Export limit exceeded: 347901 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39692 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539 | ||||
| CVE-2021-39691 | 1 Google | 1 Android | 2024-11-21 | 7.3 High |
| In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241 | ||||
| CVE-2021-39690 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204316511 | ||||
| CVE-2021-39688 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206039140References: N/A | ||||
| CVE-2021-39687 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204421047References: N/A | ||||
| CVE-2021-39685 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel | ||||
| CVE-2021-39677 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 | ||||
| CVE-2021-39669 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-196969991 | ||||
| CVE-2021-39666 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255 | ||||
| CVE-2021-39664 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029 | ||||
| CVE-2021-39657 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel | ||||
| CVE-2021-39637 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-193579873References: N/A | ||||
| CVE-2021-39633 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel | ||||
| CVE-2021-39602 | 1 Miniftpd Project | 1 Miniftpd | 2024-11-21 | 6.5 Medium |
| A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file, which could let a remote malicious user cause a Denial of Service. | ||||
| CVE-2021-39537 | 2 Apple, Gnu | 3 Mac Os X, Macos, Ncurses | 2024-11-21 | 8.8 High |
| An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. | ||||
| CVE-2021-39367 | 1 Canon | 1 Oce Print Exec Workgroup | 2024-11-21 | 5.3 Medium |
| Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection. | ||||
| CVE-2021-39257 | 3 Debian, Redhat, Tuxera | 4 Debian Linux, Advanced Virtualization, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. | ||||
| CVE-2021-39247 | 1 Zint | 1 Barcode Generator | 2024-11-21 | 6.5 Medium |
| Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, related to is_last_single_ascii in code1.c, and rs_encode_uint in reedsol.c. | ||||
| CVE-2021-39238 | 1 Hp | 3 Futuresmart 3, Futuresmart 4, Futuresmart 5 | 2024-11-21 | 9.8 Critical |
| Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed products may be vulnerable to potential buffer overflow. | ||||
| CVE-2021-39227 | 1 Baidu | 1 Zrender | 2024-11-21 | 6.2 Medium |
| ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts. | ||||