Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14816 | 6 Canonical, Debian, Linux and 3 more | 51 Ubuntu Linux, Debian Linux, Linux Kernel and 48 more | 2021-11-02 | 7.2 HIGH | 7.8 HIGH |
| There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | |||||
| CVE-2019-14814 | 6 Canonical, Debian, Linux and 3 more | 50 Ubuntu Linux, Debian Linux, Linux Kernel and 47 more | 2021-11-02 | 7.2 HIGH | 7.8 HIGH |
| There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | |||||
| CVE-2021-27597 | 1 Sap | 1 Netweaver Abap | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83, allows an unauthenticated attacker without specific knowledge of the system to send a specially crafted packet over a network which will trigger an internal error in the system due to improper input validation in method memmove() causing the system to crash and rendering it unavailable. In this attack, no data in the system can be viewed or modified. | |||||
| CVE-2018-12613 | 1 Phpmyadmin | 1 Phpmyadmin | 2021-11-02 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). | |||||
| CVE-2019-15576 | 1 Gitlab | 1 Gitlab | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint. | |||||
| CVE-2021-31624 | 1 Tendacn | 2 Ac9, Ac9 Firmware | 2021-11-02 | 5.8 MEDIUM | 8.8 HIGH |
| Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. | |||||
| CVE-2021-37803 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2021-11-02 | 9.3 HIGH | 8.1 HIGH |
| An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php . | |||||
| CVE-2021-30821 | 1 Apple | 2 Mac Os X, Macos | 2021-11-02 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-23546 | 1 Irfanview | 1 Irfanview | 2021-11-02 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981. | |||||
| CVE-2020-9897 | 1 Apple | 3 Ipad Os, Iphone Os, Macos | 2021-11-02 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution. | |||||
| CVE-2021-30894 | 1 Apple | 3 Ipad Os, Iphone Os, Tvos | 2021-11-02 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-29844 | 1 Ibm | 7 Engineering Lifecycle Optimization, Engineering Requirements Quality Assistant On-premises, Engineering Workflow Management and 4 more | 2021-11-02 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | |||||
| CVE-2021-30899 | 1 Apple | 2 Mac Os X, Macos | 2021-11-02 | 7.6 HIGH | 7.0 HIGH |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-41191 | 1 Redon | 1 Roblox Purchasing Hub | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add `@require_apikey` in `BOT/lib/cogs/website.py` under the route for `/v1/products`. | |||||
| CVE-2021-40344 | 1 Nagios | 1 Nagios Xi | 2021-11-02 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution. | |||||
| CVE-2021-37915 | 1 Grandstream | 2 Ht801, Ht801 Firmware | 2021-11-02 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host. | |||||
| CVE-2021-30902 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-11-02 | 4.6 MEDIUM | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2021-30901 | 1 Apple | 2 Mac Os X, Macos | 2021-11-02 | 9.3 HIGH | 7.8 HIGH |
| Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-14273 | 1 Hcltech | 1 Domino | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server. | |||||
| CVE-2018-17937 | 3 Debian, Gpsd Project, Microjson Project | 3 Debian Linux, Gpsd, Microjson | 2021-11-02 | 5.8 MEDIUM | 8.8 HIGH |
| gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs. | |||||
| CVE-2017-7655 | 2 Debian, Eclipse | 2 Debian Linux, Mosquitto | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vulnerability was found in the Mosquitto library which could lead to crashes for those applications using the library. | |||||
| CVE-2021-30909 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-11-02 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2018-13982 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files. | |||||
| CVE-2021-30824 | 1 Apple | 2 Mac Os X, Macos | 2021-11-02 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-30907 | 1 Apple | 6 Ipad Os, Iphone Os, Mac Os X and 3 more | 2021-11-02 | 6.8 MEDIUM | 7.8 HIGH |
| An integer overflow was addressed through improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to elevate privileges. | |||||
| CVE-2021-22458 | 1 Huawei | 1 Harmonyos | 2021-11-02 | 4.6 MEDIUM | 7.8 HIGH |
| A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution. | |||||
| CVE-2020-23549 | 1 Irfanview | 1 Irfanview | 2021-11-02 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6". | |||||
| CVE-2021-22473 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22472 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22481 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22483 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a issue of IP address spoofing in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS. | |||||
| CVE-2021-22485 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22486 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a issue of Unstandardized field names in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-22487 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-22491 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | |||||
| CVE-2021-36988 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Parameter verification issue in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity. | |||||
| CVE-2021-36992 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Public key verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-36995 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. | |||||
| CVE-2021-30914 | 1 Apple | 2 Ipad Os, Iphone Os | 2021-11-01 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-37001 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Register tampering vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow the register value to be modified. | |||||
| CVE-2021-36999 | 1 Huawei | 2 Emui, Magic Ui | 2021-11-01 | 6.8 MEDIUM | 7.8 HIGH |
| There is a Buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution. | |||||
| CVE-2021-22044 | 1 Vmware | 1 Spring Cloud Openfeign | 2021-11-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated interface methods. | |||||
| CVE-2020-7875 | 2 Dext5, Microsoft | 2 Dext5upload, Windows | 2021-11-01 | 6.8 MEDIUM | 8.8 HIGH |
| DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2021-40345 | 1 Nagios | 1 Nagios Xi | 2021-11-01 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of the first file in the archive) allows an attacker to execute system commands. | |||||
| CVE-2021-40343 | 1 Nagios | 1 Nagios Xi | 2021-11-01 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user. | |||||
| CVE-2021-22469 | 1 Huawei | 1 Harmonyos | 2021-11-01 | 3.6 LOW | 7.1 HIGH |
| A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read. | |||||
| CVE-2021-30879 | 1 Apple | 2 Mac Os X, Macos | 2021-11-01 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | |||||
| CVE-2021-30876 | 1 Apple | 2 Mac Os X, Macos | 2021-11-01 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | |||||
| CVE-2021-30880 | 1 Apple | 2 Mac Os X, Macos | 2021-11-01 | 5.8 MEDIUM | 7.1 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | |||||
| CVE-2021-22451 | 1 Huawei | 1 Harmonyos | 2021-11-01 | 4.6 MEDIUM | 7.8 HIGH |
| A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. | |||||