Total
965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28563 | 1 Magento | 1 Magento | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by an Improper Authorization vulnerability via the 'Create Customer' endpoint. Successful exploitation could lead to unauthorized modification of customer data by an unauthenticated attacker. Access to the admin console is required for successful exploitation. | |||||
| CVE-2021-28506 | 1 Arista | 1 Eos | 2024-11-21 | 9.4 HIGH | 9.1 CRITICAL |
| An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. | |||||
| CVE-2021-28501 | 1 Arista | 1 Terminattr | 2024-11-21 | 6.9 MEDIUM | 9.1 CRITICAL |
| An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. | |||||
| CVE-2021-28500 | 1 Arista | 1 Eos | 2024-11-21 | 6.9 MEDIUM | 9.1 CRITICAL |
| An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. | |||||
| CVE-2021-27772 | 1 Hcltech | 1 Sametime | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
| Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group conversations without being part of it. This could lead to information leakage where confidential information discussed in private groups is read by other users without the users knowledge. | |||||
| CVE-2021-27663 | 1 Johnsoncontrols | 2 Ac2000, Ac2000 Firmware | 2024-11-21 | 9.3 HIGH | 8.2 HIGH |
| A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Controls CEM Systems AC2000 10.1; 10.2; 10.3; 10.4; 10.5. | |||||
| CVE-2021-25973 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only. | |||||
| CVE-2021-25521 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | |||||
| CVE-2021-25507 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
| Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization. | |||||
| CVE-2021-25499 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 2.1 LOW | 7.1 HIGH |
| Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. | |||||
| CVE-2021-25460 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. | |||||
| CVE-2021-25459 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. | |||||
| CVE-2021-25433 | 1 Linux | 1 Tizen | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal. | |||||
| CVE-2021-25417 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. | |||||
| CVE-2021-25399 | 1 Samsung | 1 Smart Manager | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. | |||||
| CVE-2021-25382 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. | |||||
| CVE-2021-25381 | 2 Google, Samsung | 2 Android, Account | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2021-25374 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account. | |||||
| CVE-2021-25373 | 2 Google, Samsung | 2 Android, Customization Service | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2021-25355 | 1 Samsung | 1 Notes | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent. | |||||