Vulnerabilities (CVE)

Total 13957 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-37120 1 Huawei 2 Emui, Magic Ui 2022-01-13 10.0 HIGH 9.8 CRITICAL
There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation.
CVE-2021-39979 1 Huawei 1 Harmonyos 2022-01-13 10.0 HIGH 9.8 CRITICAL
HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may affect HHEE system integrity.
CVE-2021-36751 1 Encsecurity 1 Datavault 2022-01-13 6.4 MEDIUM 9.1 CRITICAL
ENC DataVault 7.1.1W uses an inappropriate encryption algorithm, such that an attacker (who does not know the secret key) can make ciphertext modifications that are reflected in modified plaintext. There is no data integrity mechanism. (This behavior occurs across USB drives sold under multiple brand names.)
CVE-2021-37121 1 Huawei 2 Emui, Magic Ui 2022-01-13 7.5 HIGH 9.8 CRITICAL
There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission.
CVE-2021-46067 1 Vehicle Service Management System Project 1 Vehicle Service Management System 2022-01-13 7.5 HIGH 9.8 CRITICAL
In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account Takeover.
CVE-2021-40011 1 Huawei 2 Emui, Magic Ui 2022-01-13 6.4 MEDIUM 9.1 CRITICAL
There is an Uncontrolled resource consumption vulnerability in the display module in smartphones. Successful exploitation of this vulnerability may affect service integrity.
CVE-2021-40010 1 Huawei 1 Harmonyos 2022-01-13 7.5 HIGH 9.8 CRITICAL
The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.
CVE-2021-39996 1 Huawei 3 Emui, Harmonyos, Magic Ui 2022-01-13 7.5 HIGH 9.8 CRITICAL
There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful exploitation of this vulnerability may cause memory overflow.
CVE-2021-31522 1 Apache 1 Kylin 2022-01-12 7.5 HIGH 9.8 CRITICAL
Kylin can receive user input and load any class through Class.forName(...). This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.
CVE-2021-43779 1 Teclib-edition 1 Addressing 2022-01-12 9.0 HIGH 9.9 CRITICAL
GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability, allowing access to the server's underlying operating system using command injection abuse of functionality. There is no workaround for this issue and users are advised to upgrade or to disable the addressing plugin.
CVE-2021-44790 1 Apache 1 Http Server 2022-01-12 7.5 HIGH 9.8 CRITICAL
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
CVE-2021-40525 1 Apache 1 James 2022-01-12 6.4 MEDIUM 9.1 CRITICAL
Apache James ManagedSieve implementation alongside with the file storage for sieve scripts is vulnerable to path traversal, allowing reading and writing any file. This vulnerability had been patched in Apache James 3.6.1 and higher. We recommend the upgrade. Distributed and Cassandra based products are also not impacted.
CVE-2022-21643 1 Usoc Project 1 Usoc 2022-01-12 7.5 HIGH 9.8 CRITICAL
USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL injection via register.php. In particular usernames, email addresses, and passwords provided by the user were not sanitized and were used directly to construct a sql statement. Users are advised to upgrade as soon as possible. There are not workarounds for this issue.
CVE-2021-44228 9 Apache, Cisco, Debian and 6 more 153 Log4j, Advanced Malware Protection Virtual Private Cloud Appliance, Automated Subsea Tuning and 150 more 2022-01-12 9.3 HIGH 10.0 CRITICAL
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVE-2021-45608 1 Netgear 6 D7800, D7800 Firmware, R6400v2 and 3 more 2022-01-12 7.5 HIGH 9.8 CRITICAL
Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices are affected by an integer overflow by an unauthenticated attacker. Remote code execution from the WAN interface (TCP port 20005) cannot be ruled out; however, exploitability was judged to be of "rather significant complexity" but not "impossible." The overflow is in SoftwareBus_dispatchNormalEPMsgOut in the KCodes NetUSB kernel module. Affected NETGEAR devices are D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122.
CVE-2021-23574 1 Js-data 1 Js-data 2022-01-12 7.5 HIGH 9.8 CRITICAL
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655).
CVE-2020-22057 1 Evga 1 Precision Xoc 2022-01-12 6.4 MEDIUM 9.1 CRITICAL
The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data.
CVE-2021-30351 1 Qualcomm 392 Apq8009, Apq8009 Firmware, Apq8009w and 389 more 2022-01-12 7.5 HIGH 9.8 CRITICAL
An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2021-43711 1 Totolink 2 Ex200, Ex200 Firmware 2022-01-12 7.5 HIGH 9.8 CRITICAL
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.
CVE-2020-7878 2 4nb, Microsoft 2 Videooffice, Windows 2022-01-12 7.5 HIGH 9.8 CRITICAL
An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.