Total
34322 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40046 | 1 Huawei | 1 Pcmanager | 2024-11-21 | 9.8 Critical |
| PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allow the attacker to access certain resource beyond its privilege. | ||||
| CVE-2021-40040 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2021-40034 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The video framework has the memory overwriting vulnerability caused by addition overflow. Successful exploitation of this vulnerability may affect the availability. | ||||
| CVE-2021-40033 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-11-21 | 5.5 Medium |
| There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. | ||||
| CVE-2021-40032 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-40030 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-40024 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-40023 | 1 Huawei | 1 Emui | 2024-11-21 | 7.5 High |
| Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. | ||||
| CVE-2021-40022 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2021-40016 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 6.5 Medium |
| Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality. | ||||
| CVE-2021-40012 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2021-3897 | 2 Ibm, Lenovo | 10 Nextscale Fan Power Controller, Nextscale Fan Power Controller Firmware, Nextscale N1200 Enclosure and 7 more | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. | ||||
| CVE-2021-3864 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.0 High |
| A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. | ||||
| CVE-2021-3849 | 2 Ibm, Lenovo | 10 Nextscale Fan Power Controller, Nextscale Fan Power Controller Firmware, Nextscale N1200 Enclosure and 7 more | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. | ||||
| CVE-2021-3848 | 2 Microsoft, Trendmicro | 3 Windows, Apex One, Worry-free Business Security | 2024-11-21 | 5.5 Medium |
| An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow a local attacker to create an arbitrary file with higher privileges that could lead to a denial-of-service (DoS) on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-3843 | 1 Lenovo | 59 Thinkpad 11e 3rd Gen, Thinkpad 11e 3rd Gen Firmware, Thinkpad 11e 4th Gen Celeron and 56 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-3787 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-11-21 | 6.4 Medium |
| A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to backend Hubble services. | ||||
| CVE-2021-3786 | 1 Lenovo | 266 Ideapad S940-14iwl, Ideapad S940-14iwl Firmware, Ideapad Yoga S940-14iwl and 263 more | 2024-11-21 | 4.4 Medium |
| A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. | ||||
| CVE-2021-3754 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-11-21 | 5.3 Medium |
| A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. | ||||
| CVE-2021-3732 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible. | ||||