Total
35140 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37436 | 1 Amazon | 2 Echo Dot, Echo Dot Firmware | 2024-11-21 | 4.2 Medium |
| Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. | ||||
| CVE-2021-37424 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 9.8 Critical |
| ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. | ||||
| CVE-2021-37423 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. | ||||
| CVE-2021-37384 | 1 Furukawa | 8 423-41w\/ac, 423-41w\/ac Firmware, Ld420-10r and 5 more | 2024-11-21 | 9.8 Critical |
| RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface. | ||||
| CVE-2021-37349 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does not sanitise input read from the database. | ||||
| CVE-2021-37334 | 1 Umbraco | 1 Forms | 2024-11-21 | 9.8 Critical |
| Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server. | ||||
| CVE-2021-37274 | 1 Kingdee | 1 Kis Cloud | 2024-11-21 | 8.8 High |
| Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes. | ||||
| CVE-2021-37273 | 1 Chinatelecom | 2 Epon Tianyi Gateway Zxhn F450, Epon Tianyi Gateway Zxhn F450 Firmware | 2024-11-21 | 7.5 High |
| A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times. | ||||
| CVE-2021-37254 | 1 M-files | 1 M-files Web | 2024-11-21 | 7.5 High |
| In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. | ||||
| CVE-2021-37222 | 1 Rcdcap Project | 1 Rcdcap | 2024-11-21 | 9.8 Critical |
| Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via specially crafted packets. | ||||
| CVE-2021-37155 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 9.8 Critical |
| wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response. | ||||
| CVE-2021-37153 | 1 Forgerock | 1 Access Management | 2024-11-21 | 9.8 Critical |
| ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity Store, has an authentication-bypass issue. | ||||
| CVE-2021-37121 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 9.8 Critical |
| There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may elevate the MEID (IMEI) permission. | ||||
| CVE-2021-37119 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. | ||||
| CVE-2021-37117 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. | ||||
| CVE-2021-37115 | 1 Huawei | 1 Emui | 2024-11-21 | 5.5 Medium |
| There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-37113 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-37110 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-37109 | 1 Huawei | 1 Emui | 2024-11-21 | 7.8 High |
| There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure. | ||||
| CVE-2021-37098 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vulnerability may cause application crash. | ||||