| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-20001 | It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blen... | S | |
| CVE-2021-20002 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20003 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20004 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20005 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20006 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20007 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20008 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20009 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20010 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20011 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20012 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20013 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20014 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20015 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-20016 | A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated... | KEV M | |
| CVE-2021-20017 | A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated att... | | |
| CVE-2021-20018 | A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuratio... | | |
| CVE-2021-20019 | A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted ... | | |
| CVE-2021-20020 | A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to l... | | |
| CVE-2021-20021 | A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an adm... | KEV | |
| CVE-2021-20022 | SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated ... | KEV | |
| CVE-2021-20023 | SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated ... | KEV | |
| CVE-2021-20024 | Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an a... | | |
| CVE-2021-20025 | SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default use... | | |
| CVE-2021-20026 | A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS ... | | |
| CVE-2021-20027 | A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (Do... | M | |
| CVE-2021-20028 | Improper neutralization of a SQL Command leading to SQL Injection vulnerability impacting end-of-lif... | KEV | |
| CVE-2021-20030 | SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can... | | |
| CVE-2021-20031 | A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect ... | E | |
| CVE-2021-20032 | SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security ... | | |
| CVE-2021-20034 | An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to bypas... | E | |
| CVE-2021-20035 | Improper neutralization of special elements in the SMA100 management interface allows a remote authe... | KEV | |
| CVE-2021-20037 | SonicWall Global VPN Client 4.10.5 installer (32-bit and 64-bit) incorrect default file permission v... | | |
| CVE-2021-20038 | A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environme... | KEV E | |
| CVE-2021-20039 | Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' P... | E | |
| CVE-2021-20040 | A relative path traversal vulnerability in the SMA100 upload funtion allows a remote unauthenticated... | | |
| CVE-2021-20041 | An unauthenticated and remote adversary can consume all of the device's CPU due to crafted HTTP requ... | | |
| CVE-2021-20042 | An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectab... | | |
| CVE-2021-20043 | A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote a... | | |
| CVE-2021-20044 | A post-authentication remote command injection vulnerability in SonicWall SMA100 allows a remote aut... | | |
| CVE-2021-20045 | A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remo... | | |
| CVE-2021-20046 | A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote aut... | | |
| CVE-2021-20047 | SonicWall Global VPN client version 4.10.6 (32-bit and 64-bit) and earlier have a DLL Search Order H... | | |
| CVE-2021-20048 | A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenti... | | |
| CVE-2021-20049 | A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to ... | | |
| CVE-2021-20050 | An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted managemen... | | |
| CVE-2021-20051 | SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DL... | | |
| CVE-2021-20066 | JSDom improperly allows the loading of local resources, which allows for local files to be manipulat... | E | |
| CVE-2021-20067 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog e... | | |
| CVE-2021-20068 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scri... | | |
| CVE-2021-20069 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scri... | | |
| CVE-2021-20070 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scri... | | |
| CVE-2021-20071 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scri... | | |
| CVE-2021-20072 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and ... | | |
| CVE-2021-20073 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.... | | |
| CVE-2021-20074 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command... | | |
| CVE-2021-20075 | Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd... | | |
| CVE-2021-20076 | Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability ... | | |
| CVE-2021-20077 | Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security ... | S | |
| CVE-2021-20078 | Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerabili... | E | |
| CVE-2021-20079 | Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which ... | | |
| CVE-2021-20080 | Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEng... | E | |
| CVE-2021-20081 | Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a ... | E | |
| CVE-2021-20083 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-... | E | |
| CVE-2021-20084 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-... | E | |
| CVE-2021-20085 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in backbon... | E | |
| CVE-2021-20086 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-... | E | |
| CVE-2021-20087 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-... | E | |
| CVE-2021-20088 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in mootool... | E | |
| CVE-2021-20089 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.... | E | |
| CVE-2021-20090 | A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.... | KEV E | |
| CVE-2021-20091 | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware versi... | | |
| CVE-2021-20092 | The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware versi... | | |
| CVE-2021-20093 | A buffer over-read vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthenticat... | E S | |
| CVE-2021-20094 | A denial of service vulnerability exists in Wibu-Systems CodeMeter versions < 7.21a. An unauthentica... | E S | |
| CVE-2021-20095 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20096 | Cross-site request forgery in OpenOversight 0.6.4 allows a remote attacker to perform sensitive appl... | E | |
| CVE-2021-20099 | Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation... | | |
| CVE-2021-20100 | Nessus Agent 8.2.4 and earlier for Windows were found to contain multiple local privilege escalation... | | |
| CVE-2021-20101 | Machform prior to version 16 is vulnerable to HTTP host header injection due to improperly validated... | | |
| CVE-2021-20102 | Machform prior to version 16 is vulnerable to cross-site request forgery due to a lack of CSRF token... | | |
| CVE-2021-20103 | Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient saniti... | | |
| CVE-2021-20104 | Machform prior to version 16 is vulnerable to unauthenticated remote code execution due to insuffici... | | |
| CVE-2021-20105 | Machform prior to version 16 is vulnerable to an open redirect in Safari_init.php due to an improper... | | |
| CVE-2021-20106 | Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability w... | | |
| CVE-2021-20107 | There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima ETF... | E | |
| CVE-2021-20108 | Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from... | | |
| CVE-2021-20109 | Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can st... | | |
| CVE-2021-20110 | Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on t... | | |
| CVE-2021-20111 | A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce... | E | |
| CVE-2021-20112 | A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce... | E | |
| CVE-2021-20113 | An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. If a password reset r... | E | |
| CVE-2021-20114 | When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated ... | E | |
| CVE-2021-20115 | A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.3. The paths provided in the... | E S | |
| CVE-2021-20116 | A reflected cross-site scripting vulnerability exists in TCExam <= 14.8.4. The paths provided in the... | E | |
| CVE-2021-20117 | Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which... | S | |
| CVE-2021-20118 | Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which... | S | |
| CVE-2021-20119 | The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that al... | E | |
| CVE-2021-20120 | The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-... | E | |
| CVE-2021-20121 | The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticate... | E | |
| CVE-2021-20122 | The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated ... | E | |
| CVE-2021-20123 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download fu... | KEV E | |
| CVE-2021-20124 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download fu... | KEV E | |
