Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-668
Total 688 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-36774 1 Apache 1 Kylin 2022-01-13 4.0 MEDIUM 6.5 MEDIUM
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions.
CVE-2021-39969 1 Huawei 3 Emui, Harmonyos, Magic Ui 2022-01-13 5.0 MEDIUM 7.5 HIGH
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-37133 1 Huawei 3 Emui, Harmonyos, Magic Ui 2022-01-13 5.0 MEDIUM 7.5 HIGH
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2021-40005 1 Huawei 1 Harmonyos 2022-01-13 5.0 MEDIUM 7.5 HIGH
The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2021-44852 1 Biostar 1 Racing Gt Evo 2022-01-12 7.2 HIGH 7.8 HIGH
An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.
CVE-2021-1918 1 Qualcomm 60 Qca6391, Qca6391 Firmware, Qcm6490 and 57 more 2022-01-11 2.1 LOW 6.5 MEDIUM
Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2021-45708 1 Abomonation Project 1 Abomonation 2022-01-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.
CVE-2020-20948 1 Jeecg 1 Jeecg 2022-01-07 5.0 MEDIUM 7.5 HIGH
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.
CVE-2019-8702 1 Apple 3 Iphone Os, Mac Os X, Tvos 2022-01-05 2.1 LOW 5.5 MEDIUM
This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.
CVE-2021-45494 1 Netgear 6 Rbk352, Rbk352 Firmware, Rbr350 and 3 more 2022-01-05 2.7 LOW 4.5 MEDIUM
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.
CVE-2021-44676 1 Zohocorp 1 Manageengine Access Manager Plus 2022-01-04 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state.
CVE-2021-44525 1 Zohocorp 1 Manageengine Pam360 2022-01-04 7.5 HIGH 9.8 CRITICAL
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required.
CVE-2021-29719 2 Ibm, Netapp 2 Cognos Analytics, Oncommand Insight 2022-01-04 5.0 MEDIUM 5.3 MEDIUM
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091
CVE-2021-30992 1 Apple 2 Ipados, Iphone Os 2022-01-03 1.9 LOW 5.5 MEDIUM
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata.
CVE-2019-15138 1 Html-pdf Project 1 Html-pdf 2022-01-01 5.0 MEDIUM 7.5 HIGH
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2021-43888 1 Microsoft 1 Defender For Iot 2022-01-01 5.0 MEDIUM 7.5 HIGH
Microsoft Defender for IoT Information Disclosure Vulnerability
CVE-2021-30947 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2021-12-29 4.3 MEDIUM 5.5 MEDIUM
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files.
CVE-2021-30988 1 Apple 2 Ipados, Iphone Os 2021-12-29 4.3 MEDIUM 5.5 MEDIUM
Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications a user has installed.
CVE-2021-30966 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2021-12-29 5.0 MEDIUM 7.5 HIGH
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations.
CVE-2021-45101 1 Wisc 1 Htcondor 2021-12-22 5.5 MEDIUM 8.1 HIGH
An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data.