CVE-2021-21xxx

There are 939 CVE in this subgroup.
Last updated: 
← Back to 2021
ID Summary Flags Max Score
CVE-2021-21000 WAGO: PFC200 Denial of Service due to the number of connections to the runtime
S
CVE-2021-21001 WAGO: PFC200 Access to files outside the home directory
S
CVE-2021-21002 Denial of Service in Phoenix Contact FL COMSERVER UNI products
S
CVE-2021-21003 Denial of Service Vulnerability in Phoenix Contact FL SWITCH SMCS series products
M
CVE-2021-21004 Cross-site Scripting Vulnerability in Phoenix Contact FL SWITCH SMCS series products
M
CVE-2021-21005 Race Condition Vulnerability in Phoenix Contact FL SWITCH SMCS series products
M
CVE-2021-21006 Heap buffer overflow when handling crafted font file could lead to arbitrary code execution
CVE-2021-21007 Uncontrolled search path element vulnerability in Illustrator 25.0 could lead to arbitrary code execution
CVE-2021-21008 Uncontrolled Search Path Element vulnerability in Animate 21.0
CVE-2021-21009 Server-side request forgery (SSRF) in Campaign Classic could lead to sensitive information disclosure
CVE-2021-21010 Uncontrolled search path element in Adobe InCopy
CVE-2021-21011 Uncontrolled Search Path Element in Adobe Captivate 2019
CVE-2021-21012 Magento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information Disclosure
CVE-2021-21013 Magento Commerce Insecure Direct Object Reference Could Lead To Information Disclosure
CVE-2021-21014 Magento Commerce Arbitrary Folder Empty Could Lead To Arbitrary Code Execution
CVE-2021-21015 Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
CVE-2021-21016 Magento Commerce Unauthorized Data Modification Could Lead to Arbitrary Code Execution
CVE-2021-21017 Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution
KEV
CVE-2021-21018 Magnto Commerce Unauthorized Data Modification Could Lead To Arbitrary Code Execution
CVE-2021-21019 Magento Commerce XML Injection Could Lead To Remote Code Execution
CVE-2021-21020 Magento Commerce Improper Access Control Vulnerability
CVE-2021-21021 Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21022 Magento Commerce Incorrect permissions Could Lead To Unauthorized Access
CVE-2021-21023 Magento Commerce Stored Cross Site Scripting Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21024 Magento Commerce Blind SQL Injection Could Lead To Unauthorized Access
CVE-2021-21025 Magento Commerce XML Injection Could Lead To Arbitrary Code Execution
CVE-2021-21026 Magento Commerce Incorrect permissions Could Lead To Unauthorized Access
CVE-2021-21027 Magento Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Data Modification
CVE-2021-21028 Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21029 Magento Commerce Reflected Cross-site Scripting Vulnerability Could Lead To Arbitrary JavaScript Execution
CVE-2021-21030 Magento Commerce Stored Cross-site Scripting Could Lead To Arbitrary Javascript Execution
CVE-2021-21031 Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
CVE-2021-21032 Magento Commerce Failure To Invalidate User Session Could Lead To Unauthorized Access
CVE-2021-21033 Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21034 Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2021-21035 Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21036 Acrobat Reader DC Integer Overflow Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21037 Acrobat Reader DC Path Traversal Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21038 Acrobat Reader DC Out-Of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21039 Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21040 Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21041 Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21042 Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2021-21043 Reflected Cross-site Scripting (XSS) on version-compare and page-compare tools
CVE-2021-21044 Acrobat Reader DC Out-Of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21045 Acrobat Reader DC Improper Installer Access Control Vulnerability Could Lead To Privilege Escalation
CVE-2021-21046 Acrobat Reader DC Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21047 Adobe Photoshop Out-Of-Bounds Write Vulnerability Could Lead To Remote Code Execution
CVE-2021-21048 Adobe Photoshop Buffer Overflow Vulnerability Could Lead To Remote Code Execution Vulnerability
CVE-2021-21049 Adobe Photoshop Out-Of-Bounds Read Vulnerability Could Lead To Remote Code Execution Vulnerability
CVE-2021-21050 Adobe Photoshop Out-Of-Bounds Read Vulnerability Could Lead To Remote Code Execution Vulnerability
CVE-2021-21051 Adobe Photoshop Buffer Overflow Vulnerability Could Lead To Remote Code Execution Vulnerability
CVE-2021-21052 Adobe Animate Out-of-Bounds Write Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21053 Adobe Illustrator Out-Of-Bounds Write Vulnerability Could Lead To Remote Code Execution
CVE-2021-21054 Adobe Illustrator Out-Of-Bounds Write Vulnerability Could Lead To Remote Code Execution Vulnerability
CVE-2021-21055 Adobe Dreamweaver Untrusted Search Path Vulnerability Could Lead To Information Disclosure
CVE-2021-21056 Adobe FrameMaker Out-of-Bounds Read Vulnerability Could Lead To Remote Code Execution
S
CVE-2021-21057 Acrobat Reader DC Invalid Memory Read Due To An Uninitialized Pointer
CVE-2021-21058 Acrobat Reader DC Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-21059 Acrobat Reader DC Buffer Overflow Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-21060 Acrobat Pro DC Improper File Parsing Could Lead to Information Disclosure
CVE-2021-21061 Acrobat Pro DC Use-After-Free Vulnerability Could Lead to Information Disclosure
CVE-2021-21062 Acrobat Reader DC Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-21063 Acrobat Reader DC Buffer Overflow Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-21064 Magento UPWARD-php Path traversal vulnerability via UPWARD Connector
CVE-2021-21065 Adobe Bridge Font Parsing Out-Of-Bounds Write Arbitrary Code Execution Vulnerability
S
CVE-2021-21066 Adobe Bridge Font Parsing Out-Of-Bounds Write Arbitrary Code Execution Vulnerability
S
CVE-2021-21067 Adobe Photoshop CoolType arbitrary stack manipulation in Type 1/Multiple Master
CVE-2021-21068 Adobe Creative Cloud installer arbitrary file overwrite vulnerability
CVE-2021-21069 Adobe Creative Cloud Privilege Escalation Vulnerability
S
CVE-2021-21070 Privilege Escalation Vulnerability in Adobe RoboHelp
S
CVE-2021-21071 Adobe Animate memory corruption vulnerability
S
CVE-2021-21072 Adobe Animate out-of-bounds read vulnerability
S
CVE-2021-21073 Adobe Animate out-of-bounds read vulnerability
S
CVE-2021-21074 Adobe Animate out-of-bounds read vulnerability
S
CVE-2021-21075 Adobe Animate out-of-bounds read vulnerability
S
CVE-2021-21076 Adobe Animate out-of-bounds read vulnerability
S
CVE-2021-21077 Adobe Animate heap-based overflow vulnerability
S
CVE-2021-21078 Adobe Creative Cloud Unquoted Service Path in CCXProcess
CVE-2021-21079 Adobe Connect Reflected Cross-site Scripting via archiveOffset parameter
CVE-2021-21080 Adobe Connect Reflected Cross-site Scripting via query parameter
CVE-2021-21082 Adobe Photoshop Memory Corruption
CVE-2021-21083 Adobe Experience Manager broken access control in DSRPReindexServlet could lead to denial-of-service
CVE-2021-21084 Adobe Experience Manager stored cross-site scripting vulnerability in resource resolver factory could lead to arbitrary code execution
CVE-2021-21085 Adobe Connect CSV injection via export feature could lead to code execution
CVE-2021-21086 Adobe Reader CoolType Arbitrary Stack Manipulation
CVE-2021-21087 ColdFusion Improper neutralization of web input during page generation could lead to arbitrary JavaScript execution in the browser
S
CVE-2021-21088 Adobe Acrobat Pro DC Use-After-Free Remote Code Execution Vulnerability
CVE-2021-21089 Adobe Acrobat Reader DC URI Parsing Out-Of-Bounds Read
CVE-2021-21090 Adobe InCopy DOCX file parsing directory traversal vulnerability could lead to remote code execution
CVE-2021-21091 Adobe Bridge HEIC File Parsing Out-Of-Bounds Read vulnerability could lead to information disclosure
CVE-2021-21092 Adobe Bridge DCM File Parsing Memory Corruption could lead to arbitrary code execution
CVE-2021-21093 Adobe Bridge SGI File Parsing Memory Corruption vulnerability could lead to arbitrary code execution
CVE-2021-21094 Adobe Bridge PDF File Parsing Out-Of-Bounds Write vulnerability could lead to arbitrary code execution
CVE-2021-21095 Adobe Bridge TTF Font Parsing Out-Of-Bounds Write vulnerability could lead to arbitrary code execution
CVE-2021-21096 Adobe Bridge Genuine Software Service Incorrect Permission Assignment could lead to Denial-of-Service
CVE-2021-21098 Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution
CVE-2021-21099 Adobe InDesign PCX file parsing out-of-bounds write vulnerability could lead to remote code execution
CVE-2021-21100 Adobe Digital Editions Arbitrary file system write vulnerability
CVE-2021-21101 Adobe Illustrator TTF font parsing out-of-bounds write vulnerability could lead to remote code execution
CVE-2021-21102 Adobe Illustrator DOCX file parsing directory traversal vulnerability could lead to remote code execution
CVE-2021-21103 Adobe Illustrator memory corruption vulnerability could lead to information disclosure
CVE-2021-21104 Adobe Illustrator memory corruption vulnerability could lead to remote code execution
CVE-2021-21105 Adobe Illustrator memory corruption vulnerability could lead to remote code execution
CVE-2021-21106 Use after free in autofill in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had...
