Export limit exceeded: 79201 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79201 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37145 | 1 Poly | 4 Cx5100, Cx5100 Firmware, Cx5500 and 1 more | 2024-11-21 | 7.2 High |
| A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-37137 | 6 Debian, Netapp, Netty and 3 more | 24 Debian Linux, Oncommand Insight, Netty and 21 more | 2024-11-21 | 7.5 High |
| The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. | ||||
| CVE-2021-37136 | 6 Debian, Netapp, Netty and 3 more | 31 Debian Linux, Oncommand Insight, Netty and 28 more | 2024-11-21 | 7.5 High |
| The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack | ||||
| CVE-2021-37134 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 8.1 High |
| Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerability may use Higher Permissions for invoking the interface of location-related components. | ||||
| CVE-2021-37130 | 1 Huawei | 2 Fusioncube, Fusioncube Firmware | 2024-11-21 | 7.5 High |
| There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. | ||||
| CVE-2021-37129 | 1 Huawei | 22 Ips Module, Ips Module Firmware, Ngfw Module and 19 more | 2024-11-21 | 7.5 High |
| There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20. | ||||
| CVE-2021-37127 | 1 Huawei | 4 Imanager Neteco, Imanager Neteco 6000, Imanager Neteco 6000 Firmware and 1 more | 2024-11-21 | 7.2 High |
| There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210. | ||||
| CVE-2021-37126 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed. | ||||
| CVE-2021-37125 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected. | ||||
| CVE-2021-37119 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. | ||||
| CVE-2021-37117 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. | ||||
| CVE-2021-37113 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Privilege escalation vulnerability with the file system component in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-37111 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion. | ||||
| CVE-2021-37110 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-37109 | 1 Huawei | 1 Emui | 2024-11-21 | 7.8 High |
| There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure. | ||||
| CVE-2021-37106 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 7.2 High |
| There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. | ||||
| CVE-2021-37105 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 7.5 High |
| There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal. | ||||
| CVE-2021-37104 | 1 Huawei | 2 P40, P40 Firmware | 2024-11-21 | 7.5 High |
| There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do. | ||||
| CVE-2021-37102 | 1 Huawei | 1 Fusioncompute | 2024-11-21 | 8.8 High |
| There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. | ||||
| CVE-2021-37100 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. | ||||