Total
10026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41844 | 1 Crocoblock | 1 Jetengine | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. | |||||
| CVE-2021-0013 | 1 Intel | 1 Endpoint Management Assistant | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2021-35594 | 2 Netapp, Oracle | 3 Oncommand Insight, Snapcenter, Mysql Cluster | 2024-02-04 | 4.0 MEDIUM | 6.3 MEDIUM |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.33 and prior, 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-35592 | 2 Netapp, Oracle | 3 Oncommand Insight, Snapcenter, Mysql Cluster | 2024-02-04 | 4.0 MEDIUM | 6.3 MEDIUM |
| Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.23 and prior, 7.6.19 and prior and 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-44395 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-04 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-20705 | 1 Nec | 4 Clusterpro X, Clusterpro X Singleserversafe, Expresscluster X and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network. | |||||
| CVE-2021-44387 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-04 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPreset param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-22264 | 1 Google | 1 Android | 2024-02-04 | 3.6 LOW | 7.1 HIGH |
| Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission. | |||||
| CVE-2021-44364 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-04 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-0928 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-188675581 | |||||
| CVE-2021-37019 | 1 Huawei | 1 Harmonyos | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-43802 | 1 Etherpad | 1 Etherpad | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute arbitrary code (including system commands). To gain privileges, the attacker must be able to trigger deletion of `express-session` state or wait for old `express-session` state to be cleaned up. Core Etherpad does not delete any `express-session` state, so the only known attacks require either a plugin that can delete session state or a custom cleanup process (such as a cron job that deletes old `sessionstorage:*` records). The problem has been fixed in version 1.8.16. If users cannot upgrade to 1.8.16 or install patches manually, several workarounds are available. Users may configure their reverse proxies to reject requests to `/p/*/import`, which will block all imports, not just `*.etherpad` imports; limit all users to read-only access; and/or prevent the reuse of `express_sid` cookie values that refer to deleted express-session state. More detailed information and general mitigation strategies may be found in the GitHub Security Advisory. | |||||
| CVE-2021-44389 | 1 Reolink | 2 Rlc-410w, Rlc-410w Firmware | 2024-02-04 | 6.8 MEDIUM | 7.7 HIGH |
| A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetAbility param is not object. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-43762 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | 6.4 MEDIUM | 6.5 MEDIUM |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls. Sensitive areas of the web application may be exposed through exploitation of the vulnerability. | |||||
| CVE-2021-38015 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2021-38182 | 1 Kyma-project | 1 Kyma | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. | |||||
| CVE-2021-34416 | 1 Zoom | 4 Meeting Connector, Recording Connector, Virtual Room Connector and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, which could lead to remote command injection on the on-premise image by the web portal administrators. | |||||
| CVE-2021-37024 | 1 Huawei | 1 Harmonyos | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. | |||||
| CVE-2021-38957 | 1 Ibm | 1 Security Verify Access | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation. IBM X-Force ID: 212040. | |||||
| CVE-2021-30254 | 1 Qualcomm | 326 Apq8009, Apq8009 Firmware, Apq8009w and 323 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||