CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2021-37941 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess. This vulnerability affects users that have set up the agent via the attacher cli 3, the attach API 2, as well as users that have enabled the profiling_inferred_spans_enabled option
102 CVE-2021-37940 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible.
103 CVE-2021-37600 190 Overflow 2021-07-30 2021-10-18
1.2
None Local High Not required None None Partial
** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
104 CVE-2021-37436 +Info 2021-07-24 2021-08-09
1.9
None Local Medium Not required Partial None None
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.
105 CVE-2021-37097 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart.
106 CVE-2021-37093 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages.
107 CVE-2021-37092 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.
108 CVE-2021-37091 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.
109 CVE-2021-37090 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash.
110 CVE-2021-37089 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart.
111 CVE-2021-37086 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox.
112 CVE-2021-37085 DoS 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service.
113 CVE-2021-37084 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious invoking other functions of the Smart Assistant through text messages.
114 CVE-2021-37075 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected.
115 CVE-2021-37074 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation.
116 CVE-2021-37069 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected.
117 CVE-2021-37054 Bypass 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
118 CVE-2021-37053 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.
119 CVE-2021-37052 +Info 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage.
120 CVE-2021-37051 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds memory access.
121 CVE-2021-37050 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
122 CVE-2021-37049 Overflow 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects.
123 CVE-2021-37045 Exec Code 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed.
124 CVE-2021-37044 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
125 CVE-2021-37040 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting.
126 CVE-2021-37039 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS.
127 CVE-2021-37037 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
There is an Invalid address access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart.
128 CVE-2021-36760 Exec Code XSS 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.)
129 CVE-2021-36720 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies .
130 CVE-2021-36719 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
PineApp - Mail Secure - The attacker must be logged in as a user to the Pineapp system. The attacker exploits the vulnerable nicUpload.php file to upload a malicious file,Thus taking over the server and running remote code.
131 CVE-2021-36718 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc') The vulnerabilety has been addressed and fixed on version 11. Default credentials , Security miscommunication , Sensetive data exposure vulnerability in Synel Reports of SYNEL eharmonynew, Synel Reports allows an attacker to log into the system with default credentials. This issue affects: SYNEL eharmonynew, Synel Reports 8.0.2 version 11 and prior versions.
132 CVE-2021-36195 Exec Code 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
Multiple command injection vulnerabilities in the command line interpreter of FortiWeb versions 6.4.1, 6.4.0, 6.3.0 through 6.3.15, 6.2.0 through 6.2.6, and 6.1.0 through 6.1.2 may allow an authenticated attacker to execute arbitrary commands on the underlying system shell via specially crafted command arguments.
133 CVE-2021-36191 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers
134 CVE-2021-36190 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to access protected hosts via crafted HTTP requests.
135 CVE-2021-36188 Exec Code XSS 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers
136 CVE-2021-36180 Exec Code 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests.
137 CVE-2021-36173 Exec Code Overflow 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
A heap-based buffer overflow in the firmware signature verification function of FortiOS versions 7.0.1, 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, and 6.0.0 through 6.0.13 may allow an attacker to execute arbitrary code via specially crafted installation images.
138 CVE-2021-36133 Bypass 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral.
139 CVE-2021-35618 DoS 2021-10-20 2021-11-22
1.4
None Local Network High ??? None None Partial
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L).
140 CVE-2021-35214 613 2021-10-12 2021-10-18
1.9
None Local Medium Not required None Partial None
The vulnerability in SolarWinds Pingdom can be described as a failure to invalidate user session upon password or email address change. When running multiple active sessions in separate browser windows, it was observed a password or email address change could be changed without terminating the user session. This issue has been resolved on September 13, 2021.
141 CVE-2021-34544 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2013. In /export.html, email.html, and sms.html, cleartext passwords are stored. This may allow sensitive information to be read by someone with access to the device.
142 CVE-2021-34543 +Priv 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status.
143 CVE-2021-34389 401 2021-06-21 2021-08-25
1.9
None Local Medium Not required Partial None None
Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check can allow a local user through a malicious client to access memory from the heap in the TrustZone, which may lead to information disclosure.
144 CVE-2021-33881 863 Bypass 2021-06-06 2021-06-17
1.9
None Local Medium Not required None Partial None
On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc.
145 CVE-2021-33805 2021-06-03 2021-06-03
0.0
None ??? ??? ??? ??? ??? ???
In the reference implementation of FUSE before 2.9.8 and 3.x before 3.2.5, local attackers were able to specify the allow_other option even if forbidden in /etc/fuse.conf, leading to exposure of FUSE filesystems to other users. This issue only affects systems with SELinux active.
146 CVE-2021-33604 Exec Code 2021-06-24 2021-07-01
1.2
None Local High Not required Partial None None
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
147 CVE-2021-32591 2021-12-08 2021-12-08
0.0
None ??? ??? ??? ??? ??? ???
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.
148 CVE-2021-32033 287 2021-06-16 2021-06-25
1.9
None Local Medium Not required Partial None None
Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token.
149 CVE-2021-31935 XSS 2021-04-30 2021-05-01
0.0
None ??? ??? ??? ??? ??? ???
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
150 CVE-2021-31934 XSS 2021-04-30 2021-05-01
0.0
None ??? ??? ??? ??? ??? ???
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
Total number of vulnerabilities : 1738   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.