CVE-2021-21107 Use after free in drag and drop in Google Chrome on Linux prior to 87.0.4280.141 allowed a remote at...
CVE-2021-21108 Use after free in media in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had co...
CVE-2021-21109 Use after free in payments in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had...
CVE-2021-21110 Use after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to...
CVE-2021-21111 Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker...
CVE-2021-21112 Use after free in Blink in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potenti...
CVE-2021-21113 Heap buffer overflow in Skia in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to po...
CVE-2021-21114 Use after free in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to potenti...
CVE-2021-21115 User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker w...
CVE-2021-21116 Heap buffer overflow in audio in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to p...
CVE-2021-21117 Insufficient policy enforcement in Cryptohome in Google Chrome prior to 88.0.4324.96 allowed a local...
CVE-2021-21118 Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker ...
S
CVE-2021-21119 Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had com...
CVE-2021-21120 Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potenti...
S
CVE-2021-21121 Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker ...
CVE-2021-21122 Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentia...
CVE-2021-21123 Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a rem...
CVE-2021-21124 Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 all...
CVE-2021-21125 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96...
CVE-2021-21126 Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remot...
CVE-2021-21127 Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remot...
E
CVE-2021-21128 Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to po...
E S
CVE-2021-21129 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a ...
CVE-2021-21130 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a ...
CVE-2021-21131 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a ...
CVE-2021-21132 Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote att...
CVE-2021-21133 Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attac...
CVE-2021-21134 Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote at...
CVE-2021-21135 Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a rem...
CVE-2021-21136 Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed...
S
CVE-2021-21137 Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote att...
E S
CVE-2021-21138 Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potent...
CVE-2021-21139 Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remo...
E S
CVE-2021-21140 Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentia...
S
CVE-2021-21141 Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a ...
S
CVE-2021-21142 Use after free in Payments in Google Chrome on Mac prior to 88.0.4324.146 allowed a remote attacker ...
CVE-2021-21143 Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who c...
CVE-2021-21144 Heap buffer overflow in Tab Groups in Google Chrome prior to 88.0.4324.146 allowed an attacker who c...
CVE-2021-21145 Use after free in Fonts in Google Chrome prior to 88.0.4324.146 allowed a remote attacker to potenti...
CVE-2021-21146 Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who h...
CVE-2021-21147 Inappropriate implementation in Skia in Google Chrome prior to 88.0.4324.146 allowed a local attacke...
CVE-2021-21148 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to pote...
KEV
CVE-2021-21149 Stack buffer overflow in Data Transfer in Google Chrome on Linux prior to 88.0.4324.182 allowed a re...
E S
CVE-2021-21150 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote atta...
E S
CVE-2021-21151 Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to pote...
E S
CVE-2021-21152 Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote atta...
E S
CVE-2021-21153 Stack buffer overflow in GPU Process in Google Chrome on Linux prior to 88.0.4324.182 allowed a remo...
E S
CVE-2021-21154 Heap buffer overflow in Tab Strip in Google Chrome prior to 88.0.4324.182 allowed a remote attacker ...
E S
CVE-2021-21155 Heap buffer overflow in Tab Strip in Google Chrome on Windows prior to 88.0.4324.182 allowed a remot...
E S
CVE-2021-21156 Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to pote...
CVE-2021-21157 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote atta...
E S
CVE-2021-21158 Rejected reason: Further investigation determines issue is not within scope of this CNA...
R
CVE-2021-21159 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to...
E S
CVE-2021-21160 Heap buffer overflow in WebAudio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to...
E S
CVE-2021-21161 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to...
E S
CVE-2021-21162 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potenti...
E S
CVE-2021-21163 Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a ...
CVE-2021-21164 Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed ...
CVE-2021-21165 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially e...
E S
CVE-2021-21166 Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially e...
KEV
CVE-2021-21167 Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to pote...
E S
CVE-2021-21168 Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote ...
E S
CVE-2021-21169 Out of bounds memory access in V8 in Google Chrome prior to 89.0.4389.72 allowed a remote attacker t...
E S
CVE-2021-21170 Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who...
E S
CVE-2021-21171 Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 a...
E S
CVE-2021-21172 Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 89.0.4389.72...
E S
CVE-2021-21173 Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed...
S
CVE-2021-21174 Inappropriate implementation in Referrer in Google Chrome prior to 89.0.4389.72 allowed a remote att...
E S
CVE-2021-21175 Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remo...
E S
CVE-2021-21176 Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a re...
E S
CVE-2021-21177 Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote ...
E S
CVE-2021-21178 Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389...
S
CVE-2021-21179 Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote...
E S
CVE-2021-21180 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to pot...
E S
CVE-2021-21181 Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote...
CVE-2021-21182 Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remo...
E S
CVE-2021-21183 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a re...
E S
CVE-2021-21184 Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a re...
E S
CVE-2021-21185 Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an atta...
E S
CVE-2021-21186 Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed...
CVE-2021-21187 Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remo...
CVE-2021-21188 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentia...
E S
CVE-2021-21189 Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote ...
CVE-2021-21190 Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obt...
E S
CVE-2021-21191 Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potenti...
E S
CVE-2021-21192 Heap buffer overflow in tab groups in Google Chrome prior to 89.0.4389.90 allowed a remote attacker ...
E S
CVE-2021-21193 Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentia...
KEV
CVE-2021-21194 Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker t...
CVE-2021-21195 Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentiall...
CVE-2021-21196 Heap buffer overflow in TabStrip in Google Chrome on Windows prior to 89.0.4389.114 allowed a remote...
CVE-2021-21197 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.114 allowed a remote attacker t...
CVE-2021-21198 Out of bounds read in IPC in Google Chrome prior to 89.0.4389.114 allowed a remote attacker who had ...
CVE-2021-21199 Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker wh...
CVE-2021-21200 Out of bounds read in WebUI Settings in Google Chrome prior to 89.0.4389.72 allowed a remote attacke...
E
CVE-2021-21201 Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who h...
CVE-2021-21202 Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convince...
CVE-2021-21203 Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentia...
CVE-2021-21204 Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to ...
CVE-2021-21205 Insufficient policy enforcement in navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed ...
CVE-2021-21206 Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potenti...
KEV
CVE-2021-21207 Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced...
CVE-2021-21208 Insufficient data validation in QR scanner in Google Chrome on iOS prior to 90.0.4430.72 allowed an ...
CVE-2021-21209 Inappropriate implementation in storage in Google Chrome prior to 90.0.4430.72 allowed a remote atta...
CVE-2021-21210 Inappropriate implementation in Network in Google Chrome prior to 90.0.4430.72 allowed a remote atta...
CVE-2021-21211 Inappropriate implementation in Navigation in Google Chrome on iOS prior to 90.0.4430.72 allowed a r...
CVE-2021-21212 Incorrect security UI in Network Config UI in Google Chrome on ChromeOS prior to 90.0.4430.72 allowe...
CVE-2021-21213 Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potent...
CVE-2021-21214 Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to po...
CVE-2021-21215 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote att...
CVE-2021-21216 Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote att...
CVE-2021-21217 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obt...
CVE-2021-21218 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obt...
CVE-2021-21219 Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obt...
CVE-2021-21220 Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a r...
KEV E
CVE-2021-21221 Insufficient validation of untrusted input in Mojo in Google Chrome prior to 90.0.4430.72 allowed a ...
CVE-2021-21222 Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had ...
CVE-2021-21223 Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had co...
CVE-2021-21224 Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arb...
KEV E
CVE-2021-21225 Out of bounds memory access in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker t...
CVE-2021-21226 Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who ha...
CVE-2021-21227 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker ...
CVE-2021-21228 Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an atta...
CVE-2021-21229 Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remot...
CVE-2021-21230 Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially...
CVE-2021-21231 Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker ...
CVE-2021-21232 Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to pote...
CVE-2021-21233 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote att...
CVE-2021-21234 Directory Traversal
S
CVE-2021-21235 Infinite loop in parsing PNG files in
S
CVE-2021-21236 Regular Expression Denial of Service in CairoSVG
E S
CVE-2021-21237 Git LFS can execute a Git binary from the current directory on Windows
S
CVE-2021-21238 SAML XML Signature wrapping
S
CVE-2021-21239 Open default xmlsec1 key-type preference
E S
CVE-2021-21240 Regular Expression Denial of Service in httplib2
E S
CVE-2021-21241 CSRF can expose users authentication token in Flask-Security-Too
S
CVE-2021-21242 Pre-Auth Unsafe Deserialization on AttachmentUploadServet
S
CVE-2021-21243 Pre-Auth Unsafe Deserialization on KubernetesResource
S
CVE-2021-21244 Pre-Auth SSTI via Bean validation message tampering
S
CVE-2021-21245 Pre-Auth Arbitrary File Upload
S
CVE-2021-21246 Pre-Auth Access token leak
S
CVE-2021-21247 Post-Auth Unsafe Deserialization on BasePage (AJAX)
CVE-2021-21248 Post-Auth Arbitrary Code execution via Groovy script injection
S
CVE-2021-21249 Post-Auth Unsafe Yaml deserialization
S
CVE-2021-21250 Post-Auth External Entity Expansion (XXE)
S
CVE-2021-21251 ZipSlip Arbitrary File Upload
CVE-2021-21252 Regular expression denial of service in jquery-validation
S
CVE-2021-21253 Use of a One-Way Hash without a Salt in OnlineVotingSystem
S
CVE-2021-21254 Regular expression Denial of Service in Markdown plugin
CVE-2021-21255 entities switch IDOR
S
CVE-2021-21257 Out-of-bounds write in RPL-Classic and RPL-Lite
S
CVE-2021-21258 XSS injection in ajax/kanban
S
CVE-2021-21259 Stored XSS in slide mode
E S
CVE-2021-21260 XSS in description field
E
CVE-2021-21261 Flatpak sandbox escape via spawn portal
S
CVE-2021-21263 Query Binding Exploitation in Laravel
S
CVE-2021-21264 Bypass of fix for CVE-2020-26231, Twig sandbox escape
S
CVE-2021-21265 Potential Host Header Poisoning on misconfigured servers
S
CVE-2021-21266 XXE vulnerability in OpenHAB
S
CVE-2021-21267 Regular Expression Denial-of-Service in npm schema-inspector
E
CVE-2021-21269 Path Traversal in Keymaker
S
CVE-2021-21270 Cleartext Storage of Sensitive Information
S
CVE-2021-21271 Denial of service in TenderMint Core
S
CVE-2021-21272 zip slip in ORAS
S
CVE-2021-21273 Open redirects on some federation and push requests
S
CVE-2021-21274 Denial of service attack via .well-known lookups
S
CVE-2021-21275 CSRF in MediaWiki Report extension
S
CVE-2021-21276 Privilege escalation in Polr
S
CVE-2021-21277 Angular Expressions - Remote Code Execution
S
CVE-2021-21278 Risk of code injection in RSSHub
S
CVE-2021-21279 Infinite loop in IPv6 neighbor solicitation processing
CVE-2021-21280 Out-of-bounds write when processing 6LoWPAN extension headers
E S
CVE-2021-21281 Buffer overflow due to unvalidated TCP data offset
S
CVE-2021-21282 Buffer overflow in RPL source routing header processing
S
CVE-2021-21283 XSS in Flarum Sticky extension.
S
CVE-2021-21284 privilege escalation in Moby
S
CVE-2021-21285 Docker daemon crash during image pull of malicious image
S
CVE-2021-21286 Authorization Bypass in AVideo Platform
CVE-2021-21287 Server-Side Request Forgery in MinIO Browser API
S
CVE-2021-21288 Server-side request forgery in CarrierWave
S
CVE-2021-21289 Command Injection Vulnerability in Mechanize
S
CVE-2021-21290 Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files
E S
CVE-2021-21291 Subdomain checking of whitelisted domains could allow unintended redirects
E S
CVE-2021-21292 Unquoted Windows binary path in Traccar
S
CVE-2021-21293 Unbounded connection acceptance leads to file handle exhaustion
S
CVE-2021-21294 Unbounded connection acceptance in http4s-blaze-server
S
CVE-2021-21295 Possible request smuggling in HTTP/2 due missing validation
S
CVE-2021-21296 Denial-of-service in Fleet
S
CVE-2021-21297 Prototype Pollution in Node-Red
CVE-2021-21298 Path traversal in Node-Red
S
CVE-2021-21299 Multiple Transfer-Encoding headers misinterprets request payload
S
CVE-2021-21300 malicious repositories can execute remote code while cloning
E S
CVE-2021-21301 Video feed was captured while user has disabled video
S
CVE-2021-21302 CSV Injection via csv export
S
CVE-2021-21303 Injection attack in Helm
S
CVE-2021-21304 Prototype Pollution in Dynamoose
S
CVE-2021-21305 Code Injection vulnerability in CarrierWave
E S
CVE-2021-21306 Denial of Service in Marked
S
CVE-2021-21307 Remote Code Exploit in Lucee Admin
E S
CVE-2021-21308 Improper session management for soft logout
S
CVE-2021-21309 Integer overflow on 32-bit systems
S
CVE-2021-21310 Token verification bug in next-auth
E
CVE-2021-21311 SSRF in adminer
E S
CVE-2021-21312 Stored XSS on documents
CVE-2021-21313 XSS on tabs
CVE-2021-21314 XSS injection on ticket update
CVE-2021-21315 Command Injection Vulnerability
KEV S
CVE-2021-21316 Arbitrary code execution in less-openui5
S
CVE-2021-21317 Denial of Service in uap-core
S
CVE-2021-21318 Removing access may not effect published series
S
CVE-2021-21319 Several stored XSS
S
CVE-2021-21320 User content sandbox can be confused into opening arbitrary documents
S
CVE-2021-21321 Prefix escape
S
CVE-2021-21322 Prefix escape
S
CVE-2021-21323 Regression in DNS leakage from Tor windows
S
CVE-2021-21324 Insecure Direct Object Reference (IDOR) on "Solutions"
E S
CVE-2021-21325 Stored XSS in budget type
CVE-2021-21326 Horizontal Privilege Escalation
CVE-2021-21327 Unsafe Reflection in getItemForItemtype()
E
CVE-2021-21328 Denial of Service
S
CVE-2021-21329 Multi Factor Authentication Token Improperly Validated On User Login
S
CVE-2021-21330 Open redirect vulnerability in aiohttp
S
CVE-2021-21331 DataDog API Client contains a Local Information Disclosure Vulnerability
S
CVE-2021-21332 Cross-site scripting (XSS) vulnerability in the password reset endpoint
S
CVE-2021-21333 HTML injection in email and account expiry notifications
S
CVE-2021-21334 environment variable leak
S
CVE-2021-21335 Basic Authentication can be bypassed using a malformed username
S
CVE-2021-21336 Exposure of Sensitive Information to an Unauthorized Actor in Products.PluggableAuthService ZODBRoleManager
S
CVE-2021-21337 URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
E S
CVE-2021-21338 Open Redirection in Login Handling
CVE-2021-21339 Cleartext storage of session identifier
CVE-2021-21340 Cross-Site Scripting in Content Preview
CVE-2021-21341 XStream can cause a Denial of Service
E S
CVE-2021-21342 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
E S
CVE-2021-21343 XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
E S
CVE-2021-21344 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-21345 XStream is vulnerable to a Remote Command Execution attack
E S
CVE-2021-21346 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-21347 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-21348 XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
S
CVE-2021-21349 A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
E S
CVE-2021-21350 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-21351 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-21352 Predictable tokens used for password resets
S
CVE-2021-21353 Remote code execution in pug
E S
CVE-2021-21354 Open redirect in pollbot
E S
CVE-2021-21355 Unrestricted File Upload in Form Framework
CVE-2021-21357 Broken Access Control in Form Framework
CVE-2021-21358 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
CVE-2021-21359 Denial of Service in Page Error Handling
CVE-2021-21360 Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
S
CVE-2021-21361 Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin
E S
CVE-2021-21362 Bypassing readOnly policy by creating a temporary 'mc share upload' URL
E S
CVE-2021-21363 Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
E S
CVE-2021-21364 Generated Code Contains Local Information Disclosure Vulnerability
S
CVE-2021-21365 Cross-Site Scripting in Content Rendering
E S
CVE-2021-21366 Misinterpretation of malicious XML input
S
CVE-2021-21367 Incorrect Authorization in switchboard-plug-bluetooth
S
CVE-2021-21368 Prototype poisoning
E S
CVE-2021-21369 Potential DoS in Besu HTTP JSON-RPC API
S
CVE-2021-21370 Cross-Site Scripting in Content Preview (CType menu)
CVE-2021-21371 Execution of untrusted code through config file
S
CVE-2021-21372 Nimble arbitrary code execution for specially crafted package metadata
E S
CVE-2021-21373 Nimble falls back to insecure http url when fetching packages
E
CVE-2021-21374 Nimble fails to validate certificates due to insecure httpClient defaults
E S
CVE-2021-21375 Crash in receiving updated SDP answer after initial SDP negotiation failed
E S
CVE-2021-21376 Information Exposure in OMERO.web
S
CVE-2021-21377 Open Redirect in OMERO.web
S
CVE-2021-21378 JWT authentication bypass with unknown issuer token
S
CVE-2021-21379 It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
CVE-2021-21380 Rating Script Service expose XWiki to SQL injection
CVE-2021-21381 Sandbox escape via special tokens in .desktop file
S
CVE-2021-21382 Unsafe loopback forwarding interface in Restund
E S
CVE-2021-21383 XSS in Wiki.js
E S
CVE-2021-21384 Null characters not escaped in shescape
E S
CVE-2021-21385 Disabled hostname verification and accepting self-signed certificates
S
CVE-2021-21386 Improper Neutralization of Argument Delimiters in a Decompiling Package Process
S
CVE-2021-21387 Partial secret key disclosure, improper safety number calculation, & inadequate encryption strength
CVE-2021-21388 Command Injection Vulnerability in systeminformation
S
CVE-2021-21389 BuddyPress privilege escalation via REST API
CVE-2021-21390 MITM modification of request bodies in MinIO
E S
CVE-2021-21391 Regular expression Denial of Service in multiple packages
CVE-2021-21392 Open redirect via transitional IPv6 addresses on dual-stack networks
S
CVE-2021-21393 Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
S
CVE-2021-21394 Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
S
CVE-2021-21395 Magneto-lts vulnerable to Cross-Site Request Forgery
E
CVE-2021-21396 Bulk list client endpoint exposes too much metadata about a client
S
CVE-2021-21398 Possible XSS injection through DataColumn Grid class
S
CVE-2021-21399 Unauthenticated SubSonic backend access in Ampache
E M
CVE-2021-21400 Entering code in App Lock modal sends input to conversation
S
CVE-2021-21401 Invalid free() call in Nanopb
E S
CVE-2021-21402 Unauthenticated Arbitrary File Access in Jellyfin
S
CVE-2021-21403 Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server
S
CVE-2021-21404 Crash due to malformed relay protocol message
S
CVE-2021-21405 BLS Signature "Malleability"
E S
CVE-2021-21406 Command Injection vulnerability in the Setup Wizard
CVE-2021-21407 Portal : the CSRF token isn't validated
CVE-2021-21408 Access to restricted PHP code by dynamic static class access in smarty
S
CVE-2021-21409 Possible request smuggling in HTTP/2 due missing validation of content-length
S
CVE-2021-21410 Out-of-bounds read in the 6LoWPAN implementation
S
CVE-2021-21411 Incorrect authorization in OAuth2-Proxy
S
CVE-2021-21412 [thi.ng/egf] Potential arbitrary code execution of `#gpg`-tagged property values
S
CVE-2021-21413 Misuse of `Reference` and other transferable APIs may lead to access to nodejs isolate
S
CVE-2021-21414 Command injection vulnerability in @prisma/sdk in getPackedPackage function
S
CVE-2021-21415 Visual Studio Code Prisma Extension Remote Code Execution Vulnerability
S
CVE-2021-21416 Potential sensitive information disclosed in error reports
M
CVE-2021-21417 Use after free in fluidsynth
E S
CVE-2021-21418 Potential XSS injection in the newsletter conditions field
S
CVE-2021-21419 Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
CVE-2021-21420 Vulnerability in Stripe for Visual Studio Code < 1.7.3
CVE-2021-21421 ApiKey secret could be revelated on network issue
S
CVE-2021-21422 XSS Vulnerability in mongo-express
E S
CVE-2021-21423 Exposure of Version-Control Repository to an Unauthorized Control Sphere in projen
S
CVE-2021-21424 Prevent user enumeration using Guard or the new Authenticator-based Security
S
CVE-2021-21425 Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
E
CVE-2021-21426 Fixes a bug in Zend Framework's Stream HTTP Wrapper
CVE-2021-21427 Backport for CVE-2021-21024 Blind SQLi from Magento 2
CVE-2021-21428 Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
E S
CVE-2021-21429 Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
S
CVE-2021-21430 Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
E S
CVE-2021-21431 Improper Input Validation in sopel-plugins.channelmgnt
S
CVE-2021-21432 Reject unauthorized access with GitHub PATs
S
CVE-2021-21433 Remote code execution on discord-recon .dirsearch and .arjun commands due to improper input validation
E S
CVE-2021-21434 XSS in Survey Module
S
CVE-2021-21435 Information exposure in PDF export
S
CVE-2021-21436 Agent is able to link customer's Config Items without permission
S
CVE-2021-21437 Config Items are shown to users without permission
S
CVE-2021-21438 FAQ articles are shown to users without permission
S
CVE-2021-21439 Possible DoS attack using a special crafted URL in email body
S
CVE-2021-21440 Support Bundle includes S/Mime and PGP keys
S
CVE-2021-21441 XSS in the ticket overview screens
S
CVE-2021-21442 XSS vulnerability in Time Accounting
S
CVE-2021-21443 Unautorized listing of the customer user emails
S
CVE-2021-21444 SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers ...
CVE-2021-21445 SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, 2011, allows an authenticated attacker to inc...
CVE-2021-21446 SAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacke...
CVE-2021-21447 SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attac...
CVE-2021-21448 SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application S...
CVE-2021-21449 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr...
CVE-2021-21450 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received fr...
CVE-2021-21451 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SGI file received fr...
CVE-2021-21452 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received fr...
CVE-2021-21453 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received fr...
CVE-2021-21454 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated RLE file received fr...
CVE-2021-21455 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received fr...
CVE-2021-21456 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received fr...
CVE-2021-21457 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr...
CVE-2021-21458 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr...
CVE-2021-21459 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr...
CVE-2021-21460 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received fr...
CVE-2021-21461 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated BMP file received fr...
CVE-2021-21462 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr...
CVE-2021-21463 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr...
CVE-2021-21464 SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr...
CVE-2021-21465 The BW Database Interface allows an attacker with low privileges to execute any crafted database que...
E
CVE-2021-21466 SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versi...
E
CVE-2021-21467 SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an au...
CVE-2021-21468 The BW Database Interface does not perform necessary authorization checks for an authenticated user,...
E
CVE-2021-21469 When security guidelines for SAP NetWeaver Master Data Management running on windows have not been t...
CVE-2021-21470 SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, vers...
CVE-2021-21471 In CLA-Assistant, versions before 2.8.5, due to improper access control an authenticated user could ...
CVE-2021-21472 SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not hav...
CVE-2021-21473 SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752...
E
CVE-2021-21474 SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages...
CVE-2021-21475 Under specific circumstances SAP Master Data Management, versions - 710, 710.750, allows an unauthor...
CVE-2021-21476 SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows a...
CVE-2021-21477 SAP Commerce Cloud, versions - 1808,1811,1905,2005,2011, enables certain users with required privile...
CVE-2021-21478 SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbin...
CVE-2021-21479 In SCIMono before 0.0.19, it is possible for an attacker to inject and execute java expression compr...
CVE-2021-21480 SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Compos...
CVE-2021-21481 The MigrationService, which is part of SAP NetWeaver versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7....
CVE-2021-21482 SAP NetWeaver Master Data Management, versions - 710, 710.750, allows a malicious unauthorized user ...
CVE-2021-21483 Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to g...
CVE-2021-21484 LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory ...
CVE-2021-21485 An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP ...
CVE-2021-21486 SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 6...
CVE-2021-21487 SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated...
CVE-2021-21488 Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic...
CVE-2021-21489 SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not suffic...
CVE-2021-21490 SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A,...
CVE-2021-21491 SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7....
CVE-2021-21492 SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, ...
CVE-2021-21493 When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untruste...
CVE-2021-21494 MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can le...
E
CVE-2021-21495 MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executar_central.php?aca...
E
CVE-2021-21501 ServiceComb ServiceCenter Directory Traversal
CVE-2021-21502 Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vuln...
CVE-2021-21503 PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. T...
CVE-2021-21505 Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumen...
CVE-2021-21506 PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API hand...
CVE-2021-21507 Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch M...
S
CVE-2021-21510 Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote un...
CVE-2021-21511 Dell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in th...
CVE-2021-21512 Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerabi...
CVE-2021-21513 Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Dis...
E
CVE-2021-21514 Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vuln...
CVE-2021-21515 Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability....
CVE-2021-21517 SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a ...
CVE-2021-21518 Dell SupportAssist Client for Consumer PCs versions 3.7.x, 3.6.x, 3.4.x, 3.3.x, Dell SupportAssist C...
CVE-2021-21522 Dell BIOS contains a Credentials Management issue. A local authenticated malicious user may potentia...
CVE-2021-21524 Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deser...
S
CVE-2021-21526 Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode tha...
CVE-2021-21527 Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an ...
CVE-2021-21528 Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information throug...
M
CVE-2021-21529 Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local...
CVE-2021-21530 Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulne...
S
CVE-2021-21531 Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability....
CVE-2021-21532 Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerabi...
CVE-2021-21533 Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated ...
CVE-2021-21534 Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unau...
CVE-2021-21535 Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vu...
CVE-2021-21536 Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unau...
CVE-2021-21537 Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unau...
CVE-2021-21538 Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authenti...
S
CVE-2021-21539 Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condi...
CVE-2021-21540 Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote ...
CVE-2021-21541 Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability....
CVE-2021-21542 Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabil...
CVE-2021-21543 Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabil...
CVE-2021-21544 Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A rem...
CVE-2021-21545 Dell Peripheral Manager 1.3.1 or greater contains remediation for a local privilege escalation vulne...
CVE-2021-21546 Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosu...
S
CVE-2021-21547 Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password...
S
CVE-2021-21548 Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual A...
CVE-2021-21549 Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XM...
CVE-2021-21550 Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in...
CVE-2021-21551 Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to e...
KEV E M
CVE-2021-21552 Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authoriza...
S
CVE-2021-21553 Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under ...
CVE-2021-21554 Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack...
S
CVE-2021-21555 Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain ...
CVE-2021-21556 Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain ...
CVE-2021-21557 Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access...
S
CVE-2021-21558 Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosu...
S
CVE-2021-21559 Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Cer...
S
CVE-2021-21561 Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This wo...
S
CVE-2021-21562 Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows...
M
CVE-2021-21563 Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptiona...
CVE-2021-21564 Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability....
S
CVE-2021-21565 Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartC...
CVE-2021-21567 Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow ...
S
CVE-2021-21568 Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An a...
S
CVE-2021-21569 Dell NetWorker, versions 18.x and 19.x contain a Path traversal vulnerability. A NetWorker server us...
S
CVE-2021-21570 Dell NetWorker, versions 18.x and 19.x contain an Information disclosure vulnerability. A NetWorker ...
S
CVE-2021-21571 Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature con...
CVE-2021-21572 Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin ...
CVE-2021-21573 Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin ...
CVE-2021-21574 Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin ...
CVE-2021-21575 Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vul...
CVE-2021-21576 Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability....
CVE-2021-21577 Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability....
CVE-2021-21578 Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauth...
CVE-2021-21579 Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauth...
CVE-2021-21580 Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain ...
CVE-2021-21581 Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote ...
CVE-2021-21584 Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an ...
S
CVE-2021-21585 Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in ...
S
CVE-2021-21586 Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. A r...
CVE-2021-21587 Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A ...
S
CVE-2021-21588 Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentatio...
CVE-2021-21589 Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 do not exit on failed Initial...
CVE-2021-21590 Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password...
CVE-2021-21591 Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password...
CVE-2021-21592 Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x improperly handle an exceptional condition. A remot...
S
CVE-2021-21594 Dell PowerScale OneFS versions 8.2.2 - 9.1.0.x contain a use of get request method with sensitive qu...
S
CVE-2021-21595 Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special ele...
S
CVE-2021-21596 Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular version...
S
CVE-2021-21597 Dell Wyse ThinOS, version 9.0, contains a Sensitive Information Disclosure Vulnerability. An authent...
S
CVE-2021-21598 Dell Wyse ThinOS, versions 9.0, 9.1, and 9.1 MR1, contain a Sensitive Information Disclosure Vulnera...
S
CVE-2021-21599 Dell EMC PowerScale OneFS versions 8.2.x - 9.2.1.x contain an OS command injection vulnerability. Th...
S
CVE-2021-21600 Dell EMC NetWorker, 19.4 or older, contain an uncontrolled resource consumption flaw in its API serv...
S
CVE-2021-21601 Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information E...
S
CVE-2021-21602 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file bro...
CVE-2021-21603 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response content...
CVE-2021-21604 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows attackers with permission to create or con...
CVE-2021-21605 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to c...
CVE-2021-21606 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fin...
CVE-2021-21607 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters...
CVE-2021-21608 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, ...
CVE-2021-21609 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the li...
CVE-2021-21610 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL r...
CVE-2021-21611 Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item typ...
CVE-2021-21612 Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global ...
CVE-2021-21613 Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cr...
CVE-2021-21614 Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global confi...
CVE-2021-21615 Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces a...
CVE-2021-21616 Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resultin...
CVE-2021-21617 A cross-site request forgery (CSRF) vulnerability in Jenkins Configuration Slicing Plugin 1.51 and e...
CVE-2021-21618 Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptio...
CVE-2021-21619 Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored...
CVE-2021-21620 A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows ...
CVE-2021-21621 Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of ...
CVE-2021-21622 Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and d...
CVE-2021-21623 An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allo...
CVE-2021-21624 An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier al...
CVE-2021-21625 Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a h...
CVE-2021-21626 Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in met...
CVE-2021-21627 A cross-site request forgery (CSRF) vulnerability in Jenkins Libvirt Agents Plugin 1.9.0 and earlier...
CVE-2021-21628 Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and description...
CVE-2021-21629 A cross-site request forgery (CSRF) vulnerability in Jenkins Build With Parameters Plugin 1.5 and ea...
CVE-2021-21630 Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build paramete...
CVE-2021-21631 Jenkins Cloud Statistics Plugin 0.26 and earlier does not perform a permission check in an HTTP endp...
CVE-2021-21632 A missing permission check in Jenkins OWASP Dependency-Track Plugin 3.1.0 and earlier allows attacke...
CVE-2021-21633 A cross-site request forgery (CSRF) vulnerability in Jenkins OWASP Dependency-Track Plugin 3.1.0 and...
CVE-2021-21634 Jenkins Jabber (XMPP) notifier and control Plugin 1.41 and earlier stores passwords unencrypted in i...
CVE-2021-21635 Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in e...
CVE-2021-21636 A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attac...
CVE-2021-21637 A missing permission check in Jenkins Team Foundation Server Plugin 5.157.1 and earlier allows attac...
CVE-2021-21638 A cross-site request forgery (CSRF) vulnerability in Jenkins Team Foundation Server Plugin 5.157.1 a...
CVE-2021-21639 Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created afte...
CVE-2021-21640 Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view...
CVE-2021-21641 A cross-site request forgery (CSRF) vulnerability in Jenkins promoted builds Plugin 3.9 and earlier ...
CVE-2021-21642 Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent X...
CVE-2021-21643 Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks i...
CVE-2021-21644 A cross-site request forgery (CSRF) vulnerability in Jenkins Config File Provider Plugin 3.7.0 and e...
CVE-2021-21645 Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several ...
CVE-2021-21646 Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using ...
CVE-2021-21647 Jenkins CloudBees CD Plugin 1.1.21 and earlier does not perform a permission check in an HTTP endpoi...
CVE-2021-21648 Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view ...
CVE-2021-21649 Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Po...
CVE-2021-21650 Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in v...
CVE-2021-21651 Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoi...
CVE-2021-21652 A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin ...
CVE-2021-21653 Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check...
CVE-2021-21654 Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, ...
CVE-2021-21655 A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows att...
CVE-2021-21656 Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML...
CVE-2021-21657 Jenkins Filesystem Trigger Plugin 0.40 and earlier does not configure its XML parser to prevent XML ...
CVE-2021-21658 Jenkins Nuget Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entit...
CVE-2021-21659 Jenkins URLTrigger Plugin 0.48 and earlier does not configure its XML parser to prevent XML external...
CVE-2021-21660 Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resu...
CVE-2021-21661 Jenkins Kubernetes CLI Plugin 1.10.0 and earlier does not perform permission checks in several HTTP ...
CVE-2021-21662 A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers...
CVE-2021-21663 A missing permission check in Jenkins XebiaLabs XL Deploy Plugin 7.5.8 and earlier allows attackers ...
CVE-2021-21664 An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attack...
CVE-2021-21665 A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and e...
CVE-2021-21666 Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a f...
CVE-2021-21667 Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration ...
CVE-2021-21668 Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross...
CVE-2021-21669 Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent...
CVE-2021-21670 Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort buil...
CVE-2021-21671 Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login...
CVE-2021-21672 Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML...
CVE-2021-21673 Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legiti...
CVE-2021-21674 A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with...
CVE-2021-21675 A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earli...
CVE-2021-21676 Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endp...
CVE-2021-21677 Jenkins Code Coverage API Plugin 1.4.0 and earlier does not apply Jenkins JEP-200 deserialization pr...
CVE-2021-21678 Jenkins SAML Plugin 2.0.7 and earlier allows attackers to craft URLs that would bypass the CSRF prot...
CVE-2021-21679 Jenkins Azure AD Plugin 179.vf6841393099e and earlier allows attackers to craft URLs that would bypa...
CVE-2021-21680 Jenkins Nested View Plugin 1.20 and earlier does not configure its XML transformer to prevent XML ex...
CVE-2021-21681 Jenkins Nomad Plugin 0.7.4 and earlier stores Docker passwords unencrypted in the global config.xml ...
CVE-2021-21682 Jenkins 2.314 and earlier, LTS 2.303.1 and earlier accepts names of jobs and other entities with a t...
CVE-2021-21683 The file browser in Jenkins 2.314 and earlier, LTS 2.303.1 and earlier may interpret some paths to f...
CVE-2021-21684 Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to c...
CVE-2021-21685 Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to crea...
CVE-2021-21686 File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2....
CVE-2021-21687 Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to crea...
CVE-2021-21688 The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, L...
CVE-2021-21689 FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenk...
CVE-2021-21690 Agent processes are able to completely bypass file path filtering by wrapping the file operation in ...
CVE-2021-21691 Creating symbolic links is possible without the 'symlink' agent-to-controller access control permiss...
CVE-2021-21692 FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earli...
CVE-2021-21693 When creating temporary files, agent-to-controller access to create those files is only checked afte...
CVE-2021-21694 FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*Di...
CVE-2021-21695 FilePath#listFiles lists files outside directories that agents are allowed to access when following ...
CVE-2021-21696 Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the lib...
M
CVE-2021-21697 Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents o...
S
CVE-2021-21698 Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a ...
CVE-2021-21699 Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive param...
CVE-2021-21700 Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking t...
CVE-2021-21701 Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML externa...
CVE-2021-21702 Null Dereference in SoapClient
S
CVE-2021-21703 PHP-FPM memory access in root process leading to privilege escalation
E S
CVE-2021-21704 Multiple vulnerabilities in Firebird client extension
E S
CVE-2021-21705 Incorrect URL validation in FILTER_VALIDATE_URL
E S
CVE-2021-21706 ZipArchive::extractTo may extract outside of destination dir
S
CVE-2021-21707 Special characters break path parsing in XML functions
E S
CVE-2021-21708 UAF due to php_filter_float() failing
E S
CVE-2021-21722 A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify th...
CVE-2021-21723 Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some s...
CVE-2021-21724 A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory rele...
CVE-2021-21725 A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond...
CVE-2021-21726 Some ZTE products have an input verification vulnerability in the diagnostic function interface. Due...
CVE-2021-21727 A ZTE product has a DoS vulnerability. A remote attacker can amplify traffic by sending carefully co...
CVE-2021-21728 A ZTE product has a configuration error vulnerability. Because a certain port is open by default, an...
CVE-2021-21729 Some ZTE products have CSRF vulnerability. Because some pages lack CSRF random value verification, a...
CVE-2021-21730 A ZTE product is impacted by improper access control vulnerability. The attacker could exploit this ...
CVE-2021-21731 A CSRF vulnerability exists in the management page of a ZTE product.The vulnerability is caused beca...
CVE-2021-21732 A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permissi...
CVE-2021-21733 The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make...
CVE-2021-21734 Some PON MDU devices of ZTE stored sensitive information in plaintext, and users with login authorit...
CVE-2021-21735 A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacke...
CVE-2021-21736 A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to t...
CVE-2021-21737 A smart STB product of ZTE is impacted by a permission and access control vulnerability. Due to insu...
CVE-2021-21738 ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due...
CVE-2021-21739 A ZTE's product of the transport network access layer has a security vulnerability. Because the syst...
CVE-2021-21740 There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential ga...
CVE-2021-21741 There is a command execution vulnerability in a ZTE conference management system. As some services a...
CVE-2021-21742 There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to ...
CVE-2021-21743 ZTE MF971R product has a CRLF injection vulnerability. An attacker could exploit the vulnerability t...
CVE-2021-21744 ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulner...
CVE-2021-21745 ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an ...
CVE-2021-21746 ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obta...
CVE-2021-21747 ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obta...
CVE-2021-21748 ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit th...
CVE-2021-21749 ZTE MF971R product has two stack-based buffer overflow vulnerabilities. An attacker could exploit th...
CVE-2021-21750 ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management o...
CVE-2021-21751 ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency betw...
CVE-2021-21772 A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3...
E
CVE-2021-21773 An out-of-bounds write vulnerability exists in the TIFF header count-processing functionality of Acc...
E
CVE-2021-21774 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-21773. Reason: This candidat...
R
CVE-2021-21775 A use-after-free vulnerability exists in the way certain events are processed for ImageLoader object...
E
CVE-2021-21776 An out-of-bounds write vulnerability exists in the SGI Format Buffer Size Processing functionality o...
E
CVE-2021-21777 An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP S...
E
CVE-2021-21778 A denial of service vulnerability exists in the ASDU message processing functionality of MZ Automati...
E
CVE-2021-21779 A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in ...
E
CVE-2021-21781 An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4...
E S
CVE-2021-21782 An out-of-bounds write vulnerability exists in the SGI format buffer size processing functionality o...
E
CVE-2021-21783 A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8...
E S
CVE-2021-21784 An out-of-bounds write vulnerability exists in the JPG format SOF marker processing of Accusoft Imag...
E
CVE-2021-21785 An information disclosure vulnerability exists in the IOCTL 0x9c40a148 handling of IOBit Advanced Sy...
E
CVE-2021-21786 A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced Syste...
E
CVE-2021-21787 A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220...
E
CVE-2021-21788 A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220...
E
CVE-2021-21789 A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220...
E
CVE-2021-21790 An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14....
E
CVE-2021-21791 An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14....
E
CVE-2021-21792 An information disclosure vulnerability exists in the the way IOBit Advanced SystemCare Ultimate 14....
E
CVE-2021-21793 An out-of-bounds write vulnerability exists in the JPG sof_nb_comp header processing functionality o...
E
CVE-2021-21794 An out-of-bounds write vulnerability exists in the TIF bits_per_sample processing functionality of A...
CVE-2021-21795 A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of ...
E
CVE-2021-21796 An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF...
E M
CVE-2021-21797 An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A...
E M
CVE-2021-21798 An exploitable return of stack variable address vulnerability exists in the JavaScript implementatio...
E
CVE-2021-21799 Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech ...
E
CVE-2021-21800 Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-S...
E
CVE-2021-21801 This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-Se...
E
CVE-2021-21802 This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-Se...
E
CVE-2021-21803 This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-Se...
E
CVE-2021-21804 A local file inclusion (LFI) vulnerability exists in the options.php script functionality of Advante...
E
CVE-2021-21805 An OS Command Injection vulnerability exists in the ping.php script functionality of Advantech R-See...
E
CVE-2021-21806 An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specia...
E
CVE-2021-21807 An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusof...
E
CVE-2021-21808 A memory corruption vulnerability exists in the PNG png_palette_process functionality of Accusoft Im...
E
CVE-2021-21809 A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A...
E
CVE-2021-21810 A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’...
E
CVE-2021-21811 A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&...
E
CVE-2021-21812 A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functio...
E
CVE-2021-21813 Within the function HandleFileArg the argument filepattern is under control of the user who passes i...
E
CVE-2021-21814 Within the function HandleFileArg the argument filepattern is under control of the user who passes i...
E
CVE-2021-21815 A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functio...
E
CVE-2021-21816 An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B0...
E
CVE-2021-21817 An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LI...
E
CVE-2021-21818 A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK D...
E
CVE-2021-21819 A code execution vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-304...
E
CVE-2021-21820 A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DI...
E
CVE-2021-21821 A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accu...
E
CVE-2021-21822 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, versi...
E
CVE-2021-21823 An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot ver...
CVE-2021-21824 An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft Imag...
E
CVE-2021-21825 A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::Un...
E
CVE-2021-21826 A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functiona...
E
CVE-2021-21827 A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functiona...
E
CVE-2021-21828 A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functiona...
E
CVE-2021-21829 A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::...
E
CVE-2021-21830 A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functiona...
E
CVE-2021-21831 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, versi...
E
CVE-2021-21832 A memory corruption vulnerability exists in the ISO Parsing functionality of Disc Soft Ltd Deamon To...
E
CVE-2021-21833 An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functiona...
E
CVE-2021-21834 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the...
E
CVE-2021-21835 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the...
E
CVE-2021-21836 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the...
E
CVE-2021-21837 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21838 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21839 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21840 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the...
E
CVE-2021-21841 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the...
E
CVE-2021-21842 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the...
E
CVE-2021-21843 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21844 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21845 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21846 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21847 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21848 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the...