| CVE-2021-20125 | An arbitrary file upload and directory traversal vulnerability exists in the file upload functionali... | E | |
| CVE-2021-20126 | Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently... | E | |
| CVE-2021-20127 | An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet... | E | |
| CVE-2021-20128 | The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was fo... | E | |
| CVE-2021-20129 | An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthe... | E | |
| CVE-2021-20130 | ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerab... | | |
| CVE-2021-20131 | ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerab... | | |
| CVE-2021-20132 | Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 use default hard-coded cred... | E | |
| CVE-2021-20133 | Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute... | E | |
| CVE-2021-20134 | Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute... | E | |
| CVE-2021-20135 | Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability ... | | |
| CVE-2021-20136 | ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing ... | E | |
| CVE-2021-20137 | A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site... | E | |
| CVE-2021-20138 | An unauthenticated command injection vulnerability exists in multiple parameters in the Gryphon Towe... | E | |
| CVE-2021-20139 | An unauthenticated command injection vulnerability exists in the parameters of operation 3 in the co... | E | |
| CVE-2021-20140 | An unauthenticated command injection vulnerability exists in the parameters of operation 10 in the c... | E | |
| CVE-2021-20141 | An unauthenticated command injection vulnerability exists in the parameters of operation 32 in the c... | E | |
| CVE-2021-20142 | An unauthenticated command injection vulnerability exists in the parameters of operation 41 in the c... | E | |
| CVE-2021-20143 | An unauthenticated command injection vulnerability exists in the parameters of operation 48 in the c... | E | |
| CVE-2021-20144 | An unauthenticated command injection vulnerability exists in the parameters of operation 49 in the c... | E | |
| CVE-2021-20145 | Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers ac... | E | |
| CVE-2021-20146 | An unprotected ssh private key exists on the Gryphon devices which could be used to achieve root acc... | | |
| CVE-2021-20147 | ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the ... | E | |
| CVE-2021-20148 | ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain und... | E | |
| CVE-2021-20149 | Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN inte... | | |
| CVE-2021-20150 | Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the... | M | |
| CVE-2021-20151 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains a flaw in the session management for the device.... | | |
| CVE-2021-20152 | Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionali... | | |
| CVE-2021-20153 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains a symlink vulnerability in the bittorrent functi... | | |
| CVE-2021-20154 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains an security flaw in the web interface. HTTPS is ... | | |
| CVE-2021-20155 | Trendnet AC2600 TEW-827DRU version 2.08B01 makes use of hardcoded credentials. It is possible to bac... | E | |
| CVE-2021-20156 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains an improper access control configuration that co... | | |
| CVE-2021-20157 | It is possible for an unauthenticated, malicious user to force the device to reboot due to a hidden ... | E | |
| CVE-2021-20158 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains an authentication bypass vulnerability. It is po... | | |
| CVE-2021-20159 | Trendnet AC2600 TEW-827DRU version 2.08B01 is vulnerable to command injection. The system log functi... | E | |
| CVE-2021-20160 | Trendnet AC2600 TEW-827DRU version 2.08B01 contains a command injection vulnerability in the smb fun... | E | |
| CVE-2021-20161 | Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient protections for the UART functio... | | |
| CVE-2021-20162 | Trendnet AC2600 TEW-827DRU version 2.08B01 stores credentials in plaintext. Usernames and passwords ... | | |
| CVE-2021-20163 | Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and pas... | | |
| CVE-2021-20164 | Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses credentials for the smb functionalit... | | |
| CVE-2021-20165 | Trendnet AC2600 TEW-827DRU version 2.08B01 does not properly implement csrf protections. Most pages ... | E | |
| CVE-2021-20166 | Netgear RAX43 version 1.0.3.96 contains a buffer overrun vulnerability. The URL parsing functionalit... | | |
| CVE-2021-20167 | Netgear RAX43 version 1.0.3.96 contains a command injection vulnerability. The readycloud cgi applic... | | |
| CVE-2021-20168 | Netgear RAX43 version 1.0.3.96 does not have sufficient protections to the UART interface. A malicio... | | |
| CVE-2021-20169 | Netgear RAX43 version 1.0.3.96 does not utilize secure communications to the web interface. By defau... | | |
| CVE-2021-20170 | Netgear RAX43 version 1.0.3.96 makes use of hardcoded credentials. It does not appear that normal us... | | |
| CVE-2021-20171 | Netgear RAX43 version 1.0.3.96 stores sensitive information in plaintext. All usernames and password... | | |
| CVE-2021-20172 | All known versions of the Netgear Genie Installer for macOS contain a local privilege escalation vul... | E | |
| CVE-2021-20173 | Netgear Nighthawk R6700 version 1.0.4.120 contains a command injection vulnerability in update funct... | E | |
| CVE-2021-20174 | Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the web i... | | |
| CVE-2021-20175 | Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP ... | | |
| CVE-2021-20176 | A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an... | | |
| CVE-2021-20177 | A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileg... | S | |
| CVE-2021-20178 | A flaw was found in ansible module where credentials are disclosed in the console log by default and... | | |
| CVE-2021-20179 | A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw... | S | |
| CVE-2021-20180 | A flaw was found in ansible module where credentials are disclosed in the console log by default and... | | |
| CVE-2021-20181 | A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0.... | S | |
| CVE-2021-20182 | A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs wit... | S | |
| CVE-2021-20183 | It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XS... | S | |
| CVE-2021-20184 | It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks ... | S | |
| CVE-2021-20185 | It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose ... | S | |
| CVE-2021-20186 | It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filte... | S | |
| CVE-2021-20187 | It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site ... | S | |
| CVE-2021-20188 | A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged... | S | |
| CVE-2021-20189 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20190 | A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between s... | S | |
| CVE-2021-20191 | A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by def... | | |
| CVE-2021-20192 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20193 | A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can sub... | S | |
| CVE-2021-20194 | There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with confi... | S | |
| CVE-2021-20195 | A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating t... | | |
| CVE-2021-20196 | A NULL pointer dereference flaw was found in the floppy disk emulator of QEMU. This issue occurs whi... | E S | |
| CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version ... | S | |
| CVE-2021-20198 | A flaw was found in the OpenShift Installer before version v0.9.0-master.0.20210125200451-95101da940... | S | |
| CVE-2021-20199 | Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (incl... | E S | |
| CVE-2021-20200 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20201 | A flaw was found in spice in versions before 0.14.92. A DoS tool might make it easier for remote att... | E | |
| CVE-2021-20202 | A flaw was found in keycloak. Directories can be created prior to the Java process creating them in ... | | |
| CVE-2021-20203 | An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.... | E S | |
| CVE-2021-20204 | A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when proces... | | |
| CVE-2021-20205 | Libjpeg-turbo versions 2.0.91 and 2.0.90 is vulnerable to a denial of service vulnerability caused b... | S | |
| CVE-2021-20206 | An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8... | | |
| CVE-2021-20207 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2021-3348. Reason: This candidate ... | R | |
| CVE-2021-20208 | A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system... | S | |
| CVE-2021-20209 | A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when n... | S | |
| CVE-2021-20210 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler wh... | S | |
| CVE-2021-20211 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can c... | S | |
| CVE-2021-20212 | A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed ... | S | |
| CVE-2021-20213 | A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could resu... | S | |
| CVE-2021-20214 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler w... | S | |
| CVE-2021-20215 | A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler w... | S | |
| CVE-2021-20216 | A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression ... | | |
| CVE-2021-20217 | A flaw was found in Privoxy in versions before 3.0.31. An assertion failure triggered by a crafted C... | | |
| CVE-2021-20218 | A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a mal... | S | |
| CVE-2021-20219 | A denial of service vulnerability was found in n_tty_receive_char_special in drivers/tty/n_tty.c of ... | | |
| CVE-2021-20220 | A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smu... | | |
| CVE-2021-20221 | An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator... | S | |
| CVE-2021-20222 | A flaw was found in keycloak. The new account console in keycloak can allow malicious code to be exe... | | |
| CVE-2021-20223 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20224 | An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCor... | S | |
| CVE-2021-20225 | A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write p... | | |
| CVE-2021-20226 | A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user ... | | |
| CVE-2021-20227 | A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker... | S | |
| CVE-2021-20228 | A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is ... | S | |
| CVE-2021-20229 | A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privileg... | | |
| CVE-2021-20230 | A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it i... | S | |
| CVE-2021-20231 | A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to... | E S | |
| CVE-2021-20232 | A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c... | S | |
| CVE-2021-20233 | A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code pe... | S | |
| CVE-2021-20234 | An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions b... | E S | |
| CVE-2021-20235 | There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The deco... | S | |
| CVE-2021-20236 | A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client ... | S | |
| CVE-2021-20237 | An uncontrolled resource consumption (memory leak) flaw was found in ZeroMQ's src/xpub.cpp in versio... | S | |
| CVE-2021-20238 | It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Se... | M | |
| CVE-2021-20239 | A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows... | | |
| CVE-2021-20240 | A flaw was found in gdk-pixbuf in versions before 2.42.0. An integer wraparound leading to an out of... | S | |
| CVE-2021-20241 | A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is proc... | S | |
| CVE-2021-20242 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20176. Reason: This candidat... | R | |
| CVE-2021-20243 | A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that ... | S | |
| CVE-2021-20244 | A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted fi... | S | |
| CVE-2021-20245 | A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is pro... | S | |
| CVE-2021-20246 | A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file tha... | S | |
| CVE-2021-20247 | A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IM... | E | |
| CVE-2021-20248 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20249 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20250 | A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which m... | | |
| CVE-2021-20251 | A flaw was found in samba. A race condition in the password lockout code may lead to the risk of bru... | E | |
| CVE-2021-20252 | A flaw was found in Red Hat 3scale API Management Platform 2. The 3scale backend does not perform pr... | | |
| CVE-2021-20253 | A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape al... | | |
| CVE-2021-20254 | A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into ... | | |
| CVE-2021-20255 | A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emu... | S | |
| CVE-2021-20256 | A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an ... | | |
| CVE-2021-20257 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while proce... | S | |
| CVE-2021-20258 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20259 | A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through t... | | |
| CVE-2021-20260 | A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API ... | | |
| CVE-2021-20261 | A race condition was found in the Linux kernels implementation of the floppy disk drive controller d... | S | |
| CVE-2021-20262 | A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the passwo... | | |
| CVE-2021-20263 | A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' ... | S | |
| CVE-2021-20264 | An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 co... | | |
| CVE-2021-20265 | A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the L... | S | |
| CVE-2021-20266 | A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify... | S | |
| CVE-2021-20267 | A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully cr... | S | |
| CVE-2021-20268 | An out-of-bounds access flaw was found in the Linux kernel's implementation of the eBPF code verifie... | S | |
| CVE-2021-20269 | A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local u... | | |
| CVE-2021-20270 | An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when pe... | S | |
| CVE-2021-20271 | A flaw was found in RPM's signature check functionality when reading a package file. This flaw allow... | S | |
| CVE-2021-20272 | A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CG... | S | |
| CVE-2021-20273 | A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is... | S | |
| CVE-2021-20274 | A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the... | S | |
| CVE-2021-20275 | A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_c... | S | |
| CVE-2021-20276 | A flaw was found in privoxy before 3.0.32. Invalid memory access with an invalid pattern passed to p... | S | |
| CVE-2021-20277 | A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can le... | | |
| CVE-2021-20278 | An authentication bypass vulnerability was found in Kiali in versions before 1.31.0 when the authent... | S | |
| CVE-2021-20279 | The ID number user profile field required additional sanitizing to prevent a stored XSS risk in mood... | S | |
| CVE-2021-20280 | Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risk... | E S | |
| CVE-2021-20281 | It was possible for some users without permission to view other users' full names to do so via the o... | S | |
| CVE-2021-20282 | When creating a user account, it was possible to verify the account without having access to the ver... | S | |
| CVE-2021-20283 | The web service responsible for fetching other users' enrolled courses did not validate that the req... | S | |
| CVE-2021-20284 | A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slu... | E | |
| CVE-2021-20285 | A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a d... | E | |
| CVE-2021-20286 | A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead ... | S | |
| CVE-2021-20287 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20288 | An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_... | S | |
| CVE-2021-20289 | A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and m... | S | |
| CVE-2021-20290 | An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-prox... | E M | |
| CVE-2021-20291 | A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. Whe... | E S | |
| CVE-2021-20292 | There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouve... | S | |
| CVE-2021-20293 | A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to ... | | |
| CVE-2021-20294 | A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim usin... | E S | |
| CVE-2021-20295 | It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.red... | | |
| CVE-2021-20296 | A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attac... | S | |
| CVE-2021-20297 | A flaw was found in NetworkManager in versions before 1.30.0. Setting match.path and activating a pr... | S | |
| CVE-2021-20298 | A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted f... | S | |
| CVE-2021-20299 | A flaw was found in OpenEXR's Multipart input file functionality. A crafted multi-part input file wi... | S | |
| CVE-2021-20300 | A flaw was found in OpenEXR's hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw al... | S | |
| CVE-2021-20301 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20302 | A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can sub... | S | |
| CVE-2021-20303 | A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to ... | S | |
| CVE-2021-20304 | A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a c... | E S | |
| CVE-2021-20305 | A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification fun... | S | |
| CVE-2021-20306 | A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any pr... | | |
| CVE-2021-20307 | Format string vulnerability in panoFileOutputNamesCreate() in libpano13 2.9.20~rc2+dfsg-3 and earlie... | | |
| CVE-2021-20308 | Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and ... | E | |
| CVE-2021-20309 | A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zer... | S | |
| CVE-2021-20310 | A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzaz... | S | |
| CVE-2021-20311 | A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransform... | S | |
| CVE-2021-20312 | A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage... | S | |
| CVE-2021-20313 | A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculat... | S | |
| CVE-2021-20314 | Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead t... | S | |
| CVE-2021-20315 | A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS ... | | |
