Total
2003 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25651 | 1 Avaya | 1 Aura Utility Services | 2024-08-03 | 8 High |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services | ||||
| CVE-2021-25650 | 1 Avaya | 1 Aura Utility Services | 2024-08-03 | 7.7 High |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | ||||
| CVE-2021-25515 | 1 Google | 1 Android | 2024-08-03 | 4 Medium |
| An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. | ||||
| CVE-2021-25513 | 1 Google | 1 Android | 2024-08-03 | 2.4 Low |
| An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. | ||||
| CVE-2021-25508 | 1 Samsung | 1 Smartthings | 2024-08-03 | 5.3 Medium |
| Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. | ||||
| CVE-2021-25362 | 1 Google | 1 Android | 2024-08-03 | 6.8 Medium |
| An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. | ||||
| CVE-2021-25418 | 1 Samsung | 1 Internet | 2024-08-03 | 7.8 High |
| Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | ||||
| CVE-2021-25502 | 1 Google | 1 Android | 2024-08-03 | 7.9 High |
| A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. | ||||
| CVE-2021-25442 | 1 Samsung | 1 Knox Cloud Services | 2024-08-03 | 7.5 High |
| Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication. | ||||
| CVE-2021-25377 | 2 Google, Samsung | 2 Android, Experience Service | 2024-08-03 | 3.3 Low |
| Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. | ||||
| CVE-2021-25365 | 1 Google | 1 Android | 2024-08-03 | 5.9 Medium |
| An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd. | ||||
| CVE-2021-25428 | 1 Google | 1 Android | 2024-08-03 | 7.8 High |
| Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. | ||||
| CVE-2021-25429 | 1 Google | 1 Android | 2024-08-03 | 4.3 Medium |
| Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | ||||
| CVE-2021-25336 | 1 Google | 1 Android | 2024-08-03 | 2.8 Low |
| Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent. | ||||
| CVE-2021-25363 | 1 Google | 1 Android | 2024-08-03 | 6.8 Medium |
| An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. | ||||
| CVE-2021-25337 | 1 Google | 1 Android | 2024-08-03 | 4.4 Medium |
| Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. | ||||
| CVE-2021-24602 | 1 Hmplugin | 1 Hm Multiple Roles | 2024-08-03 | 8.8 High |
| The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page | ||||
| CVE-2021-24289 | 1 De-baat | 1 Store Locator Plus | 2024-08-03 | 8.8 High |
| There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin. | ||||
| CVE-2021-24207 | 1 Themeum | 1 Wp Page Builder | 2024-08-03 | 4.3 Medium |
| By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. | ||||
| CVE-2021-24158 | 1 Themeisle | 1 Orbit Fox | 2024-08-03 | 6.5 Medium |
| Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration. | ||||