| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-22000 | VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loa... | E S | |
| CVE-2021-22001 | In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was reve... | | |
| CVE-2021-22002 | VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, o... | S | |
| CVE-2021-22003 | VMware Workspace ONE Access and Identity Manager, unintentionally provide a login interface on port ... | S | |
| CVE-2021-22004 | An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and u... | S | |
| CVE-2021-22005 | The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malic... | KEV E S | |
| CVE-2021-22006 | The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle... | S | |
| CVE-2021-22007 | The vCenter Server contains a local information disclosure vulnerability in the Analytics service. A... | S | |
| CVE-2021-22008 | The vCenter Server contains an information disclosure vulnerability in VAPI (vCenter API) service. A... | S | |
| CVE-2021-22009 | The vCenter Server contains multiple denial-of-service vulnerabilities in VAPI (vCenter API) service... | S | |
| CVE-2021-22010 | The vCenter Server contains a denial-of-service vulnerability in VPXD service. A malicious actor wit... | S | |
| CVE-2021-22011 | vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Libr... | S | |
| CVE-2021-22012 | The vCenter Server contains an information disclosure vulnerability due to an unauthenticated applia... | S | |
| CVE-2021-22013 | The vCenter Server contains a file path traversal vulnerability leading to information disclosure in... | S | |
| CVE-2021-22014 | The vCenter Server contains an authenticated code execution vulnerability in VAMI (Virtual Appliance... | S | |
| CVE-2021-22015 | The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper perm... | E S | |
| CVE-2021-22016 | The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sa... | S | |
| CVE-2021-22017 | Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI n... | KEV S | |
| CVE-2021-22018 | The vCenter Server contains an arbitrary file deletion vulnerability in a VMware vSphere Life-cycle ... | S | |
| CVE-2021-22019 | The vCenter Server contains a denial-of-service vulnerability in VAPI (vCenter API) service. A malic... | S | |
| CVE-2021-22020 | The vCenter Server contains a denial-of-service vulnerability in the Analytics service. Successful e... | S | |
| CVE-2021-22021 | VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability d... | S | |
| CVE-2021-22022 | The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability... | S | |
| CVE-2021-22023 | The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. ... | S | |
| CVE-2021-22024 | The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerabi... | S | |
| CVE-2021-22025 | The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerabilit... | S | |
| CVE-2021-22026 | The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an ... | S | |
| CVE-2021-22027 | The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an ... | S | |
| CVE-2021-22028 | In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file pat... | S | |
| CVE-2021-22029 | VMware Workspace ONE UEM REST API contains a denial of service vulnerability. A malicious actor with... | | |
| CVE-2021-22030 | In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to t... | S | |
| CVE-2021-22033 | Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulner... | S | |
| CVE-2021-22034 | Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulner... | S | |
| CVE-2021-22035 | VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulne... | S | |
| CVE-2021-22036 | VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to impr... | | |
| CVE-2021-22037 | Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe... | | |
| CVE-2021-22038 | On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then execut... | | |
| CVE-2021-22040 | VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controll... | S | |
| CVE-2021-22041 | VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller... | S | |
| CVE-2021-22042 | VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd auth... | S | |
| CVE-2021-22043 | VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way tempo... | S | |
| CVE-2021-22044 | In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported vers... | | |
| CVE-2021-22045 | VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Works... | | |
| CVE-2021-22047 | In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP res... | | |
| CVE-2021-22048 | The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Auth... | S | |
| CVE-2021-22049 | The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side Request Forgery) vulnerability in ... | S | |
| CVE-2021-22050 | ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with... | S | |
| CVE-2021-22051 | Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could m... | | |
| CVE-2021-22053 | Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf`... | | |
| CVE-2021-22054 | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prio... | S | |
| CVE-2021-22055 | The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the packag... | | |
| CVE-2021-22056 | VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3... | S | |
| CVE-2021-22057 | VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerabili... | S | |
| CVE-2021-22060 | In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is p... | | |
| CVE-2021-22095 | In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 - 2.3.11, the Spring AMQP Message object, in its to... | | |
| CVE-2021-22096 | In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is p... | | |
| CVE-2021-22097 | In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its to... | | |
| CVE-2021-22098 | UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious us... | | |