| CVE-2021-20316 | A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated... | M | |
| CVE-2021-20317 | A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in... | S | |
| CVE-2021-20318 | The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote a... | | |
| CVE-2021-20319 | An improper signature verification vulnerability was found in coreos-installer. A specially crafted ... | S | |
| CVE-2021-20320 | A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kerne... | | |
| CVE-2021-20321 | A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way ... | | |
| CVE-2021-20322 | A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Lin... | S | |
| CVE-2021-20323 | A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.... | | |
| CVE-2021-20324 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20325 | Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat ... | | |
| CVE-2021-20326 | Specially crafted query may result in a denial of service of mongod | S | |
| CVE-2021-20327 | MongoDB Node.js client side field level encryption library may not be validating KMS certificate | | |
| CVE-2021-20328 | MongoDB Java driver client-side field level encryption not verifying KMS host name | S | |
| CVE-2021-20329 | Specific cstrings input may not be properly validated in the Go Driver | | |
| CVE-2021-20330 | Specific replication command with malformed oplog entries can crash secondaries | S | |
| CVE-2021-20331 | MongoDB C# Driver may publish events containing authentication-related data to a command listener configured by an application | S | |
| CVE-2021-20332 | MongoDB Rust Driver may publish events containing authentication-related data to a connection pool event listener configured by an application | S | |
| CVE-2021-20333 | Server log entry spoofing via newline injection | E S | |
| CVE-2021-20334 | Local privilege escalation in MongoDB Compass for Windows | | |
| CVE-2021-20335 | SSL may be unexpectedly disabled during upgrade of multiple-server MongoDB Ops Manager | | |
| CVE-2021-20336 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerabilit... | | |
| CVE-2021-20337 | IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic... | S | |
| CVE-2021-20338 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulner... | S | |
| CVE-2021-20340 | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to ... | S | |
| CVE-2021-20341 | IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in ... | | |
| CVE-2021-20343 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF... | S | |
| CVE-2021-20345 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF... | S | |
| CVE-2021-20346 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF... | S | |
| CVE-2021-20347 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF... | S | |
| CVE-2021-20348 | IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF... | S | |
| CVE-2021-20349 | IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by ... | | |
| CVE-2021-20350 | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to ... | S | |
| CVE-2021-20351 | IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to ... | S | |
| CVE-2021-20352 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users... | S | |
| CVE-2021-20353 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Inje... | S | |
| CVE-2021-20354 | IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directo... | S | |
| CVE-2021-20355 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain s... | S | |
| CVE-2021-20357 | IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users ... | S | |
| CVE-2021-20358 | IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear ... | | |
| CVE-2021-20359 | IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Compone... | | |
| CVE-2021-20360 | IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could all... | | |
| CVE-2021-20361 | IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows ... | | |
| CVE-2021-20362 | IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows ... | | |
| CVE-2021-20363 | IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows ... | | |
| CVE-2021-20364 | IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows ... | | |
| CVE-2021-20365 | IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows ... | | |
| CVE-2021-20366 | IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows ... | | |
| CVE-2021-20368 | IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows ... | | |
| CVE-2021-20369 | IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could all... | | |
| CVE-2021-20371 | IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive i... | S | |
| CVE-2021-20372 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a... | S | |
| CVE-2021-20373 | IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using th... | S | |
| CVE-2021-20374 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulne... | S | |
| CVE-2021-20375 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and... | S | |
| CVE-2021-20376 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate... | S | |
| CVE-2021-20377 | IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a deta... | S | |
| CVE-2021-20378 | IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout whic... | S | |
| CVE-2021-20379 | IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 uses weaker than expected cryptographic algor... | S | |
| CVE-2021-20380 | IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remo... | | |
| CVE-2021-20385 | IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands... | S | |
| CVE-2021-20386 | IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to... | S | |
| CVE-2021-20389 | IBM Security Guardium 11.2 stores user credentials in plain clear text which can be read by a local ... | S | |
| CVE-2021-20391 | IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which c... | | |
| CVE-2021-20392 | IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This v... | | |
| CVE-2021-20393 | IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensi... | | |
| CVE-2021-20396 | IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored... | | |
| CVE-2021-20397 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users t... | | |
| CVE-2021-20399 | IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity... | S | |
| CVE-2021-20400 | IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an a... | S | |
| CVE-2021-20401 | IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key... | | |
| CVE-2021-20402 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensit... | | |
| CVE-2021-20403 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 is vulnerable to cross-site request forgery wh... | | |
| CVE-2021-20404 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user on the network to cause a d... | | |
| CVE-2021-20405 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to perform unauthorized act... | | |
| CVE-2021-20406 | IBM Security Verify Information Queue information disclosure | S | |
| CVE-2021-20407 | IBM Security Verify Information Queue information disclosure | S | |
| CVE-2021-20408 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to... | S | |
| CVE-2021-20409 | IBM Security Verify Information Queue information disclosure | S | |
| CVE-2021-20410 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text whi... | S | |
| CVE-2021-20411 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a user to impersonate another user... | S | |
| CVE-2021-20412 | IBM Security Verify Information Queue 1.0.6 and 1.0.7 contains hard-coded credentials, such as a pas... | S | |
| CVE-2021-20413 | IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive informa... | S | |
| CVE-2021-20414 | IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information d... | | |
| CVE-2021-20415 | IBM Guardium Data Encryption (GDE) 4.0.0.4 uses an inadequate account lockout setting that could all... | S | |
| CVE-2021-20416 | IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensi... | S | |
| CVE-2021-20417 | IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive informa... | S | |
| CVE-2021-20418 | IBM Security Guardium 11.2 does not require that users should have strong passwords by default, whic... | | |
| CVE-2021-20419 | IBM Security Guardium 11.2 uses weaker than expected cryptographic algorithms that could allow an at... | S | |
| CVE-2021-20420 | IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs ... | | |
| CVE-2021-20421 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forg... | S | |
| CVE-2021-20422 | IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by a... | | |
| CVE-2021-20423 | IBM Cloud Pak for Applications 4.3 could allow an authenticated user gain escalated privilesges due ... | | |
| CVE-2021-20424 | IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information whe... | | |
| CVE-2021-20426 | IBM Security Guardium 11.2 contains hard-coded credentials, such as a password or cryptographic key,... | S | |
| CVE-2021-20427 | IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote atta... | | |
| CVE-2021-20428 | IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a deta... | S | |
| CVE-2021-20429 | IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an o... | | |
| CVE-2021-20430 | IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote atta... | S | |
| CVE-2021-20431 | IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout w... | S | |
| CVE-2021-20432 | IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses Cross-Origin Resource Sharing (CORS) which coul... | | |
