Search
Total
2662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22445 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 7.8 HIGH | 7.5 HIGH |
| There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the system to reset. | |||||
| CVE-2021-22381 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause an infinite loop in DoS. | |||||
| CVE-2021-22443 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause random address access. | |||||
| CVE-2021-37081 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to nearby crash. | |||||
| CVE-2021-37048 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to fake visitors to control PC,play a video,etc. | |||||
| CVE-2021-37060 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to SAMGR Heap Address Leakage. | |||||
| CVE-2021-37094 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system denial of service. | |||||
| CVE-2021-37096 | 1 Huawei | 1 Harmonyos | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed. | |||||
| CVE-2021-20273 | 2 Debian, Privoxy | 2 Debian Linux, Privoxy | 2021-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. | |||||
| CVE-2021-37047 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause some services to restart. | |||||
| CVE-2020-7880 | 2 Douzone, Microsoft | 2 Neors, Windows | 2021-12-01 | 9.3 HIGH | 8.8 HIGH |
| The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. | |||||
| CVE-2021-41079 | 3 Apache, Debian, Netapp | 3 Tomcat, Debian Linux, Management Services For Element Software And Netapp Hci | 2021-12-01 | 4.3 MEDIUM | 7.5 HIGH |
| Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. | |||||
| CVE-2020-9803 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2021-12-01 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-35533 | 1 Abb | 2 Rtu500, Rtu500 Firmware | 2021-11-30 | 7.1 HIGH | 7.5 HIGH |
| Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU of which the BCI is enabled to reboot when receiving a specially crafted message. By default, BCI IEC 60870-5-104 function is disabled (not configured). This issue affects: Hitachi Energy RTU500 series CMU Firmware version 12.0.* (all versions); CMU Firmware version 12.2.* (all versions); CMU Firmware version 12.4.* (all versions). | |||||
| CVE-2021-30917 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-11-29 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-37017 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-37019 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-37024 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-37025 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-37026 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-20601 | 1 Mitsubishielectric | 99 Got2000 Gt2103-pmbd, Got2000 Gt2103-pmbd Firmware, Got2000 Gt2103-pmbds and 96 more | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction. | |||||
| CVE-2021-37004 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-37003 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-37005 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-37008 | 1 Huawei | 1 Harmonyos | 2021-11-29 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-36335 | 1 Dell | 1 Emc Cloud Link | 2021-11-27 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server | |||||
| CVE-2021-3580 | 4 Debian, Netapp, Nettle Project and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Nettle and 1 more | 2021-11-26 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service. | |||||
| CVE-2021-41277 | 1 Metabase | 1 Metabase | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application. | |||||
| CVE-2021-36321 | 1 Dell | 18 X1008, X1008 Firmware, X1008p and 15 more | 2021-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger a denial of service. | |||||
| CVE-2020-16227 | 1 Deltaww | 1 Tpeditor | 2021-11-22 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor Versions 1.97 and prior. An improper input validation may be exploited by processing a specially crafted project file not validated when the data is entered by a user. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2020-16215 | 1 Advantech | 1 Webaccess\/hmi Designer | 2021-11-22 | 9.3 HIGH | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2021-0071 | 1 Intel | 25 7265, 7265 Firmware, 9260 Firmware and 22 more | 2021-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2021-0078 | 1 Intel | 30 7265, 7265 Firmware, Ac1550 and 27 more | 2021-11-19 | 6.8 MEDIUM | 8.1 HIGH |
| Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | |||||
| CVE-2021-0013 | 1 Intel | 1 Endpoint Management Assistant | 2021-11-19 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2021-26323 | 1 Amd | 40 Epyc 7232p, Epyc 7232p Firmware, Epyc 72f3 and 37 more | 2021-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. | |||||
| CVE-2020-12929 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2021-11-18 | 4.6 MEDIUM | 7.8 HIGH |
| Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution . | |||||
| CVE-2021-31360 | 1 Juniper | 2 Junos, Junos Os Evolved | 2021-11-17 | 6.6 MEDIUM | 7.1 HIGH |
| An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root, possibly leading to a system integrity issue or Denial of Service (DoS). Depending on the files overwritten, exploitation of this vulnerability could lead to a sustained Denial of Service (DoS) condition, requiring manual user intervention to recover. Systems are only vulnerable if jdhcpd is running, which can be confirmed via the 'show system processes' command. For example: root@host# run show system processes extensive | match dhcp 26537 root -16 0 97568K 13692K RUN 0 0:01 3.71% jdhcpd This issue affects: Juniper Networks Junos OS: All versions, including the following supported releases: 15.1 versions prior to 15.1R7-S10; 17.4 versions prior to 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R1-S1, 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R2-S3-EVO; All versions of 21.1-EVO. | |||||
| CVE-2018-10926 | 3 Debian, Gluster, Redhat | 5 Debian Linux, Glusterfs, Enterprise Linux and 2 more | 2021-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node. | |||||
| CVE-2018-10927 | 3 Debian, Gluster, Redhat | 4 Debian Linux, Glusterfs, Enterprise Linux Server and 1 more | 2021-11-17 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. | |||||
| CVE-2018-10923 | 3 Debian, Gluster, Redhat | 4 Debian Linux, Glusterfs, Enterprise Linux Server and 1 more | 2021-11-17 | 5.5 MEDIUM | 8.1 HIGH |
| It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node. | |||||
| CVE-2018-10929 | 3 Debian, Gluster, Redhat | 4 Debian Linux, Glusterfs, Enterprise Linux Server and 1 more | 2021-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. | |||||
| CVE-2015-7704 | 6 Citrix, Debian, Mcafee and 3 more | 14 Xenserver, Debian Linux, Enterprise Security Manager and 11 more | 2021-11-17 | 5.0 MEDIUM | 7.5 HIGH |
| The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | |||||
| CVE-2021-34417 | 1 Zoom | 5 Zoom On-premise Meeting Connector Controller, Zoom On-premise Meeting Connector Mmr, Zoom On-premise Recording Connector and 2 more | 2021-11-16 | 9.0 HIGH | 7.2 HIGH |
| The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room Connector before version 4.4.6868.20210703, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5496.20210703 fails to validate input sent in requests to set the network proxy password. This could lead to remote command injection by a web portal administrator. | |||||
| CVE-2021-30254 | 1 Qualcomm | 326 Apq8009, Apq8009 Firmware, Apq8009w and 323 more | 2021-11-16 | 7.2 HIGH | 7.8 HIGH |
| Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-34741 | 1 Cisco | 12 Asyncos, M170, M190 and 9 more | 2021-11-15 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition. | |||||
| CVE-2021-43406 | 1 Fusionpbx | 1 Fusionpbx | 2021-11-09 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). | |||||
| CVE-2016-9795 | 6 Broadcom, Ca, Hp and 3 more | 10 Ca Workload Automation Ae, Client Automation, Systemedge and 7 more | 2021-11-09 | 7.2 HIGH | 7.8 HIGH |
| The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation. | |||||
| CVE-2021-25509 | 1 Samsung | 1 Samsung Flow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. | |||||
| CVE-2021-34597 | 1 Phoenixcontact | 2 Pc Worx, Pc Worx Express | 2021-11-08 | 6.8 MEDIUM | 7.8 HIGH |
| Improper Input Validation vulnerability in PC Worx Automation Suite of Phoenix Contact up to version 1.88 could allow an attacker with a manipulated project file to unpack arbitrary files outside of the selected project directory. | |||||
| CVE-2021-27606 | 1 Sap | 1 Netweaver As Abap | 2021-11-06 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method EncOAMParamStore() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||