Total
3371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25484 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. | |||||
| CVE-2021-25466 | 1 Samsung | 1 Internet | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. | |||||
| CVE-2021-25451 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. | |||||
| CVE-2021-25445 | 1 Samsung | 1 Internet | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. | |||||
| CVE-2021-25442 | 1 Samsung | 1 Knox Cloud Services | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication. | |||||
| CVE-2021-25430 | 1 Google | 1 Android | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | |||||
| CVE-2021-25424 | 1 Samsung | 18 Galaxy Watch, Galaxy Watch 3, Galaxy Watch 3 Firmware and 15 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. | |||||
| CVE-2021-25389 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 2.3 LOW |
| Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. | |||||
| CVE-2021-25368 | 1 Samsung | 1 Cloud | 2024-11-21 | 5.0 MEDIUM | 3.3 LOW |
| Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. | |||||
| CVE-2021-25343 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
| CVE-2021-25342 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
| CVE-2021-25341 | 1 Samsung | 1 S Assistant | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
| CVE-2021-25315 | 3 Opensuse, Saltstack, Suse | 3 Tumbleweed, Salt, Suse Linux Enterprise Server | 2024-11-21 | 4.6 MEDIUM | 9.8 CRITICAL |
| CWE - CWE-287: Improper Authentication vulnerability in SUSE Linux Enterprise Server 15 SP 3; openSUSE Tumbleweed allows local attackers to execute arbitrary code via salt without the need to specify valid credentials. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. This issue affects: SUSE Linux Enterprise Server 15 SP 3 salt versions prior to 3002.2-3. openSUSE Tumbleweed salt version 3002.2-2.1 and prior versions. | |||||
| CVE-2021-25281 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master. | |||||
| CVE-2021-25147 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2021-24647 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username | |||||
| CVE-2021-24527 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The User Registration & User Profile – Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example. | |||||
| CVE-2021-24359 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover. | |||||
| CVE-2021-24175 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active. | |||||
| CVE-2021-24148 | 1 Inspireui | 1 Mstore Api | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. | |||||