Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37042 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. | |||||
| CVE-2021-37041 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. | |||||
| CVE-2021-37055 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is a Logic bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. | |||||
| CVE-2021-37047 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause some services to restart. | |||||
| CVE-2020-10673 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). | |||||
| CVE-2020-10672 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). | |||||
| CVE-2021-37046 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-07 | 7.8 HIGH | 7.5 HIGH |
| There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion. | |||||
| CVE-2020-10969 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. | |||||
| CVE-2020-10968 | 4 Debian, Fasterxml, Netapp and 1 more | 31 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 28 more | 2021-12-07 | 6.8 MEDIUM | 8.8 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). | |||||
| CVE-2021-43471 | 1 Canon | 2 Lbp223dw, Lbp223dw Firmware | 2021-12-07 | 7.8 HIGH | 7.5 HIGH |
| In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. | |||||
| CVE-2020-19611 | 1 Racktables Project | 1 Racktables | 2021-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter. | |||||
| CVE-2021-44527 | 1 Ui | 1 Unifi Switch Firmware | 2021-12-07 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. | |||||
| CVE-2021-40095 | 1 Squaredup | 1 Squaredup | 2021-12-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in the log files downloaded by an authenticated administrator user), leading to the ability to read arbitrary files on the server filesystems. | |||||
| CVE-2021-39890 | 1 Gitlab | 1 Gitlab | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. | |||||
| CVE-2021-40094 | 1 Squaredup | 1 Squaredup | 2021-12-07 | 3.5 LOW | 5.4 MEDIUM |
| A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device. | |||||
| CVE-2021-4075 | 1 Snipeitapp | 1 Snipe-it | 2021-12-07 | 6.5 MEDIUM | 7.2 HIGH |
| snipe-it is vulnerable to Server-Side Request Forgery (SSRF) | |||||
| CVE-2021-24943 | 1 Roundupwp | 1 Registrations For The Events Calendar | 2021-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection. | |||||
| CVE-2021-43327 | 1 Renesas | 4 Rx65, Rx65 Firmware, Rx65n and 1 more | 2021-12-07 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted. | |||||
| CVE-2021-4000 | 1 Showdoc | 1 Showdoc | 2021-12-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| showdoc is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-40093 | 1 Squaredup | 1 Squaredup | 2021-12-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions. | |||||