Export limit exceeded: 349441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35128 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40099 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.2 High |
| An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution. | ||||
| CVE-2021-40089 | 1 Primekey | 1 Ejbca | 2024-11-21 | 2.3 Low |
| An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disabled it's not possible to create new such publishers, but existing publishers would continue to run. | ||||
| CVE-2021-40085 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Neutron, Openstack | 2024-11-21 | 6.5 Medium |
| An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. | ||||
| CVE-2021-40065 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-40063 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is an improper access control vulnerability in the video module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2021-40055 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.9 Medium |
| There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Successful exploitation of this vulnerability may affect integrity. | ||||
| CVE-2021-40051 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is an unauthorized access vulnerability in system components. Successful exploitation of this vulnerability will affect confidentiality. | ||||
| CVE-2021-40046 | 1 Huawei | 1 Pcmanager | 2024-11-21 | 9.8 Critical |
| PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege. | ||||
| CVE-2021-40034 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability. | ||||
| CVE-2021-40033 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-11-21 | 5.5 Medium |
| There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. | ||||
| CVE-2021-40024 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-40023 | 1 Huawei | 1 Emui | 2024-11-21 | 7.5 High |
| Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. | ||||
| CVE-2021-40022 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-40016 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 6.5 Medium |
| Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality. | ||||
| CVE-2021-40012 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2021-3897 | 2 Ibm, Lenovo | 10 Nextscale Fan Power Controller, Nextscale Fan Power Controller Firmware, Nextscale N1200 Enclosure and 7 more | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. | ||||
| CVE-2021-3864 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.0 High |
| A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. | ||||
| CVE-2021-3849 | 2 Ibm, Lenovo | 10 Nextscale Fan Power Controller, Nextscale Fan Power Controller Firmware, Nextscale N1200 Enclosure and 7 more | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. | ||||
| CVE-2021-3848 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2024-11-21 | 5.5 Medium |
| An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-3843 | 1 Lenovo | 59 Thinkpad 11e 3rd Gen, Thinkpad 11e 3rd Gen Firmware, Thinkpad 11e 4th Gen Celeron and 56 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||