CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2021-22742 754 2021-05-26 2021-06-07
2.1
None Local Low Not required None None Partial
Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position.
552 CVE-2021-22564 787 2021-11-01 2021-11-02
2.1
None Local Low Not required None None Partial
For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of image pixels from an image buffer in the heap to another. This copy can occur when processing the right or bottom edges of the image, but only when groups are processed in certain order. Groups can be processed out of order in multi-threaded decoding environments with heavy thread load but also with images that contain the groups in an arbitrary order in the file. It is recommended to upgrade past 0.6.0 or patch with https://github.com/libjxl/libjxl/pull/775
553 CVE-2021-22552 125 Bypass 2021-08-02 2021-08-10
2.1
None Local Low Not required Partial None None
An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a
554 CVE-2021-22535 863 2021-09-28 2021-10-07
2.7
None Local Network Low ??? Partial None None
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.
555 CVE-2021-22525 668 +Info 2021-09-02 2021-09-10
2.1
None Local Low Not required Partial None None
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
556 CVE-2021-22471 476 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
557 CVE-2021-22468 863 +Info 2021-10-28 2021-11-01
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage.
558 CVE-2021-22467 20 2021-10-28 2021-11-01
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.
559 CVE-2021-22466 416 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.
560 CVE-2021-22465 120 Overflow 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.
561 CVE-2021-22463 416 2021-10-28 2021-11-01
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure.
562 CVE-2021-22462 476 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.
563 CVE-2021-22461 770 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
564 CVE-2021-22460 345 Bypass 2021-10-28 2021-11-02
2.1
None Local Low Not required None Partial None
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism.
565 CVE-2021-22459 476 2021-10-28 2021-11-02
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable.
566 CVE-2021-22457 20 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write.
567 CVE-2021-22456 2021-10-28 2021-11-02
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.
568 CVE-2021-22455 190 Overflow 2021-10-28 2021-11-02
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released.
569 CVE-2021-22454 674 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.
570 CVE-2021-22453 20 2021-10-28 2021-10-29
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
571 CVE-2021-22452 20 2021-10-28 2021-10-29
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.
572 CVE-2021-22440 22 Dir. Trav. 2021-07-13 2021-07-15
2.1
None Local Low Not required Partial None None
There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename. Affected product versions include:HUAWEI Mate 20 9.0.0.195(C01E195R2P1), 9.1.0.139(C00E133R3P1);HUAWEI Mate 20 Pro 9.0.0.187(C432E10R1P16), 9.0.0.188(C185E10R2P1), 9.0.0.245(C10E10R2P1), 9.0.0.266(C432E10R1P16), 9.0.0.267(C636E10R2P1), 9.0.0.268(C635E12R1P16), 9.0.0.278(C185E10R2P1); Hima-L29C 9.0.0.105(C10E9R1P16), 9.0.0.105(C185E9R1P16), 9.0.0.105(C636E9R1P16); Laya-AL00EP 9.1.0.139(C786E133R3P1); OxfordS-AN00A 10.1.0.223(C00E210R5P1); Tony-AL00B 9.1.0.257(C00E222R2P1).
573 CVE-2021-22399 2021-07-13 2021-07-15
2.1
None Local Low Not required None None Partial
The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11).
574 CVE-2021-22398 863 Bypass 2021-08-02 2021-08-11
2.1
None Local Low Not required None Partial None
There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1).
575 CVE-2021-22365 125 2021-06-22 2021-06-29
2.1
None Local Low Not required None None Partial
There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the target device. Due to insufficient validation of internal message, successful exploit may cause the process and the service abnormal.
576 CVE-2021-22364 DoS 2021-05-27 2021-06-08
2.1
None Local Low Not required None None Partial
There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E136R7P2) of HUAWEI Mate 30 (5G) . A module does not verify certain parameters sufficiently and it leads to some exceptions. Successful exploit could cause a denial of service condition.
577 CVE-2021-22310 532 +Info 2021-03-22 2021-03-26
2.1
None Local Low Not required Partial None None
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.
