version 11.0.7 (and earlier) is affected by an Input Validation vulnerability in the export feature. An attacker could exploit this vulnerability by injecting a payload into an online event form and achieve code execution if the victim exports and opens the data on their local machine. | |||||
| CVE-2018-10930 | 4 Debian, Gluster, Opensuse and 1 more | 7 Debian Linux, Glusterfs, Leap and 4 more | 2021-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. | |||||
| CVE-2021-25512 | 1 Google | 1 Android | 2021-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2021-25517 | 1 Google | 1 Android | 2021-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution. | |||||