Search Results (Refine Search)

Search Parameters:
There are 155,532 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2021-0475

In on_l2cap_data_ind of btif_sock_l2cap.cc, there is possible memory corruption due to a use after free. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-175686168

Published: June 11, 2021; 1:15:09 PM -0400
V3.1: 8.8 HIGH
V2.0: 8.3 HIGH
CVE-2021-0474

In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-177611958

Published: June 11, 2021; 1:15:09 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2021-0473

In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208

Published: June 11, 2021; 1:15:09 PM -0400
V3.1: 8.8 HIGH
V2.0: 8.3 HIGH
CVE-2021-0472

In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-176801033

Published: June 11, 2021; 1:15:09 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2021-0466

In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734

Published: June 11, 2021; 1:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-9475

In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886

Published: June 11, 2021; 1:15:09 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2021-28213

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.

Published: June 11, 2021; 12:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-28211

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

Published: June 11, 2021; 12:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-28210

An unlimited recursion in DxeCore in EDK II.

Published: June 11, 2021; 12:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23230

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); 8.10 versions prior to 8.10.1284 (MR7); version 8.00 and prior versions.

Published: June 11, 2021; 12:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23211

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).

Published: June 11, 2021; 12:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23205

Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to alter the configuration of Controllers and other hardware items beyond their privilege. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.

Published: June 11, 2021; 12:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23204

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3).

Published: June 11, 2021; 12:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23182

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); All versions of 8.30.

Published: June 11, 2021; 12:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23140

Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros to be modified by an unauthorised Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.

Published: June 11, 2021; 12:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23136

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3); 8.30 versions prior to 8.30.1359 (MR3); 8.20 versions prior to 8.20.1259 (MR5); version 8.10 and prior versions.

Published: June 11, 2021; 12:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22915

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.

Published: June 11, 2021; 12:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22913

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.

Published: June 11, 2021; 12:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22912

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.

Published: June 11, 2021; 12:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-22906

Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users.

Published: June 11, 2021; 12:15:11 PM -0400
V3.x:(not available)
V2.0:(not available)