jell.ie CVEs

Read at: 2021-06-23T10:43:47+01:00

CVE-2021-34390

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.

Source: National Vulnerability Database | 22 Jun 2021 | 11:15 pm IST

CVE-2021-34391

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.

Source: National Vulnerability Database | 22 Jun 2021 | 11:15 pm IST

CVE-2021-34396

Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.

Source: National Vulnerability Database | 22 Jun 2021 | 11:15 pm IST

CVE-2021-34392

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.

Source: National Vulnerability Database | 22 Jun 2021 | 11:15 pm IST

CVE-2021-34393

Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.

Source: National Vulnerability Database | 22 Jun 2021 | 11:15 pm IST

CVE-2021-34397

Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.

Source: National Vulnerability Database | 22 Jun 2021 | 11:15 pm IST

CVE-2021-34394

Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.

Source: National Vulnerability Database | 22 Jun 2021 | 11:15 pm IST

CVE-2021-34395

Trusty TLK contains a vulnerability in its access permission settings where it does not properly restrict access to a resource from a user with local privileges, which might lead to limited information disclosure and limited denial of service.

Source: National Vulnerability Database | 22 Jun 2021 | 11:15 pm IST

CVE-2021-34372

Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver contains a vulnerability in the NVIDIA OTE protocol message parsing code where an integer overflow in a malloc() size calculation leads to a buffer overflow on the heap, which might result in information disclosure, escalation of privileges, and denial of service.

Source: National Vulnerability Database | 22 Jun 2021 | 11:15 pm IST

CVE-2020-36394

pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.

Source: National Vulnerability Database | 22 Jun 2021 | 10:15 pm IST

CVE-2021-32701

ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that requires the scope `bar` is made before the cache has expired. Whether the token is granted or not to the `bar` scope, introspection will be valid. A patch will be released with `v0.38.12-beta.1`. Per default, caching is disabled for the `oauth2_introspection` authenticator. When caching is disabled, this vulnerability does not exist. The cache is checked in [`func (a *AuthenticatorOAuth2Introspection) Authenticate(...)`](https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L152). From [`tokenFromCache()`](https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L97) it seems that it only validates the token expiration date, but ignores whether the token has or not the proper scopes. The vulnerability was introduced in PR #424. During review, we failed to require appropriate test coverage by the submitter which is the primary reason that the vulnerability passed the review process.

Source: National Vulnerability Database | 22 Jun 2021 | 9:15 pm IST

CVE-2021-32700

Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored. The vulnerability allows an attacker to substitute or modify packages retrieved from BC thus allowing to inject malicious code into ballerina executables. This has been patched in Ballerina 1.2.14 and Ballerina SwanLake alpha4.

Source: National Vulnerability Database | 22 Jun 2021 | 9:15 pm IST

CVE-2021-32699

Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.

Source: National Vulnerability Database | 22 Jun 2021 | 9:15 pm IST

CVE-2021-22383

There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function that contains an out-of-bounds read vulnerability. An attacker can exploit this vulnerability by sending a specific message to the target device, which could cause a Denial of Service (DoS).

Source: National Vulnerability Database | 22 Jun 2021 | 8:15 pm IST

CVE-2021-22382

Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.

Source: National Vulnerability Database | 22 Jun 2021 | 8:15 pm IST

CVE-2021-22363

There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to improper resource management of the function, the vulnerability can be exploited to cause service abnormal on affected devices.

Source: National Vulnerability Database | 22 Jun 2021 | 8:15 pm IST

CVE-2021-22342

There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20.

Source: National Vulnerability Database | 22 Jun 2021 | 8:15 pm IST

CVE-2021-22377

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify specific input sufficiently. Attackers can exploit this vulnerability by sending malicious parameters to inject command. This can compromise normal service.

Source: National Vulnerability Database | 22 Jun 2021 | 8:15 pm IST

CVE-2021-22378

There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal.

Source: National Vulnerability Database | 22 Jun 2021 | 8:15 pm IST

CVE-2021-22366

There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains an out-of-bounds read vulnerability. An attacker could crafted messages between system process, successful exploit could cause Denial of Service (DoS).

Source: National Vulnerability Database | 22 Jun 2021 | 7:15 pm IST

CVE-2021-32644

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.

Source: National Vulnerability Database | 22 Jun 2021 | 7:15 pm IST

CVE-2021-22365

There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal.

Source: National Vulnerability Database | 22 Jun 2021 | 7:15 pm IST

CVE-2021-3044

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier than 1271064; Cortex XSOAR 6.2.0 builds earlier than 1271065. This issue does not impact Cortex XSOAR 5.5.0, Cortex XSOAR 6.0.0, Cortex XSOAR 6.0.1, or Cortex XSOAR 6.0.2 versions. All Cortex XSOAR instances hosted by Palo Alto Networks are upgraded to resolve this vulnerability. No additional action is required for these instances.

Source: National Vulnerability Database | 22 Jun 2021 | 7:15 pm IST

CVE-2021-22361

There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low access may launch privilege escalation in a specific scenario. This may compromise the normal service.

Source: National Vulnerability Database | 22 Jun 2021 | 7:15 pm IST

CVE-2020-18654

Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the "Title" parameter in the component "/coreframe/app/guestbook/myissue.php".

Source: National Vulnerability Database | 22 Jun 2021 | 5:15 pm IST

CVE-2020-22170

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22168

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22169

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22172

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22176

PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22175

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22174

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2021-34428

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22171

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22173

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22167

PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22166

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22165

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-22164

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-18647

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor".

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-18648

Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component "JuQingCMS_v1.0/admin/index.php?c=administrator&a=add".

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-18646

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php".

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2020-15732

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29.

Source: National Vulnerability Database | 22 Jun 2021 | 4:15 pm IST

CVE-2021-35206

Gitpod before 0.6.0 allows unvalidated redirects.

Source: National Vulnerability Database | 22 Jun 2021 | 3:15 pm IST

CVE-2021-34244

A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.

Source: National Vulnerability Database | 22 Jun 2021 | 3:15 pm IST

CVE-2021-34243

A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file.

Source: National Vulnerability Database | 22 Jun 2021 | 3:15 pm IST

CVE-2010-4264

It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.

Source: National Vulnerability Database | 22 Jun 2021 | 3:15 pm IST

CVE-2010-4266

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.

Source: National Vulnerability Database | 22 Jun 2021 | 3:15 pm IST

CVE-2010-4816

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.

Source: National Vulnerability Database | 22 Jun 2021 | 3:15 pm IST

CVE-2021-35046

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.

Source: National Vulnerability Database | 22 Jun 2021 | 3:15 pm IST

CVE-2021-35045

Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.

Source: National Vulnerability Database | 22 Jun 2021 | 3:15 pm IST

CVE-2021-0551

In bind of MediaControlPanel.java, there is a possible way to lock up the system UI using a malicious media file due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180518039

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0550

In onLoadFailed of AnnotateActivity.java, there is a possible way to gain WRITE_EXTERNAL_STORAGE permissions without user consent due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179688673

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0540

In halWrapperDataCallback of hal_wrapper.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169328517

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0539

In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-180419673

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0537

In onCreate of WiFiInstaller.java, there is a possible way to install a malicious Hotspot 2.0 configuration due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756141

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0549

In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0608

In handleAppLaunch of AppLaunchActivity.java, there is a possible arbitrary activity launch due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174870704

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0607

In iaxxx_calc_i2s_div of iaxxx-codec.c, there is a possible hardware port write with user controlled data due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-180950209

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0606

In drm_syncobj_handle_to_fd of drm_syncobj.c, there is a possible use after free due to incorrect refcounting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168034487

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0552

In getEndItemSliceAction of MediaOutputSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175124820

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0538

In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible exit of emergency callback mode due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178821491

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0536

In dropFile of WiFiInstaller, there is a way to delete files accessible to CertInstaller due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176756691

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0545

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258884

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2010-3446

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0546

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258733

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0543

In phNxpNciHal_process_ext_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258743

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0544

In phNxpNciHal_print_res_status of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169257710

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0542

In updateNotification of BeamTransferManager.java, there is a missing permission check. This could lead to local information disclosure of paired Bluetooth addresses with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712890

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0541

In phNxpNciHal_ext_process_nfc_init_rsp of phNxpNciHal_ext.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169258455

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0547

In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174151048

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0548

In rw_i93_send_to_lower of rw_i93.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650357

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0605

In pfkey_dump of af_key.c, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-110373476

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0553

In onBindViewHolder of AppSwitchPreference.java, there is a possible bypass of device admin setttings due to unclear UI. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-169936038

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2010-2525

A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system.

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2010-3300

It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2010-2804

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: National Vulnerability Database | 22 Jun 2021 | 1:15 pm IST

CVE-2021-0535

In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0571

In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0572

In doNotification of AccountManagerService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-177931355

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2010-2486

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0559

In Lag_max of p_ol_wgh.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172312730

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0568

In onReceive of DevicePolicyManagerService.java, there is a possible enabling of disabled profiles due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170121238

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0554

In isBackupServiceActive of BackupManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158482162

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0563

In ih264e_fmt_conv_422i_to_420sp of ih264e_fmt_conv.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172908358

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0565

In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174801970

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0558

In fillMainDataBuf of pvmp3_framedecoder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-173473906

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0555

In RenderStruct of protostream_objectsource.cc, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179161711

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0570

In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178803845

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0561

In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0566

In accessAudioHalPidscpp of TimeCheck.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-175894436

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0569

In onStart of ContactsDumpActivity.java, there is possible access to contacts due to a tapjacking/overlay attack. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174045870

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0557

In setRange of ABuffer.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179046129

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0534

In permission declarations of DeviceAdminReceiver.java, there is a possible lack of broadcast protection due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-170639543

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0562

In RasterIntraUpdate of motion_est.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176084648

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0567

In isRestricted of RemoteViews.java, there is a possible way to inject font files due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179461812

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0564

In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-176495665

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2021-0556

In getBlockSum of fastcodemb.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172716941

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2010-2475

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

CVE-2010-2485

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.

Source: National Vulnerability Database | 22 Jun 2021 | 12:15 pm IST

count: 100