Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-25 | CVE-2021-0630 | Integer Overflow or Wraparound vulnerability in Google Android In wifi driver, there is a possible system crash due to a missing bounds check. | 7.5 |
| 2021-10-25 | CVE-2021-0631 | Out-of-bounds Read vulnerability in Google Android In wifi driver, there is a possible system crash due to a missing bounds check. | 7.5 |
| 2021-10-25 | CVE-2021-0936 | Use After Free vulnerability in Google Android In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. | 7.8 |
| 2021-10-25 | CVE-2021-24487 | Unspecified vulnerability in Sanskruti St-Daily-Tip The St-Daily-Tip WordPress plugin through 4.7 does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. | 8.8 |
| 2021-10-25 | CVE-2021-24662 | SQL Injection vulnerability in Game-Server-Status Project Game-Server-Status 1.0 The Game Server Status WordPress plugin through 1.0 does not validate or escape the server_id parameter before using it in SQL statement, leading to an Authenticated SQL Injection in an admin page | 7.2 |
| 2021-10-25 | CVE-2021-24769 | SQL Injection vulnerability in Permalink Manager Lite Project Permalink Manager Lite The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection | 7.2 |
| 2021-10-25 | CVE-2021-24774 | SQL Injection vulnerability in Wpchill Check & LOG Email The Check & Log Email WordPress plugin before 1.0.3 does not validate and escape the "order" and "orderby" GET parameters before using them in a SQL statement when viewing logs, leading to SQL injections issues | 7.2 |
| 2021-10-25 | CVE-2021-40527 | Cleartext Storage of Sensitive Information vulnerability in Onepeloton Peloton 1.7.22 Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application. | 7.5 |
| 2021-10-25 | CVE-2021-21703 | Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. | 7.0 |
| 2021-10-22 | CVE-2020-23038 | Path Traversal vulnerability in Kumilabs Swift File Transfer Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. | 7.5 |