The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2021-25416 - Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
    Published: June 11, 2021; 11:15:10 AM -0400

    V3.1: 6.5 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2021-25388 - Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.
    Published: June 11, 2021; 11:15:08 AM -0400

    V3.1: 7.1 HIGH
    V2.0: 3.6 LOW

  • CVE-2020-15383 - Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch ... read CVE-2020-15383
    Published: June 09, 2021; 11:15:08 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2020-35452 - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some partic... read CVE-2020-35452
    Published: June 10, 2021; 3:15:07 AM -0400

    V3.1: 7.3 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2021-25387 - An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
    Published: June 11, 2021; 11:15:08 AM -0400

    V3.1: 10.0 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2021-25411 - Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
    Published: June 11, 2021; 11:15:10 AM -0400

    V3.1: 4.4 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2021-25425 - Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.
    Published: June 11, 2021; 11:15:11 AM -0400

    V3.1: 5.3 MEDIUM
    V2.0: 5.0 MEDIUM

  • CVE-2021-25392 - Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
    Published: June 11, 2021; 11:15:08 AM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2021-25391 - Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
    Published: June 11, 2021; 11:15:08 AM -0400

    V3.1: 4.0 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2021-25390 - Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
    Published: June 11, 2021; 11:15:08 AM -0400

    V3.1: 4.0 MEDIUM
    V2.0: 1.9 LOW

  • CVE-2021-25418 - Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.
    Published: June 11, 2021; 11:15:10 AM -0400

    V3.1: 7.8 HIGH
    V2.0: 4.4 MEDIUM

  • CVE-2021-25395 - A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
    Published: June 11, 2021; 11:15:09 AM -0400

    V3.1: 6.4 MEDIUM
    V2.0: 4.4 MEDIUM

  • CVE-2021-25394 - A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
    Published: June 11, 2021; 11:15:08 AM -0400

    V3.1: 6.4 MEDIUM
    V2.0: 4.4 MEDIUM

  • CVE-2021-25393 - Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
    Published: June 11, 2021; 11:15:08 AM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 2.1 LOW

  • CVE-2021-25409 - Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.
    Published: June 11, 2021; 11:15:10 AM -0400

    V3.1: 2.4 LOW
    V2.0: 2.1 LOW

  • CVE-2021-25408 - A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.
    Published: June 11, 2021; 11:15:09 AM -0400

    V3.1: 7.8 HIGH
    V2.0: 4.6 MEDIUM

  • CVE-2021-25407 - A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.
    Published: June 11, 2021; 11:15:09 AM -0400

    V3.1: 7.8 HIGH
    V2.0: 4.6 MEDIUM

  • CVE-2021-25417 - Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
    Published: June 11, 2021; 11:15:10 AM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2020-23312 - There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0.
    Published: June 10, 2021; 7:15:07 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2021-25415 - Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.
    Published: June 11, 2021; 11:15:10 AM -0400

    V3.1: 5.5 MEDIUM
    V2.0: 2.1 LOW