| CVE-2021-20433 | IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that ... | | |
| CVE-2021-20434 | IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by ... | S | |
| CVE-2021-20435 | IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a loca... | S | |
| CVE-2021-20439 | IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials... | S | |
| CVE-2021-20440 | IBM API Connect 10.0.0.0, and 2018.4.1.0 through 2018.4.1.13 does not restrict member registration t... | | |
| CVE-2021-20441 | IBM Security Verify Bridge uses weaker than expected cryptographic algorithms that could allow an at... | S | |
| CVE-2021-20442 | IBM Security Verify Bridge contains hard-coded credentials, such as a password or cryptographic key,... | S | |
| CVE-2021-20443 | IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library) from... | S | |
| CVE-2021-20444 | IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability ... | S | |
| CVE-2021-20445 | IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to ... | S | |
| CVE-2021-20446 | IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability ... | S | |
| CVE-2021-20447 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users... | S | |
| CVE-2021-20448 | IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users ... | S | |
| CVE-2021-20450 | IBM Cognos Controller information disclosure | | |
| CVE-2021-20451 | IBM Cognos Controller SQL injection | | |
| CVE-2021-20453 | IBM WebSphere Application Server 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection ... | S | |
| CVE-2021-20454 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injec... | | |
| CVE-2021-20455 | IBM Cognos Controller information disclosure | | |
| CVE-2021-20461 | IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System ... | | |
| CVE-2021-20464 | IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable... | S | |
| CVE-2021-20468 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which co... | S | |
| CVE-2021-20470 | IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by d... | S | |
| CVE-2021-20473 | IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after l... | S | |
| CVE-2021-20474 | IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for funct... | S | |
| CVE-2021-20477 | IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to... | | |
| CVE-2021-20478 | IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of anothe... | S | |
| CVE-2021-20479 | IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic alg... | | |
| CVE-2021-20480 | IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSR... | S | |
| CVE-2021-20481 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulner... | S | |
| CVE-2021-20482 | IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Inject... | | |
| CVE-2021-20483 | IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending ... | S | |
| CVE-2021-20484 | IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulner... | S | |
| CVE-2021-20485 | IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive ... | S | |
| CVE-2021-20486 | IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when in... | S | |
| CVE-2021-20487 | IBM Power9 Self Boot Engine(SBE) could allow a privileged user to inject malicious code and compromi... | | |
| CVE-2021-20488 | IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwo... | S | |
| CVE-2021-20489 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which ... | S | |
| CVE-2021-20490 | IBM Spectrum Protect Plus 10.1.0 through 10.1.8 could allow a local user to cause a denial of servic... | | |
| CVE-2021-20491 | IBM Spectrum Protect Server 7.1 and 8.1 is subject to a stack-based buffer overflow caused by improp... | S | |
| CVE-2021-20492 | IBM WebSphere Application Server 8.0, 8.5, 9.0, and Liberty Java Batch is vulnerable to an XML Exter... | S | |
| CVE-2021-20493 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability all... | S | |
| CVE-2021-20494 | IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap based buffer overflow, c... | S | |
| CVE-2021-20496 | IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to im... | S | |
| CVE-2021-20497 | IBM Security Verify Access Docker 10.0.0 uses weaker than expected cryptographic algorithms that cou... | S | |
| CVE-2021-20498 | IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be ... | S | |
| CVE-2021-20499 | IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive informati... | S | |
| CVE-2021-20500 | IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privil... | S | |
| CVE-2021-20501 | IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-dom... | | |
| CVE-2021-20502 | IBM Jazz Foundation Products are vulnerable to an XML External Entity Injection (XXE) attack when pr... | S | |
| CVE-2021-20503 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users... | S | |
| CVE-2021-20504 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users... | S | |
| CVE-2021-20505 | The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encr... | | |
| CVE-2021-20506 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users... | S | |
| CVE-2021-20507 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulner... | | |
| CVE-2021-20508 | IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information ... | | |
| CVE-2021-20509 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote att... | | |
| CVE-2021-20510 | IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be re... | S | |
| CVE-2021-20511 | IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on th... | S | |
| CVE-2021-20515 | IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper... | S | |
| CVE-2021-20517 | IBM WebSphere Application Server Network Deployment 8.5 and 9.0 could allow a remote authenticated a... | S | |
| CVE-2021-20518 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users... | S | |
| CVE-2021-20519 | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows user... | S | |
| CVE-2021-20520 | IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users... | S | |
| CVE-2021-20523 | IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive informati... | S | |
| CVE-2021-20524 | IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability a... | S | |
| CVE-2021-20526 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by ... | S | |
| CVE-2021-20527 | IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could... | | |
| CVE-2021-20528 | IBM Control Center 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to... | S | |
| CVE-2021-20529 | IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be ... | S | |
| CVE-2021-20532 | IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 could allow a local user to escalate their priv... | | |
| CVE-2021-20533 | IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbi... | S | |
| CVE-2021-20534 | IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, ... | S | |
| CVE-2021-20535 | IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forge... | | |
| CVE-2021-20536 | IBM Spectrum Protect Plus File Systems Agent 10.1.6 and 10.1.7 stores potentially sensitive informat... | | |
| CVE-2021-20537 | IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryp... | S | |
| CVE-2021-20538 | IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive informa... | | |
| CVE-2021-20539 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could dis... | S | |
| CVE-2021-20540 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could dis... | S | |
| CVE-2021-20541 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could dis... | S | |
| CVE-2021-20543 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote... | S | |
| CVE-2021-20544 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forg... | S | |
| CVE-2021-20546 | IBM Spectrum Protect Client 8.1.0.0 through 8.1.11.0 is vulnerable to a stack-based buffer overflow,... | S | |
| CVE-2021-20549 | IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users ... | | |
| CVE-2021-20550 | IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users ... | | |
| CVE-2021-20551 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally whi... | S | |
| CVE-2021-20552 | IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive ... | S | |
| CVE-2021-20553 | IBM Sterling B2B Integrator Standard Edition cross-site scripting | | |
| CVE-2021-20554 | IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnera... | S | |
| CVE-2021-20556 | IBM Cognos Controller information disclosure | | |
| CVE-2021-20557 | IBM Security Guardium 11.2 could allow a remote authenticated attacker to execute arbitrary commands... | S | |
| CVE-2021-20559 | IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allow... | S | |
| CVE-2021-20560 | IBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker... | S | |
| CVE-2021-20561 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulner... | S | |
| CVE-2021-20562 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_3 and 6.1.0.0 through 6.1.0.2 v... | E S | |
| CVE-2021-20563 | IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain s... | S | |
| CVE-2021-20564 | IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remo... | | |
| CVE-2021-20565 | IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 uses a protection ... | | |
| CVE-2021-20566 | IBM Resilient SOAR V38.0 uses weaker than expected cryptographic algorithms that could allow an atta... | S | |
| CVE-2021-20567 | IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due... | S | |
| CVE-2021-20569 | IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper... | | |
| CVE-2021-20571 | IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. Th... | S | |
| CVE-2021-20572 | IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a stack-based buffer overflow, ... | S | |
| CVE-2021-20573 | IBM Security Identity Manager Adapters 6.0 and 7.0 are vulnerable to a heap-based buffer overflow, c... | S | |
| CVE-2021-20574 | IBM Security Identity Manager Adapters 6.0 and 7.0 could allow a remote authenticated attacker to co... | S | |
| CVE-2021-20575 | IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another ... | S | |
| CVE-2021-20576 | IBM Security Verify Access 20.07 could allow a remote attacker to send a specially crafted HTTP GET ... | S | |
| CVE-2021-20577 | IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vu... | S | |
| CVE-2021-20578 | IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to ... | S | |
| CVE-2021-20579 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 co... | S | |
| CVE-2021-20580 | IBM Planning Analytics 2.0 could be vulnerable to cross-site request forgery (CSRF) which could allo... | | |
| CVE-2021-20581 | IBM Security Verify Privilege information disclosure | S | |
| CVE-2021-20582 | IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead ... | | |
| CVE-2021-20583 | IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive informati... | S | |
| CVE-2021-20584 | IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary ... | S | |
| CVE-2021-20585 | IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that co... | | |
| CVE-2021-20586 | Resource management errors vulnerability in a robot controller of MELFA FR Series(controller "CR800-... | | |
| CVE-2021-20587 | Heap-based buffer overflow vulnerability in Mitsubishi Electric FA Engineering Software (CPU Module ... | | |
| CVE-2021-20588 | Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric FA Engineer... | | |
| CVE-2021-20589 | Buffer access with incorrect length value vulnerability in GOT2000 series GT27 model communication d... | | |
| CVE-2021-20590 | Improper authentication vulnerability in GOT2000 series GT27 model VNC server versions 01.39.010 and... | | |
| CVE-2021-20591 | Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU module... | | |
| CVE-2021-20592 | Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.... | | |
| CVE-2021-20593 | Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/... | | |
| CVE-2021-20594 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELS... | | |
| CVE-2021-20595 | Improper Restriction of XML External Entity Reference vulnerability in Mitsubishi Electric Air Condi... | | |
| CVE-2021-20596 | NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L f... | S | |
| CVE-2021-20597 | Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety ... | | |
| CVE-2021-20598 | Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series... | | |
| CVE-2021-20599 | Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulne... | | |
| CVE-2021-20600 | Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12C... | | |
| CVE-2021-20601 | Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT... | | |
| CVE-2021-20602 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20603 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20604 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20605 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-20606 | Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubi... | S | |
| CVE-2021-20607 | Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubis... | S | |
| CVE-2021-20608 | Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 v... | | |
| CVE-2021-20609 | Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02C... | | |
| CVE-2021-20610 | Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R... | | |
| CVE-2021-20611 | Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELS... | | |
| CVE-2021-20612 | Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware vers... | | |
| CVE-2021-20613 | Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, ... | | |
| CVE-2021-20616 | Untrusted search path vulnerability in the installer of SKYSEA Client View Ver.1.020.05b to Ver.16.0... | | |
| CVE-2021-20617 | Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3... | | |
| CVE-2021-20618 | Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and ... | | |
| CVE-2021-20619 | Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote att... | | |
| CVE-2021-20620 | Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote atta... | S | |
| CVE-2021-20621 | Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and... | S | |
| CVE-2021-20622 | Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600... | S | |
| CVE-2021-20623 | Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the ... | | |
| CVE-2021-20624 | Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authe... | | |
| CVE-2021-20625 | Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an ... | | |
| CVE-2021-20626 | Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authentic... | | |
| CVE-2021-20627 | Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote a... | | |
| CVE-2021-20628 | Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote a... | | |
| CVE-2021-20629 | Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attacke... | | |
| CVE-2021-20630 | Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows aut... | | |
| CVE-2021-20631 | Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authe... | | |
| CVE-2021-20632 | Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows aut... | | |
| CVE-2021-20633 | Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authentica... | | |
| CVE-2021-20634 | Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authent... | | |
| CVE-2021-20635 | Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an attacke... | | |
| CVE-2021-20636 | Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to... | | |
| CVE-2021-20637 | Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/PR5B allows a remote attac... | | |
| CVE-2021-20638 | LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS comm... | | |
| CVE-2021-20639 | LOGITEC LAN-W300N/PGRB allows an attacker with administrative privilege to execute arbitrary OS comm... | | |
| CVE-2021-20640 | Buffer overflow vulnerability in LOGITEC LAN-W300N/PGRB allows an attacker with administrative privi... | | |
| CVE-2021-20641 | Cross-site request forgery (CSRF) vulnerability in LOGITEC LAN-W300N/RS allows remote attackers to h... | | |
| CVE-2021-20642 | Improper check or handling of exceptional conditions in LOGITEC LAN-W300N/RS allows a remote attacke... | | |
| CVE-2021-20643 | Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the admin... | | |
| CVE-2021-20644 | ELECOM WRC-1467GHBK-A allows arbitrary scripts to be executed on the user's web browser by displayin... | | |
| CVE-2021-20645 | Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to ... | | |
| CVE-2021-20646 | Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-A allows remote attackers to h... | | |
| CVE-2021-20647 | Cross-site request forgery (CSRF) vulnerability in ELECOM WRC-300FEBK-S allows remote attackers to h... | | |
| CVE-2021-20648 | ELECOM WRC-300FEBK-S allows an attacker with administrator rights to execute arbitrary OS commands v... | | |
| CVE-2021-20649 | ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-mid... | | |
| CVE-2021-20650 | Cross-site request forgery (CSRF) vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to... | | |
| CVE-2021-20651 | Directory traversal vulnerability in ELECOM File Manager all versions allows remote attackers to cre... | | |
| CVE-2021-20652 | Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote a... | | |
| CVE-2021-20653 | Calsos CSDJ (CSDJ-B 01.08.00 and earlier, CSDJ-H 01.08.00 and earlier, CSDJ-D 01.08.00 and earlier, ... | | |
| CVE-2021-20654 | Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple sto... | E | |
| CVE-2021-20655 | FileZen (V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2) allows a remote attacker with administrator rights t... | E | |
| CVE-2021-20656 | Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5... | | |
| CVE-2021-20657 | Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an a... | | |
| CVE-2021-20658 | SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands ... | | |
| CVE-2021-20659 | SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary... | | |
| CVE-2021-20660 | Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an atta... | | |
| CVE-2021-20661 | Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenti... | | |
| CVE-2021-20662 | Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allo... | | |
| CVE-2021-20663 | Cross-site scripting vulnerability in in Role authority setting screen of Movable Type 7 r.4705 and ... | | |
| CVE-2021-20664 | Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earl... | | |
| CVE-2021-20665 | Cross-site scripting vulnerability in in Add asset screen of Contents field of Movable Type 7 r.4705... | | |
| CVE-2021-20667 | Stored cross-site scripting vulnerability due to inadequate CSP (Content Security Policy) configurat... | | |
| CVE-2021-20668 | Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administra... | | |
| CVE-2021-20669 | Path traversal vulnerability in GROWI versions v4.2.2 and earlier allows an attacker with administra... | | |
| CVE-2021-20670 | Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote unauthent... | | |
| CVE-2021-20671 | Invalid file validation on the upload feature in GROWI versions v4.2.2 allows a remote attacker with... | | |
