ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions.
CVE ID | Name | Status | References |
---|---|---|---|
CVE-2021-46790 | ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. |
Assigned (20220502) | MISC:https://github.com/tuxera/ntfs-3g/issues/16 | URL:https://github.com/tuxera/ntfs-3g/issues/16 |
CVE-2021-46789 | Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability. |
Assigned (20220425) | MISC:https://consumer.huawei.com/en/support/bulletin/2022/5/ | URL:https://consumer.huawei.com/en/support/bulletin/2022/5/ |
CVE-2021-46788 | Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations. |
Assigned (20220425) | MISC:https://consumer.huawei.com/en/support/bulletin/2022/5/ | URL:https://consumer.huawei.com/en/support/bulletin/2022/5/ |
CVE-2021-46787 | The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash. |
Assigned (20220425) | MISC:https://consumer.huawei.com/en/support/bulletin/2022/5/ | URL:https://consumer.huawei.com/en/support/bulletin/2022/5/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162 |
CVE-2021-46786 | The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access. |
Assigned (20220425) | MISC:https://consumer.huawei.com/en/support/bulletin/2022/5/ | URL:https://consumer.huawei.com/en/support/bulletin/2022/5/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162 |
CVE-2021-46785 | The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier. |
Assigned (20220425) | MISC:https://consumer.huawei.com/en/support/bulletin/2022/5/ | URL:https://consumer.huawei.com/en/support/bulletin/2022/5/ | MISC:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162 | URL:https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162 |
CVE-2021-46782 | The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting |
Assigned (20220402) | MISC:https://wpscan.com/vulnerability/39e69487-aa53-4b78-a422-12515a6449bf | URL:https://wpscan.com/vulnerability/39e69487-aa53-4b78-a422-12515a6449bf |
CVE-2021-46781 | The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting |
Assigned (20220402) | MISC:https://wpscan.com/vulnerability/49589867-f764-4c4a-b640-84973c673b23 | URL:https://wpscan.com/vulnerability/49589867-f764-4c4a-b640-84973c673b23 |
CVE-2021-46780 | The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting |
Assigned (20220402) | MISC:https://wpscan.com/vulnerability/cba4ccdd-9331-4ca0-b910-8f427ed9b540 | URL:https://wpscan.com/vulnerability/cba4ccdd-9331-4ca0-b910-8f427ed9b540 |
CVE-2021-46771 | Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application. |
Assigned (20220331) | MISC:https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 | URL:https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021 |
Page created: