The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2021-41015 | A improper neutralization of input during web page generation (\'cross-site scripting\') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler | MEDIUM | Dec 9, 2021 |
| CVE-2021-41014 | A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets | MEDIUM | Dec 9, 2021 |
| CVE-2021-40578 | Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Management System in PHP and PayPal Free Source Code 1.0, that allows attackers to obtain sensitive information and execute arbitrary SQL commands via IDNO parameter. | MEDIUM | Dec 9, 2021 |
| CVE-2021-40282 | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. | MEDIUM | Dec 9, 2021 |
| CVE-2021-40281 | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | MEDIUM | Dec 9, 2021 |
| CVE-2021-40280 | An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | MEDIUM | Dec 9, 2021 |
| CVE-2021-40279 | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. | MEDIUM | Dec 9, 2021 |
| CVE-2021-39657 | In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel | LOW | Dec 9, 2021 |
| CVE-2021-39656 | In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel | MEDIUM | Dec 9, 2021 |
| CVE-2021-39648 | In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-160822094References: Upstream kernel | LOW | Dec 9, 2021 |
| CVE-2021-39002 | IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | MEDIUM | Dec 9, 2021 |
| CVE-2021-38951 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 211405. | MEDIUM | Dec 9, 2021 |
| CVE-2021-38931 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418. | MEDIUM | Dec 9, 2021 |
| CVE-2021-38926 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321. | LOW | Dec 9, 2021 |
| CVE-2021-38506 | Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. This could lead to spoofing attacks on the browser UI including phishing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | MEDIUM | Dec 9, 2021 |
| CVE-2021-38504 | When interacting with an HTML input element\'s file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | HIGH | Dec 9, 2021 |
| CVE-2021-38503 | The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | HIGH | Dec 9, 2021 |
| CVE-2021-37941 | A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of permissions than they possess. This vulnerability affects users that have set up the agent via the attacher cli 3, the attach API 2, as well as users that have enabled the profiling_inferred_spans_enabled option | MEDIUM | Dec 9, 2021 |
| CVE-2021-37940 | An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use the GHES integration to view hosts that might not be publicly accessible. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37100 | There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37099 | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37097 | There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart. | HIGH | Dec 9, 2021 |
| CVE-2021-37096 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37095 | There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution. | HIGH | Dec 9, 2021 |
| CVE-2021-37094 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system denial of service. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37093 | There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37092 | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37091 | There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37090 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37089 | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart. | HIGH | Dec 9, 2021 |
| CVE-2021-37088 | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37087 | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can create arbitrary file. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37086 | There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37085 | There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service. | HIGH | Dec 9, 2021 |
| CVE-2021-37084 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious invoking other functions of the Smart Assistant through text messages. | HIGH | Dec 9, 2021 |
| CVE-2021-37083 | There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Denial of Service Attacks. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37082 | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to motionhub crash. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37081 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to nearby crash. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37080 | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37079 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37078 | There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote Denial of Service. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37077 | There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel crash. | HIGH | Dec 9, 2021 |
| CVE-2021-37076 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37075 | There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37074 | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. | HIGH | Dec 9, 2021 |
| CVE-2021-37073 | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the detection result is tampered with. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37072 | There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37071 | There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37070 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. | MEDIUM | Dec 9, 2021 |
| CVE-2021-37069 | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. | MEDIUM | Dec 9, 2021 |
