Total
690 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32619 | 1 Deno | 1 Deno | 2024-08-03 | 9.8 Critical |
| Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through `import()` or `new Worker` might have been able to bypass network and file system permission checks when statically importing other modules. The vulnerability has been patched in Deno release 1.10.2. | ||||
| CVE-2021-32620 | 1 Xwiki | 1 Xwiki | 2024-08-03 | 8.8 High |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his registration. The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. It is possible to workaround the issue by resetting the `validkey` property of the disabled XWiki users. This can be done by editing the user profile with object editor. | ||||
| CVE-2021-26118 | 3 Apache, Netapp, Redhat | 3 Activemq Artemis, Oncommand Workflow Automation, Amq Broker | 2024-08-03 | 7.5 High |
| While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. | ||||
| CVE-2021-25973 | 1 Publify Project | 1 Publify | 2024-08-03 | 6.5 Medium |
| In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only. | ||||
| CVE-2021-25521 | 1 Samsung | 1 Internet | 2024-08-03 | 4 Medium |
| Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | ||||
| CVE-2021-25507 | 1 Samsung | 1 Samsung Flow | 2024-08-03 | 5.7 Medium |
| Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization. | ||||
| CVE-2021-25460 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. | ||||
| CVE-2021-25399 | 1 Samsung | 1 Smart Manager | 2024-08-03 | 7.1 High |
| Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. | ||||
| CVE-2021-25459 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. | ||||
| CVE-2021-25381 | 2 Google, Samsung | 2 Android, Account | 2024-08-03 | 5.5 Medium |
| Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||||
| CVE-2021-25433 | 1 Linux | 1 Tizen | 2024-08-03 | 5.5 Medium |
| Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal. | ||||
| CVE-2021-25354 | 1 Samsung | 1 Internet | 2024-08-03 | 3.3 Low |
| Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. | ||||
| CVE-2021-25374 | 2 Google, Samsung | 2 Android, Members | 2024-08-03 | 8.6 High |
| An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account. | ||||
| CVE-2021-25499 | 1 Samsung | 1 Galaxy Store | 2024-08-03 | 7.1 High |
| Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. | ||||
| CVE-2021-25417 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
| Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. | ||||
| CVE-2021-25373 | 2 Google, Samsung | 2 Android, Customization Service | 2024-08-03 | 5.5 Medium |
| Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||||
| CVE-2021-25352 | 1 Samsung | 1 Bixby Voice | 2024-08-03 | 5.5 Medium |
| Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. | ||||
| CVE-2021-25382 | 1 Google | 1 Android | 2024-08-03 | 6.1 Medium |
| An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. | ||||
| CVE-2021-25351 | 2 Google, Samsung | 2 Android, Account | 2024-08-03 | 3.2 Low |
| Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. | ||||
| CVE-2021-25353 | 1 Samsung | 1 Galaxy Themes | 2024-08-03 | 5.5 Medium |
| Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent. | ||||