SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application.
| CVE ID | Name | Status | References |
|---|---|---|---|
| CVE-2021-46899 | SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application. |
Assigned (20231209) | MISC:https://github.com/canton7/SyncTrayzor/issues/666 | MISC:https://github.com/canton7/SyncTrayzor/releases |
| CVE-2021-46898 | views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. |
Assigned (20231022) | MISC:https://github.com/sehmaschine/django-grappelli/commit/4ca94bcda0fa2720594506853d85e00c8212968f | MISC:https://github.com/sehmaschine/django-grappelli/compare/2.15.1...2.15.2 | MISC:https://github.com/sehmaschine/django-grappelli/issues/975 | MISC:https://github.com/sehmaschine/django-grappelli/pull/976 |
| CVE-2021-46897 | views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media. |
Assigned (20231022) | MISC:https://github.com/coderedcorp/coderedcms/compare/v0.22.2...v0.22.3 | MISC:https://github.com/coderedcorp/coderedcms/issues/448 | MISC:https://github.com/coderedcorp/coderedcms/pull/450 |
| CVE-2021-46896 | Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332. |
Assigned (20230705) | MISC:https://github.com/PX4/PX4-Autopilot/issues/18369 |
| CVE-2021-46895 | Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successful exploitation of this vulnerability will cause the hopped app to bypass the app lock and reset the device that initiates the hop. |
Assigned (20230629) | MISC:https://consumer.huawei.com/en/support/bulletin/2023/8/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/8/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202308-0000001667644725 |
| CVE-2021-46894 | Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation. |
Assigned (20230629) | MISC:https://consumer.huawei.com/en/support/bulletin/2023/7/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/7/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 |
| CVE-2021-46893 | Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity. |
Assigned (20230629) | MISC:https://consumer.huawei.com/en/support/bulletin/2023/7/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/7/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 |
| CVE-2021-46892 | Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality. |
Assigned (20230629) | MISC:https://consumer.huawei.com/en/support/bulletin/2023/7/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/7/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 |
| CVE-2021-46891 | Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. |
Assigned (20230629) | MISC:https://consumer.huawei.com/en/support/bulletin/2023/7/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/7/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 |
| CVE-2021-46890 | Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. |
Assigned (20230629) | MISC:https://consumer.huawei.com/en/support/bulletin/2023/7/ | URL:https://consumer.huawei.com/en/support/bulletin/2023/7/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858 |
Page created: