NVD

NVD Release of CVMAP

CVSS Version 3.1 Official Support!

New NVD CVE/CPE API and Legacy SOAP Service Retirement!

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2021-25416 - Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
Published: June 11, 2021; 11:15:10 AM -0400

V3.1: 6.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-25388 - Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.
Published: June 11, 2021; 11:15:08 AM -0400

V3.1: 7.1 HIGH
V2.0: 3.6 LOW
CVE-2020-15383 - Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch ... read CVE-2020-15383
Published: June 09, 2021; 11:15:08 AM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-35452 - Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some partic... read CVE-2020-35452
Published: June 10, 2021; 3:15:07 AM -0400

V3.1: 7.3 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-25387 - An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
Published: June 11, 2021; 11:15:08 AM -0400

V3.1: 10.0 CRITICAL
V2.0: 7.5 HIGH
CVE-2021-25411 - Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
Published: June 11, 2021; 11:15:10 AM -0400

V3.1: 4.4 MEDIUM
V2.0: 2.1 LOW
CVE-2021-25425 - Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.
Published: June 11, 2021; 11:15:11 AM -0400

V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-25392 - Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
Published: June 11, 2021; 11:15:08 AM -0400

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-25391 - Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
Published: June 11, 2021; 11:15:08 AM -0400

V3.1: 4.0 MEDIUM
V2.0: 2.1 LOW
CVE-2021-25390 - Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
Published: June 11, 2021; 11:15:08 AM -0400

V3.1: 4.0 MEDIUM
V2.0: 1.9 LOW
CVE-2021-25418 - Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.
Published: June 11, 2021; 11:15:10 AM -0400

V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-25395 - A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
Published: June 11, 2021; 11:15:09 AM -0400

V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2021-25394 - A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
Published: June 11, 2021; 11:15:08 AM -0400

V3.1: 6.4 MEDIUM
V2.0: 4.4 MEDIUM
CVE-2021-25393 - Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
Published: June 11, 2021; 11:15:08 AM -0400

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-25409 - Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.
Published: June 11, 2021; 11:15:10 AM -0400

V3.1: 2.4 LOW
V2.0: 2.1 LOW
CVE-2021-25408 - A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.
Published: June 11, 2021; 11:15:09 AM -0400

V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-25407 - A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.
Published: June 11, 2021; 11:15:09 AM -0400

V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-25417 - Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
Published: June 11, 2021; 11:15:10 AM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-23312 - There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0.
Published: June 10, 2021; 7:15:07 PM -0400

V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-25415 - Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.
Published: June 11, 2021; 11:15:10 AM -0400

V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database