E
CVE-2021-21849 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the...
E
CVE-2021-21850 An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the...
E
CVE-2021-21851 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21852 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21853 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21854 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21855 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21856 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21857 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21858 Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality...
E
CVE-2021-21859 An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of t...
E
CVE-2021-21860 An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of t...
E
CVE-2021-21861 An exploitable integer truncation vulnerability exists within the MPEG-4 decoding functionality of t...
E
CVE-2021-21862 Multiple exploitable integer truncation vulnerabilities exist within the MPEG-4 decoding functionali...
E
CVE-2021-21863 A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality...
S
CVE-2021-21864 A unsafe deserialization vulnerability exists in the ComponentModel ComponentManager.StartupCultureS...
E S
CVE-2021-21865 A unsafe deserialization vulnerability exists in the PackageManagement.plugin ExtensionMethods.Clone...
S
CVE-2021-21866 A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.Profile...
E S
CVE-2021-21867 An unsafe deserialization vulnerability exists in the ObjectManager.plugin ObjectStream.ProfileByteA...
E S
CVE-2021-21868 An unsafe deserialization vulnerability exists in the ObjectManager.plugin Project.get_MissingTypes(...
E S
CVE-2021-21869 An unsafe deserialization vulnerability exists in the Engine.plugin ProfileInformation ProfileData f...
E S
CVE-2021-21870 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, versi...
E
CVE-2021-21871 A memory corruption vulnerability exists in the DMG File Format Handler functionality of PowerISO 7....
E
CVE-2021-21872 An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionalit...
E
CVE-2021-21873 A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter....
E
CVE-2021-21874 A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter....
E
CVE-2021-21875 A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. ...
E
CVE-2021-21876 Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker...
E
CVE-2021-21877 Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attack...
E
CVE-2021-21878 A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionali...
E
CVE-2021-21879 A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix...
E
CVE-2021-21880 A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix ...
E
CVE-2021-21881 An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionali...
E
CVE-2021-21882 An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix...
E
CVE-2021-21883 An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of L...
E
CVE-2021-21884 An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lant...
E
CVE-2021-21885 A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix Prem...
E
CVE-2021-21886 A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantroni...
E
CVE-2021-21887 A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality o...
E
CVE-2021-21888 An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality...
E
CVE-2021-21889 A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantroni...
E
CVE-2021-21890 A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of...
E
CVE-2021-21891 A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of...
E
CVE-2021-21892 A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lan...
E
CVE-2021-21893 A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, versi...
E
CVE-2021-21894 A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix Prem...
E
CVE-2021-21895 A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix Prem...
E
CVE-2021-21896 A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantron...
E
CVE-2021-21897 A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsof...
E
CVE-2021-21898 A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad...
E
CVE-2021-21899 A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCa...
E
CVE-2021-21900 A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfr...
E
CVE-2021-21901 A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Meta...
E
CVE-2021-21902 An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Me...
E
CVE-2021-21903 A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Meta...
E
CVE-2021-21904 A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’...
E
CVE-2021-21905 Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal D...
E
CVE-2021-21906 Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal D...
E
CVE-2021-21907 A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Me...
E
CVE-2021-21908 Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete func...
E
CVE-2021-21909 Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log fi...
E
CVE-2021-21910 A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-S...
E
CVE-2021-21911 A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-S...
E
CVE-2021-21912 A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-S...
E
CVE-2021-21913 An information disclosure vulnerability exists in the WiFi Smart Mesh functionality of D-LINK DIR-30...
E
CVE-2021-21914 A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accu...
E
CVE-2021-21915 An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet ...
E
CVE-2021-21916 An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet ...
E
CVE-2021-21917 An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet ...
E
CVE-2021-21918 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21919 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21920 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21921 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21922 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21923 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21924 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21925 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21926 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21927 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21928 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21929 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21930 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21931 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21932 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21933 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21934 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21935 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21936 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21937 A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP ...
E
CVE-2021-21938 A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusof...
E
CVE-2021-21939 A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageG...
E
CVE-2021-21940 A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of ...
E
CVE-2021-21941 A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy ...
E
CVE-2021-21942 An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft...
E
CVE-2021-21943 A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageG...
E
CVE-2021-21944 Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft Im...
E
CVE-2021-21945 Two heap-based buffer overflow vulnerabilities exist in the TIFF parser functionality of Accusoft Im...
E
CVE-2021-21946 Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser...
E
CVE-2021-21947 Two heap-based buffer overflow vulnerabilities exists in the JPEG-JFIF lossless Huffman image parser...
E
CVE-2021-21948 A heap-based buffer overflow vulnerability exists in the readDatHeadVec functionality of AnyCubic Ch...
E
CVE-2021-21949 An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser function...
E
CVE-2021-21950 An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality ...
E
CVE-2021-21951 An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality ...
E
CVE-2021-21952 An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of...
E
CVE-2021-21953 An authentication bypass vulnerability exists in the process_msg() function of the home_security bin...
E
CVE-2021-21954 A command execution vulnerability exists in the wifi_country_code_update functionality of the home_s...
E
CVE-2021-21955 An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the ...
E
CVE-2021-21956 A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5....
E
CVE-2021-21957 A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS R...
E
CVE-2021-21958 A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom ...
E
CVE-2021-21959 A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3....
E
CVE-2021-21960 A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Syste...
E
CVE-2021-21961 A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, In...
E
CVE-2021-21962 A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Seal...
E
CVE-2021-21963 An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, ...
CVE-2021-21964 A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Syste...
E
CVE-2021-21965 A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealeve...
E
CVE-2021-21966 An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas ...
E
CVE-2021-21967 An out-of-bounds write vulnerability exists in the OTA update task functionality of Sealevel Systems...
E
CVE-2021-21968 A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. Sea...
E
CVE-2021-21969 An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel S...
E
CVE-2021-21970 An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel S...
E
CVE-2021-21971 An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc...
E
CVE-2021-21972 The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin...
KEV E
CVE-2021-21973 The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to impro...
KEV
CVE-2021-21974 OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ...
E
CVE-2021-21975 Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may all...
KEV E
CVE-2021-21976 vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x...
CVE-2021-21978 VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability...
E
CVE-2021-21979 In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6,...
E
CVE-2021-21980 The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A ma...
S
CVE-2021-21981 VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based acc...
S
CVE-2021-21982 VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerabili...
S
CVE-2021-21983 Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 ...
E
CVE-2021-21984 VMware vRealize Business for Cloud 7.x prior to 7.6.0 contains a remote code execution vulnerability...
S
CVE-2021-21985 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input valid...
KEV E
CVE-2021-21986 The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Vi...
CVE-2021-21987 VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contai...
S
CVE-2021-21988 VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contai...
S
CVE-2021-21989 VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contai...
S
CVE-2021-21990 VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20....
E
CVE-2021-21991 The vCenter Server contains a local privilege escalation vulnerability due to the way it handles ses...
S
CVE-2021-21992 The vCenter Server contains a denial-of-service vulnerability due to improper XML entity parsing. A ...
CVE-2021-21993 The vCenter Server contains an SSRF (Server Side Request Forgery) vulnerability due to improper vali...
S
CVE-2021-21994 SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A mali...
CVE-2021-21995 OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A...
CVE-2021-21996 An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and s...
S
CVE-2021-21997 VMware Tools for Windows (11.x.y prior to 11.3.0) contains a denial-of-service vulnerability in the ...
S
CVE-2021-21998 VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authenti...
S
CVE-2021-21999 VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to ...
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.