578 CVE-2021-22308 +Info 2021-06-03 2021-06-10
2.1
None Local Low Not required Partial None None
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage.
579 CVE-2021-22307 2021-02-06 2021-02-10
2.1
None Local Low Not required None Partial None
There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insufficient for the modules that should be protected. Local attackers can exploit this vulnerability to affect the integrity of certain module.
580 CVE-2021-22306 125 2021-02-06 2021-02-10
2.1
None Local Low Not required None None Partial
There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause out-of-bound, compromising normal service.
581 CVE-2021-22305 120 Overflow 2021-02-06 2021-02-10
2.1
None Local Low Not required None None Partial
There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verify the some input when dealing with messages. Attackers can exploit this vulnerability by sending malicious input through specific module. This could cause buffer overflow, compromising normal service.
582 CVE-2021-22304 416 2021-02-06 2021-02-10
2.1
None Local Low Not required None None Partial
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.
583 CVE-2021-22295 276 Bypass 2021-08-06 2021-08-13
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler.
584 CVE-2021-22294 Bypass 2021-03-02 2021-03-09
2.1
None Local Low Not required None None Partial
A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may exploit this vulnerability to issue commands repeatedly, exhausting system service resources.
585 CVE-2021-22194 312 2021-03-26 2021-09-14
2.1
None Local Low Not required Partial None None
In all versions of GitLab, marshalled session keys were being stored in Redis.
586 CVE-2021-22184 200 +Info 2021-03-26 2021-03-30
2.1
None Local Low Not required Partial None None
An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted.
587 CVE-2021-22152 20 DoS 2021-05-13 2021-05-21
2.1
None Local Low Not required None None Partial
A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections.
588 CVE-2021-22133 532 +Info 2021-02-10 2021-02-16
2.7
None Local Network Low ??? Partial None None
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.
589 CVE-2021-22132 522 +Info 2021-01-14 2021-02-22
2.1
None Remote High ??? Partial None None
Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search API. Users who execute an async search will improperly store the HTTP headers. An Elasticsearch user with the ability to read the .tasks index could obtain sensitive request headers of other users in the cluster. This issue is fixed in Elasticsearch 7.10.2
590 CVE-2021-22020 2021-09-23 2021-09-30
2.1
None Local Low Not required None None Partial
The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful exploitation of this issue may allow an attacker to create a denial-of-service condition on vCenter Server.
591 CVE-2021-22007 668 +Priv 2021-09-23 2021-09-27
2.1
None Local Low Not required Partial None None
The vCenter Server contains a local information disclosure vulnerability in the Analytics service. An authenticated user with non-administrative privilege may exploit this issue to gain access to sensitive information.
592 CVE-2021-21989 125 2021-05-24 2021-06-04
2.1
None Local Low Not required Partial None None
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
593 CVE-2021-21988 125 2021-05-24 2021-06-04
2.1
None Local Low Not required Partial None None
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
594 CVE-2021-21987 125 2021-05-24 2021-06-04
2.1
None Local Low Not required Partial None None
VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). A malicious actor with access to a virtual machine or remote desktop may be able to exploit these issues leading to information disclosure from the TPView process running on the system where Workstation or Horizon Client for Windows is installed.
595 CVE-2021-21792 +Info 2021-08-05 2021-08-11
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read four bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.
596 CVE-2021-21791 +Info 2021-08-05 2021-08-11
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.
597 CVE-2021-21790 +Info 2021-08-05 2021-08-11
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver which can result in sensitive information disclosure from the kernel. The IN instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users.
598 CVE-2021-21785 2021-08-05 2021-08-11
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
599 CVE-2021-21781 908 +Info 2021-08-18 2021-08-26
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11
600 CVE-2021-21740 59 +Info 2021-08-09 2021-08-17
2.1
None Local Low Not required Partial None None
There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residential gateway, and access unauthorized directory information through the symbolic link, causing information leak.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.