Total
1057 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41166 | 1 Nextcloud | 1 Nextcloud | 2024-08-04 | 4.3 Medium |
| The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may view image thumbnails for images it does not have permission to view. Version 3.17.1 contains a patch. There are no known workarounds. | ||||
| CVE-2021-40904 | 1 Checkmk | 1 Checkmk | 2024-08-04 | 8.8 High |
| The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator. | ||||
| CVE-2021-40414 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-08-04 | 7.1 High |
| An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The SetMdAlarm API sets the movement detection parameters, giving the ability to set the sensitivity of the camera per a range of hours, and which of the camera spaces to ignore when considering movement detection. Because in cgi_check_ability the SetMdAlarm API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to change the movement detection parameters. | ||||
| CVE-2021-40389 | 1 Advantech | 1 Deviceon\/iedge | 2024-08-04 | 8.8 High |
| A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1.0.2. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-40415 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-08-04 | 6.5 Medium |
| An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. In cgi_check_ability the Format API does not have a specific case, the user permission will default to 7. This will give non-administrative users the possibility to format the SD card and reboot the device. | ||||
| CVE-2021-40397 | 1 Advantech | 1 Wise-paas\/ota | 2024-08-04 | 7.8 High |
| A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.0.9. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-40413 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-08-04 | 7.1 High |
| An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-40416 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-08-04 | 8.8 High |
| An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. All the Get APIs that are not included in cgi_check_ability are already executable by any logged-in users. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-40396 | 1 Advantech | 1 Deviceon\/iservice | 2024-08-04 | 8.8 High |
| A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-40388 | 1 Advantech | 1 Sq Manager | 2024-08-04 | 8.8 High |
| A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-40053 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-04 | 9.1 Critical |
| There is a permission control vulnerability in the Nearby module.Successful exploitation of this vulnerability will affect availability and integrity. | ||||
| CVE-2021-40059 | 1 Huawei | 2 Emui, Magic Ui | 2024-08-04 | 6.5 Medium |
| There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2021-40049 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-04 | 7.5 High |
| There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization. | ||||
| CVE-2021-39967 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-04 | 7.5 High |
| There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast permission settings in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-40004 | 1 Huawei | 1 Harmonyos | 2024-08-04 | 7.5 High |
| The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-39886 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 2.6 Low |
| Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7 allowing users to read confidential Epic references. | ||||
| CVE-2021-39794 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329 | ||||
| CVE-2021-39769 | 1 Google | 1 Android | 2024-08-04 | 5.5 Medium |
| In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193663287 | ||||
| CVE-2021-39770 | 1 Google | 1 Android | 2024-08-04 | 5.5 Medium |
| In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-193033501 | ||||
| CVE-2021-39779 | 1 Google | 1 Android | 2024-08-04 | 5.5 Medium |
| In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-190400974 | ||||