| CVE-2021-20672 | Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameter... | | |
| CVE-2021-20673 | Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 ... | | |
| CVE-2021-20674 | Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2... | | |
| CVE-2021-20675 | M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.... | | |
| CVE-2021-20676 | M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.... | | |
| CVE-2021-20677 | UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.... | | |
| CVE-2021-20678 | SQL injection vulnerability in the Paid Memberships Pro versions prior to 2.5.6 allows remote authen... | | |
| CVE-2021-20679 | Fuji Xerox multifunction devices and printers (DocuCentre-VII C7773/C6673/C5573/C4473/C3373/C3372/C2... | | |
| CVE-2021-20680 | Cross-site scripting vulnerability in NEC Aterm devices (Aterm WG1900HP2 firmware Ver.1.3.1 and earl... | | |
| CVE-2021-20681 | Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior ... | S | |
| CVE-2021-20682 | baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execut... | S | |
| CVE-2021-20683 | Improper neutralization of JavaScript input in the blog article editing function of baserCMS version... | S | |
| CVE-2021-20684 | Cross-site scripting vulnerability in MagazinegerZ v.1.01 allows remote attackers to inject an arbit... | | |
| CVE-2021-20685 | Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary s... | | |
| CVE-2021-20686 | Cross-site scripting vulnerability in Kagemai 0.8.8 allows remote attackers to inject an arbitrary s... | | |
| CVE-2021-20687 | Cross-site request forgery (CSRF) vulnerability in Kagemai 0.8.8 allows remote attackers to hijack t... | | |
| CVE-2021-20688 | Cross-site scripting vulnerability in Click Ranker Ver.3.5 allows remote attackers to inject an arbi... | | |
| CVE-2021-20689 | Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbit... | | |
| CVE-2021-20690 | Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbit... | | |
| CVE-2021-20691 | Cross-site scripting vulnerability in Yomi-Search Ver4.22 allows remote attackers to inject an arbit... | | |
| CVE-2021-20692 | Directory traversal vulnerability in Archive collectively operation utility Ver.2.10.1.0 and earlier... | | |
| CVE-2021-20693 | Improper access control vulnerability in Gurunavi App for Android ver.10.0.10 and earlier and for iO... | | |
| CVE-2021-20694 | Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remot... | | |
| CVE-2021-20695 | Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.... | | |
| CVE-2021-20696 | DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to execute arbit... | | |
| CVE-2021-20697 | Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows ... | | |
| CVE-2021-20698 | Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and... | | |
| CVE-2021-20699 | Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 an... | | |
| CVE-2021-20700 | Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLU... | | |
| CVE-2021-20701 | Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLU... | | |
| CVE-2021-20702 | Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EX... | | |
| CVE-2021-20703 | Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EX... | | |
| CVE-2021-20704 | Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Wind... | | |
| CVE-2021-20705 | Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, ... | | |
| CVE-2021-20706 | Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, ... | | |
| CVE-2021-20707 | Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and e... | | |
| CVE-2021-20708 | NEC Aterm devices (Aterm WF1200CR firmware Ver1.3.2 and earlier, Aterm WG1200CR firmware Ver1.3.3 an... | M | |
| CVE-2021-20709 | Improper validation of integrity check value vulnerability in NEC Aterm WF1200CR firmware Ver1.3.2 a... | M | |
| CVE-2021-20710 | Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote att... | | |
| CVE-2021-20711 | Aterm WG2600HS firmware Ver1.5.1 and earlier allows an attacker to execute arbitrary OS commands via... | M | |
| CVE-2021-20712 | Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and Aterm... | M | |
| CVE-2021-20713 | Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an... | | |
| CVE-2021-20714 | Directory traversal vulnerability in WP Fastest Cache versions prior to 0.9.1.7 allows a remote atta... | | |
| CVE-2021-20715 | Improper access control vulnerability in Hot Pepper Gourmet App for Android ver.4.111.0 and earlier,... | | |
| CVE-2021-20716 | Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G5... | | |
| CVE-2021-20717 | Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a sp... | S | |
| CVE-2021-20718 | mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) conditio... | | |
| CVE-2021-20719 | RFNTPS firmware versions System_01000004 and earlier, and Web_01000004 and earlier allow an attacker... | | |
| CVE-2021-20720 | SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 allows remote attackers to exec... | | |
| CVE-2021-20721 | KonaWiki2 versions prior to 2.2.4 allows a remote attacker to upload arbitrary files via unspecified... | | |
| CVE-2021-20722 | Untrusted search path vulnerability in the installers of ScanSnap Manager prior to versions V7.0L20 ... | | |
| CVE-2021-20723 | Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last u... | | |
| CVE-2021-20724 | Reflected cross-site scripting vulnerability in the admin page of [Telop01] free edition ver1.0.1 an... | | |
| CVE-2021-20725 | Reflected cross-site scripting vulnerability in the admin page of [Calendar01] free edition ver1.0.1... | | |
| CVE-2021-20726 | Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an att... | | |
| CVE-2021-20727 | Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an a... | | |
| CVE-2021-20728 | Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS... | | |
| CVE-2021-20729 | Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.... | | |
| CVE-2021-20730 | Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 f... | | |
| CVE-2021-20731 | WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attac... | | |
| CVE-2021-20732 | The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iO... | | |
| CVE-2021-20733 | Improper authorization in handler for custom URL scheme vulnerability in あすけんダイエット (asken diet) for ... | | |
| CVE-2021-20734 | Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attac... | | |
| CVE-2021-20735 | Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series... | | |
| CVE-2021-20736 | NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain ... | | |
| CVE-2021-20737 | Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to... | | |
| CVE-2021-20738 | WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent a... | | |
| CVE-2021-20739 | WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H3... | | |
| CVE-2021-20740 | Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Sto... | | |
| CVE-2021-20741 | Cross-site scripting vulnerability in Hitachi Application Server Help (Hitachi Application Server V1... | | |
| CVE-2021-20742 | Cross-site scripting vulnerability in EC-CUBE Business form output plugin (for EC-CUBE 3.0 series) v... | | |
| CVE-2021-20743 | Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin (for EC-CUBE 3.0 s... | | |
| CVE-2021-20744 | Cross-site scripting vulnerability in EC-CUBE Category contents plugin (for EC-CUBE 3.0 series) vers... | | |
| CVE-2021-20745 | Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system w... | | |
| CVE-2021-20746 | Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote auth... | | |
| CVE-2021-20747 | Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versi... | | |
| CVE-2021-20748 | Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses ... | | |
| CVE-2021-20749 | Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Sing... | S | |
| CVE-2021-20750 | Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-C... | | |
| CVE-2021-20751 | Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a ... | | |
| CVE-2021-20752 | Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inj... | | |
| CVE-2021-20753 | Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote auth... | | |
| CVE-2021-20754 | Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote ... | | |
| CVE-2021-20755 | Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote ... | | |
| CVE-2021-20756 | Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote... | | |
| CVE-2021-20757 | Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a rem... | | |
| CVE-2021-20758 | Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a ... | | |
| CVE-2021-20759 | Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a r... | | |
| CVE-2021-20760 | Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a rem... | | |
| CVE-2021-20761 | Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote at... | | |
| CVE-2021-20762 | Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote au... | | |
| CVE-2021-20763 | Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a rem... | | |
| CVE-2021-20764 | Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a ... | | |
| CVE-2021-20765 | Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attac... | | |
| CVE-2021-20766 | Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attack... | | |
| CVE-2021-20767 | Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remo... | | |
| CVE-2021-20768 | Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to... | | |
| CVE-2021-20769 | Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authe... | | |
| CVE-2021-20770 | Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authen... | | |
| CVE-2021-20771 | Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allow... | | |
| CVE-2021-20772 | Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote au... | | |
| CVE-2021-20773 | There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authe... | | |
| CVE-2021-20774 | Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allow... | | |
| CVE-2021-20775 | Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote... | | |
| CVE-2021-20776 | Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass a... | | |
| CVE-2021-20777 | Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions... | | |
| CVE-2021-20778 | Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker t... | S | |
| CVE-2021-20779 | Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail ... | | |
| CVE-2021-20780 | Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earl... | | |
| CVE-2021-20781 | Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter ve... | | |
| CVE-2021-20782 | Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 ... | | |
| CVE-2021-20783 | Cross-site request forgery (CSRF) vulnerability in Optical BB unit E-WMTA2.3 allows a remote attacke... | | |
| CVE-2021-20784 | HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version ... | | |
| CVE-2021-20785 | Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the v... | | |
| CVE-2021-20786 | Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2... | | |
| CVE-2021-20787 | Cross-site scripting vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the v... | | |
| CVE-2021-20788 | Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver... | | |
| CVE-2021-20789 | Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version ... | | |
| CVE-2021-20790 | Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows ... | | |
| CVE-2021-20791 | Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to... | | |
| CVE-2021-20792 | Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remot... | S | |
| CVE-2021-20793 | Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and th... | | |
| CVE-2021-20795 | Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.... | | |
| CVE-2021-20796 | Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a r... | | |
| CVE-2021-20797 | Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 al... | | |
| CVE-2021-20798 | Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 ... | | |
| CVE-2021-20799 | Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 ... | | |
| CVE-2021-20800 | Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a ... | | |
| CVE-2021-20801 | Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External ... | | |
| CVE-2021-20802 | HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker... | | |
| CVE-2021-20803 | Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows... | | |
| CVE-2021-20804 | Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of ser... | | |
| CVE-2021-20805 | Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 ... | | |
| CVE-2021-20806 | Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redir... | | |
| CVE-2021-20807 | Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 ... | | |
| CVE-2021-20808 | Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earli... | | |
| CVE-2021-20809 | Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Typ... | | |
| CVE-2021-20810 | Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.49... | | |
| CVE-2021-20811 | Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 a... | | |
| CVE-2021-20812 | Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Ad... | | |
| CVE-2021-20813 | Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.... | | |
| CVE-2021-20814 | Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Mov... | | |
| CVE-2021-20815 | Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903... | | |
| CVE-2021-20825 | Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3.0 s... | | |
| CVE-2021-20826 | Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One C... | | |
| CVE-2021-20827 | Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU mo... | | |
| CVE-2021-20828 | Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all... | | |
| CVE-2021-20829 | Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 ... | | |
| CVE-2021-20831 | Cross-site request forgery (CSRF) vulnerability in OG Tags versions prior to 2.0.2 allows a remote a... | | |
| CVE-2021-20832 | InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510)... | | |
| CVE-2021-20833 | The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate pro... | M | |
| CVE-2021-20834 | Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versio... | | |
| CVE-2021-20835 | Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpa... | | |
| CVE-2021-20836 | Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with ad... | S | |
| CVE-2021-20837 | Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable T... | E | |
| CVE-2021-20838 | Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthe... | S | |
| CVE-2021-20839 | Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthe... | S | |
| CVE-2021-20840 | Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions... | | |
| CVE-2021-20841 | Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote au... | E S | |
| CVE-2021-20842 | Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote... | E S | |
| CVE-2021-20843 | Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 ... | M | |
| CVE-2021-20844 | Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of... | M | |
| CVE-2021-20845 | Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.... | | |
| CVE-2021-20846 | Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions ... | | |
| CVE-2021-20847 | Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP... | | |
| CVE-2021-20848 | Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 allows a remote attacker to inj... | | |
| CVE-2021-20850 | PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earl... | S | |
| CVE-2021-20851 | Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prio... | | |
| CVE-2021-20852 | Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-7... | | |
| CVE-2021-20853 | ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior)... | | |
| CVE-2021-20854 | ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior)... | | |
| CVE-2021-20855 | Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and ... | | |
| CVE-2021-20856 | Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and ... | | |
| CVE-2021-20857 | Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allo... | | |
| CVE-2021-20858 | Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allo... | | |
| CVE-2021-20859 | ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, W... | | |
| CVE-2021-20860 | Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 a... | | |
| CVE-2021-20861 | Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, ... | | |
| CVE-2021-20862 | Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-... | | |
| CVE-2021-20863 | OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-116... | | |
| CVE-2021-20864 | Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-... | | |
| CVE-2021-20865 | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 ... | | |
| CVE-2021-20866 | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 ... | | |
| CVE-2021-20867 | Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 ... | | |
| CVE-2021-20868 | Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earli... | M | |
| CVE-2021-20869 | Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub se... | M | |
| CVE-2021-20870 | Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series (bizhub C7... | M | |
| CVE-2021-20871 | Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub se... | M | |
| CVE-2021-20872 | Protection mechanism failure vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and ... | M | |
| CVE-2021-20873 | Yappli is an application development platform which provides the function to access a requested URL ... | | |
| CVE-2021-20874 | Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver... | | |
| CVE-2021-20875 | Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ... | | |
| CVE-2021-20876 | Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud... | | |
| CVE-2021-20877 | Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers... | | |
| CVE-2021-20986 | Hilscher: Denial of Service vulnerability in PROFINET IO Device | | |
| CVE-2021-20987 | Hilscher: EtherNet/IP stack crash for specific CIP service | | |
| CVE-2021-20988 | Hilscher rcX RTOS: Wrong handling of the UDP checksum | | |
| CVE-2021-20989 | Fibaro Home Center Insufficient remote access server authorization | E | |
| CVE-2021-20990 | Fibaro Home Center Unauthenticated access to shutdown, reboot and reboot to recovery mode | E | |
| CVE-2021-20991 | Fibaro Home Center Authenticated remote command execution | E | |
| CVE-2021-20992 | Fibaro Home Center Unencrypted management interface | E | |
| CVE-2021-20993 | WAGO: Managed Switches: Exposure of sensitive information through directory listing | S | |
| CVE-2021-20994 | WAGO: Managed Switches: Reflected Cross-site Scripting | S | |
| CVE-2021-20995 | WAGO: Managed Switches: Storage of user credentials in a cookie | S | |
| CVE-2021-20996 | WAGO: Managed Switches: Unsecure Cookie settings | S | |
| CVE-2021-20997 | WAGO: Managed Switches: Unauthorized access to password hashes | S | |
| CVE-2021-20998 | WAGO: Managed Switches: Unauthorized creation of user accounts | S | |
| CVE-2021-20999 | WEIDMUELLER: Accidentally open network port in u-controls and IoT-Gateways | S |