CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7151 CVE-2021-25420 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
7152 CVE-2021-25421 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
7153 CVE-2021-25422 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
7154 CVE-2021-25423 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.
7155 CVE-2021-25431 863 2021-07-08 2021-07-12
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.
7156 CVE-2021-25432 668 2021-07-08 2021-07-12
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.
7157 CVE-2021-25433 863 2021-07-08 2021-07-14
2.1
None Local Low Not required None None Partial
Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal.
7158 CVE-2021-25439 863 2021-07-08 2021-07-12
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.
7159 CVE-2021-25444 2021-08-05 2021-08-12
2.1
None Local Low Not required Partial None None
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
7160 CVE-2021-25453 20 2021-09-09 2021-09-23
2.1
None Local Low Not required Partial None None
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
7161 CVE-2021-25457 20 2021-09-09 2021-09-22
2.1
None Local Low Not required Partial None None
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
7162 CVE-2021-25458 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
7163 CVE-2021-25459 552 2021-09-09 2021-09-22
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
7164 CVE-2021-25460 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
7165 CVE-2021-25462 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
7166 CVE-2021-25463 2021-09-09 2021-09-22
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.
7167 CVE-2021-25464 200 +Info 2021-09-09 2021-09-22
2.1
None Local Low Not required Partial None None
An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.
7168 CVE-2021-25468 20 2021-10-06 2021-10-14
2.1
None Local Low Not required Partial None None
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
7169 CVE-2021-25472 863 2021-10-06 2021-10-13
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.
7170 CVE-2021-25476 863 Bypass 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.
7171 CVE-2021-25484 287 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
7172 CVE-2021-25486 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.
7173 CVE-2021-25488 125 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
7174 CVE-2021-25491 476 Mem. Corr. 2021-10-06 2021-10-13
2.1
None Local Low Not required None None Partial
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.
7175 CVE-2021-25499 2021-10-06 2021-10-14
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.
7176 CVE-2021-25500 20 2021-11-05 2021-11-08
2.1
None Local Low Not required None Partial None
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.
7177 CVE-2021-25501 863 2021-11-05 2021-11-08
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.
7178 CVE-2021-25502 312 2021-11-05 2021-11-08
2.1
None Local Low Not required Partial None None
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
7179 CVE-2021-25504 20 2021-11-05 2021-11-08
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.
7180 CVE-2021-25506 863 DoS 2021-11-05 2021-11-09
2.1
None Local Low Not required None None Partial
Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.
7181 CVE-2021-25507 863 2021-11-05 2021-11-09
2.7
None Local Network Low ??? Partial None None
Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.
7182 CVE-2021-25513 269 2021-12-08 2021-12-10
2.1
None Local Low Not required Partial None None
An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.
7183 CVE-2021-25515 269 2021-12-08 2021-12-13
2.1
None Local Low Not required Partial None None
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.
7184 CVE-2021-25519 732 2021-12-08 2021-12-13
2.1
None Local Low Not required Partial None None
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.
7185 CVE-2021-25521 552 2021-12-08 2021-12-13
2.1
None Local Low Not required Partial None None
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.
7186 CVE-2021-25522 922 2021-12-08 2021-12-13
2.1
None Local Low Not required Partial None None
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.
7187 CVE-2021-25523 922 2021-12-08 2021-12-13
2.1
None Local Low Not required Partial None None
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
7188 CVE-2021-25524 922 2021-12-08 2021-12-13
2.1
None Local Low Not required Partial None None
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
7189 CVE-2021-25526 269 2021-12-08 2021-12-16
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.
7190 CVE-2021-25527 2021-12-08 2021-12-16
2.1
None Local Low Not required Partial None None
Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.
7191 CVE-2021-25645 312 2021-05-10 2021-05-24
2.1
None Local Low Not required Partial None None
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past.
7192 CVE-2021-25649 2021-06-24 2021-06-29
2.1
None Local Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services.
7193 CVE-2021-25652 863 2021-06-24 2021-06-30
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.
7194 CVE-2021-25674 476 2021-03-15 2021-03-18
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service.
7195 CVE-2021-25675 369 2021-03-15 2021-03-18
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service.
7196 CVE-2021-25688 532 2021-02-11 2021-02-17
2.1
None Local Low Not required Partial None None
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.
7197 CVE-2021-25692 312 2021-04-06 2021-04-19
2.1
None Local Low Not required Partial None None
Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.
7198 CVE-2021-25701 401 DoS 2021-07-21 2021-07-29
2.1
None Local Low Not required None None Partial
The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service.
7199 CVE-2021-25743 2022-01-07 2022-01-25
2.1
None Remote High ??? None Partial None
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
7200 CVE-2021-26248 708 2021-11-19 2021-11-23
2.1
None Local Low Not required Partial None None
Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.