| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
701 |
CVE-2021-37036 |
200 |
|
+Info |
2021-11-23 |
2021-11-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak. |
|
702 |
CVE-2021-37035 |
|
|
|
2021-11-23 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. |
|
703 |
CVE-2021-37034 |
|
|
|
2021-11-23 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
|
704 |
CVE-2021-37033 |
74 |
|
|
2021-11-23 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
|
705 |
CVE-2021-37032 |
|
|
Bypass |
2021-11-23 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work. |
|
706 |
CVE-2021-37031 |
|
|
|
2021-11-23 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. |
|
707 |
CVE-2021-37030 |
276 |
|
|
2021-11-23 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
|
708 |
CVE-2021-37029 |
|
|
|
2021-11-23 |
2021-12-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
|
709 |
CVE-2021-37026 |
20 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
710 |
CVE-2021-37025 |
20 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
711 |
CVE-2021-37024 |
20 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
712 |
CVE-2021-37023 |
22 |
|
Dir. Trav. |
2021-11-23 |
2022-05-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device on the network.. |
|
713 |
CVE-2021-37022 |
787 |
|
Overflow |
2021-11-23 |
2021-11-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated. |
|
714 |
CVE-2021-37019 |
20 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
715 |
CVE-2021-37018 |
|
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
716 |
CVE-2021-37017 |
20 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
717 |
CVE-2021-37016 |
125 |
|
DoS |
2021-11-23 |
2021-11-29 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service. |
|
718 |
CVE-2021-37015 |
125 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
719 |
CVE-2021-37013 |
20 |
|
|
2021-11-23 |
2021-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected. |
|
720 |
CVE-2021-37012 |
|
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
721 |
CVE-2021-37010 |
200 |
|
+Info |
2021-11-23 |
2021-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. |
|
722 |
CVE-2021-37009 |
|
|
|
2021-11-23 |
2021-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
There is a Configuration vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. |
|
723 |
CVE-2021-37008 |
20 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
724 |
CVE-2021-37007 |
125 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
725 |
CVE-2021-37006 |
281 |
|
|
2021-11-23 |
2021-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. |
|
726 |
CVE-2021-37005 |
20 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
727 |
CVE-2021-37004 |
20 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
728 |
CVE-2021-37003 |
20 |
|
|
2021-11-23 |
2021-11-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
|
729 |
CVE-2021-36957 |
269 |
|
|
2021-11-10 |
2021-11-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Windows Desktop Bridge Elevation of Privilege Vulnerability |
|
730 |
CVE-2021-36925 |
|
|
DoS Exec Code |
2021-11-02 |
2021-11-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. |
|
731 |
CVE-2021-36924 |
400 |
|
DoS Exec Code Overflow |
2021-11-02 |
2021-11-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device. |
|
732 |
CVE-2021-36923 |
269 |
|
DoS Exec Code |
2021-11-02 |
2021-11-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. |
|
733 |
CVE-2021-36922 |
269 |
|
DoS Exec Code |
2021-11-02 |
2021-11-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device. |
|
734 |
CVE-2021-36919 |
79 |
|
XSS |
2021-11-26 |
2021-12-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). |
|
735 |
CVE-2021-36917 |
668 |
|
|
2021-11-24 |
2021-11-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. |
|
736 |
CVE-2021-36916 |
89 |
|
Sql |
2021-11-24 |
2021-11-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible. |
|
737 |
CVE-2021-36909 |
863 |
|
|
2021-11-18 |
2021-11-19 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. |
|
738 |
CVE-2021-36908 |
352 |
|
CSRF |
2021-11-18 |
2021-11-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows attackers to trick authenticated into making unintentional database reset. |
|
739 |
CVE-2021-36884 |
79 |
|
XSS |
2021-11-19 |
2022-01-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions. |
|
740 |
CVE-2021-36843 |
79 |
|
XSS |
2021-11-26 |
2021-11-26 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin. |
|
741 |
CVE-2021-36807 |
89 |
|
Exec Code Sql |
2021-11-26 |
2021-11-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8. |
|
742 |
CVE-2021-36794 |
|
|
|
2021-11-02 |
2021-11-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process. |
|
743 |
CVE-2021-36698 |
79 |
|
XSS |
2021-11-03 |
2021-11-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. |
|
744 |
CVE-2021-36697 |
74 |
|
Exec Code |
2021-11-03 |
2021-11-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request. |
|
745 |
CVE-2021-36560 |
287 |
|
Bypass |
2021-11-02 |
2021-11-02 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. |
|
746 |
CVE-2021-36372 |
273 |
|
|
2021-11-19 |
2021-11-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked. |
|
747 |
CVE-2021-36340 |
532 |
|
|
2021-11-20 |
2021-11-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. |
|
748 |
CVE-2021-36335 |
20 |
|
|
2021-11-23 |
2021-11-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server |
|
749 |
CVE-2021-36334 |
1236 |
|
Exec Code |
2021-11-23 |
2021-11-27 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine |
|
750 |
CVE-2021-36333 |
120 |
|
Overflow |
2021-11-23 |
2021-11-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash. |
