Total
688 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36774 | 1 Apache | 1 Kylin | 2022-01-13 | 4.0 MEDIUM | 6.5 MEDIUM |
Apache Kylin allows users to read data from other database systems using JDBC. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Kylin server processes. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions. | |||||
CVE-2021-39969 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2021-37133 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2021-40005 | 1 Huawei | 1 Harmonyos | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
The distributed data service component has a vulnerability in data access control. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
CVE-2021-44852 | 1 Biostar | 1 Racing Gt Evo | 2022-01-12 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000. | |||||
CVE-2021-1918 | 1 Qualcomm | 60 Qca6391, Qca6391 Firmware, Qcm6490 and 57 more | 2022-01-11 | 2.1 LOW | 6.5 MEDIUM |
Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
CVE-2021-45708 | 1 Abomonation Project | 1 Abomonation | 2022-01-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass. | |||||
CVE-2020-20948 | 1 Jeecg | 1 Jeecg | 2022-01-07 | 5.0 MEDIUM | 7.5 HIGH |
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. | |||||
CVE-2019-8702 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2022-01-05 | 2.1 LOW | 5.5 MEDIUM |
This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier. | |||||
CVE-2021-45494 | 1 Netgear | 6 Rbk352, Rbk352 Firmware, Rbr350 and 3 more | 2022-01-05 | 2.7 LOW | 4.5 MEDIUM |
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10. | |||||
CVE-2021-44676 | 1 Zohocorp | 1 Manageengine Access Manager Plus | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | |||||
CVE-2021-44525 | 1 Zohocorp | 1 Manageengine Pam360 | 2022-01-04 | 7.5 HIGH | 9.8 CRITICAL |
Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | |||||
CVE-2021-29719 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2022-01-04 | 5.0 MEDIUM | 5.3 MEDIUM |
IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091 | |||||
CVE-2021-30992 | 1 Apple | 2 Ipados, Iphone Os | 2022-01-03 | 1.9 LOW | 5.5 MEDIUM |
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata. | |||||
CVE-2019-15138 | 1 Html-pdf Project | 1 Html-pdf | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. | |||||
CVE-2021-43888 | 1 Microsoft | 1 Defender For Iot | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
Microsoft Defender for IoT Information Disclosure Vulnerability | |||||
CVE-2021-30947 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-12-29 | 4.3 MEDIUM | 5.5 MEDIUM |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files. | |||||
CVE-2021-30988 | 1 Apple | 2 Ipados, Iphone Os | 2021-12-29 | 4.3 MEDIUM | 5.5 MEDIUM |
Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications a user has installed. | |||||
CVE-2021-30966 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-12-29 | 5.0 MEDIUM | 7.5 HIGH |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. | |||||
CVE-2021-45101 | 1 Wisc | 1 Htcondor | 2021-12-22 | 5.5 MEDIUM | 8.1 HIGH |
An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data. |