CVE-2021-41564

Tad Honor viewing Bible list function is vulnerable to authorization bypass, thus remote attackers can use particular parameters to delete articles arbitrarily without logging in. (CVSS:0.0) (Last Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Bypass Something|

CVE-2021-41568

Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system. (CVSS:0.0) (Final Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Bypass Something|

CVE-2021-41975

TadTools specific page is vulnerable to authorization bypass, thus remote attackers can use the particular parameter to delete arbitrary files in the system without logging in. (CVSS:0.0) (Terminal Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Bypass Something|

CVE-2021-41976

Tad Uploader edit Good Book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the Christian Bible list without logging in. (CVSS:0.0) (Terminal Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Bypass Something|

CVE-2021-23447

This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string). (CVSS:0.0) (Final Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Bypass Something|

CVE-2021-0688

In lockNow of PhoneWindowManager.java, there is a practicable lock screen bypass due to a race precondition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-161149543 (CVSS:0.0) (Last Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Bypass Something|

CVE-2021-25476

An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection meddler in TEE. (CVSS:0.0) (Terminal Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Bypass Something|

CVE-2021-25481

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. (CVSS:0.0) (Last Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Bypass Something|

CVE-2021-1534

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is owed to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a fastidious way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device. (CVSS:0.0) (Final Update:2021-10-06)

2021-10-05T20:00:00-04:00October 5th, 2021|Bypass Something|

CVE-2021-39870

In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker making a crafted API call. (CVSS:0.0) (Final Update:2021-10-05)

2021-10-04T20:00:00-04:00October 4th, 2021|Bypass Something|
Go to Top