Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40001 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the MeeTime application to be unavailable. | |||||
| CVE-2021-39977 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this vulnerability may cause a process to restart. | |||||
| CVE-2021-37120 | 1 Huawei | 2 Emui, Magic Ui | 2022-01-13 | 10.0 HIGH | 9.8 CRITICAL |
| There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation. | |||||
| CVE-2021-40004 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The cellular module has a vulnerability in permission management. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-40003 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-39974 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-39973 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 7.8 HIGH | 7.5 HIGH |
| There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may cause the kernel to break down. | |||||
| CVE-2021-39970 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerability may create any file with the system app permission. | |||||
| CVE-2021-39978 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerability may cause privacy and security issues. | |||||
| CVE-2021-39979 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 10.0 HIGH | 9.8 CRITICAL |
| HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity. | |||||
| CVE-2021-40038 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2021-40039 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2021-40037 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. | |||||
| CVE-2021-40041 | 1 Huawei | 2 Ws318n-21, Ws318n-21 Firmware | 2022-01-13 | 1.9 LOW | 4.2 MEDIUM |
| There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6. | |||||
| CVE-2021-40035 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability. | |||||
| CVE-2021-40009 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2021-40032 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-36751 | 1 Encsecurity | 1 Datavault | 2022-01-13 | 6.4 MEDIUM | 9.1 CRITICAL |
| ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.) | |||||
| CVE-2021-43556 | 1 Fatek | 1 Winproladder | 2022-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-43554 | 1 Fatek | 1 Winproladder | 2022-01-13 | 6.8 MEDIUM | 7.8 HIGH |
| FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-40031 | 1 Huawei | 2 Emui, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2021-40029 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability. | |||||
| CVE-2021-40028 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity. | |||||
| CVE-2021-40027 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-40026 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2021-20871 | 1 Konicaminolta | 160 Bizhub 224e, Bizhub 224e Firmware, Bizhub 226i and 157 more | 2022-01-13 | 2.9 LOW | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain the credentials if the destination information including credentials are registered in the address book via a specific SOAP message. | |||||
| CVE-2021-46045 | 1 Gpac | 1 Gpac | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent). | |||||
| CVE-2021-46046 | 1 Gpac | 1 Gpac | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent). | |||||
| CVE-2021-46047 | 1 Gpac | 1 Gpac | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function. | |||||
| CVE-2021-46049 | 1 Gpac | 1 Gpac | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service. | |||||
| CVE-2021-46051 | 1 Gpac | 1 Gpac | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service. . | |||||
| CVE-2021-46080 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-13 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability. | |||||
| CVE-2021-46078 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-13 | 3.5 LOW | 4.8 MEDIUM |
| An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability. | |||||
| CVE-2021-46048 | 1 Webassembly | 1 Binaryen | 2022-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions. | |||||
| CVE-2021-20872 | 1 Konicaminolta | 104 Bizhub 224e, Bizhub 224e Firmware, Bizhub 227 and 101 more | 2022-01-13 | 4.6 MEDIUM | 6.8 MEDIUM |
| Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier) allows a physical attacker to bypass the firmware integrity verification and to install malicious firmware. | |||||
| CVE-2021-46067 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2022-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover. | |||||
| CVE-2021-44591 | 1 Libming | 1 Libming | 2022-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file. | |||||
| CVE-2021-20870 | 1 Konicaminolta | 174 Bizhub 224e, Bizhub 224e Firmware, Bizhub 226i and 171 more | 2022-01-13 | 1.9 LOW | 4.6 MEDIUM |
| Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, bizhub 4752/4052 GC9-X4 and earlier, bizhub C3850/C3350/3850FS, bizhub 4750/4050, bizhub C3110, bizhub C3100P) allows a physical attacker to obtain unsent scanned image data when scanned data transmission is stopped due to the network error by ejecting a HDD before the scan job times out. | |||||
| CVE-2021-40025 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-40022 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-40021 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-40020 | 1 Huawei | 2 Emui, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-40018 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-20869 | 1 Konicaminolta | 160 Bizhub 224e, Bizhub 224e Firmware, Bizhub 226i and 157 more | 2022-01-13 | 2.9 LOW | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/758 GC7-X8 and earlier, bizhub 658e/558e/458e GC7-X8 and earlier, bizhub C287/C227 GC7-X8 and earlier, bizhub 287/227 GC7-X8 and earlier, bizhub 368e/308e GC7-X8 and earlier, bizhub C368/C308/C258 GC9-X4 and earlier, bizhub 558/458/368/308 GC9-X4 and earlier, bizhub C754e/C654e GDQ-M0 and earlier, bizhub 754e/654e GDQ-M0 and earlier, bizhub C554e/C454e GDQ-M1 and earlier, bizhub C364e/C284e/C224e GDQ-M1 and earlier, bizhub 554e/454e/364e/284e/224e GDQ-M1 and earlier, bizhub C754/C654 C554/C454 GR1-M0 and earlier, bizhub C364/C284/C224 GR1-M0 and earlier, bizhub 754/654 GR1-M0 and earlier, bizhub C4050i/C3350i/C4000i/C3300i G00-B6 and earlier, bizhub C3320i G00-B6 and earlier, bizhub 4750i/4050i G00-22 and earlier, bizhub 4700i G00-22 and earlier, bizhub C3851FS/C3851/C3351 GC9-X4 and earlier, and bizhub 4752/4052 GC9-X4 and earlier) allows an attacker on the adjacent network to obtain some of user credentials if LDAP server authentication is enabled via a specific SOAP message. | |||||
| CVE-2021-40014 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-39996 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow. | |||||
| CVE-2021-39998 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 7.8 HIGH | 7.5 HIGH |
| There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones. Successful exploitation of this vulnerability may cause the system to crash and restart. | |||||
| CVE-2021-40000 | 1 Huawei | 1 Harmonyos | 2022-01-12 | 5.8 MEDIUM | 8.8 HIGH |
| The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulnerability may result in malicious command execution at the remote end. | |||||
| CVE-2021-44168 | 1 Fortinet | 1 Fortios | 2022-01-12 | 4.6 MEDIUM | 7.8 HIGH |
| A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages. | |||||
| CVE-2021-3842 | 3 Debian, Fedoraproject, Nltk | 3 Debian Linux, Fedora, Nltk | 2022-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| nltk is vulnerable to Inefficient Regular Expression Complexity | |||||