| CVE-2021-22100 | In cloud foundry CAPI versions prior to 1.122, a denial-of-service attack in which a developer can p... | | |
| CVE-2021-22101 | Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) ... | | |
| CVE-2021-22112 | Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, an... | S | |
| CVE-2021-22113 | Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE ... | | |
| CVE-2021-22114 | Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an ... | | |
| CVE-2021-22115 | Cloud Controller API versions prior to 1.106.0 logs service broker credentials if the default value ... | | |
| CVE-2021-22116 | RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper... | | |
| CVE-2021-22117 | RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, p... | | |
| CVE-2021-22118 | In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux app... | S | |
| CVE-2021-22119 | Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x... | S | |
| CVE-2021-22122 | An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 throu... | | |
| CVE-2021-22123 | An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and ... | | |
| CVE-2021-22124 | An uncontrolled resource consumption (denial of service) vulnerability in the login modules of Forti... | | |
| CVE-2021-22125 | An instance of improper neutralization of special elements in the sniffer module of FortiSandbox bef... | | |
| CVE-2021-22126 | A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and be... | S | |
| CVE-2021-22127 | An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient ... | | |
| CVE-2021-22128 | An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below version... | | |
| CVE-2021-22129 | Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interfa... | | |
| CVE-2021-22130 | A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2... | | |
| CVE-2021-22131 | A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 ... | S | |
| CVE-2021-22132 | Elasticsearch versions 7.7.0 to 7.10.1 contain an information disclosure flaw in the async search AP... | S | |
| CVE-2021-22133 | The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when ... | | |
| CVE-2021-22134 | A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Do... | S | |
| CVE-2021-22135 | Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the ... | | |
| CVE-2021-22136 | In Kibana versions before 7.12.0 and 6.8.15 a flaw in the session timeout was discovered where the x... | | |
| CVE-2021-22137 | In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Documen... | | |
| CVE-2021-22138 | In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was ... | | |
| CVE-2021-22139 | Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook act... | | |
| CVE-2021-22140 | Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection ... | | |
| CVE-2021-22141 | An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user vis... | | |
| CVE-2021-22142 | Kibana Reporting vulnerabilities | | |
| CVE-2021-22143 | Elastic APM .NET Agent information disclosure | | |
| CVE-2021-22144 | In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that coul... | S | |
| CVE-2021-22145 | A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. ... | E S | |
| CVE-2021-22146 | All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default i... | E | |
| CVE-2021-22147 | Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots.... | | |
| CVE-2021-22148 | Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API key... | | |
| CVE-2021-22149 | Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API key... | | |
| CVE-2021-22150 | Kibana code execution issue | | |
| CVE-2021-22151 | Kibana path traversal issue | | |
| CVE-2021-22152 | A Denial of Service due to Improper Input Validation vulnerability in the Management Console compone... | | |
| CVE-2021-22153 | A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(... | | |
| CVE-2021-22154 | An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM versio... | | |
| CVE-2021-22155 | An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces... | | |
| CVE-2021-22156 | An integer overflow vulnerability in the calloc() function of the C runtime library of affected vers... | S | |
| CVE-2021-22157 | Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored ... | | |
| CVE-2021-22158 | The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is vulnerable to XML ext... | | |
| CVE-2021-22159 | Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insi... | | |
| CVE-2021-22160 | Authentication with JWT allows use of “none”-algorithm | | |
| CVE-2021-22161 | In OpenWrt 19.07.x before 19.07.7, when IPv6 is used, a routing loop can occur that generates excess... | | |
| CVE-2021-22166 | An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request wi... | | |
| CVE-2021-22167 | An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers ... | | |
| CVE-2021-22168 | A regular expression denial of service issue has been discovered in NuGet API affecting all versions... | | |
| CVE-2021-22169 | An issue was identified in GitLab EE 13.4 or later which leaked internal IP address via error messag... | | |
| CVE-2021-22170 | Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of... | E | |
| CVE-2021-22171 | Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an atta... | | |
| CVE-2021-22172 | Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data tha... | E S | |
| CVE-2021-22173 | Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet inj... | E S | |
| CVE-2021-22174 | Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection... | E S | |
| CVE-2021-22175 | When requests to the internal network for webhooks are enabled, a server-side request forgery vulner... | | |
| CVE-2021-22176 | An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access c... | | |
| CVE-2021-22177 | Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows a... | | |
| CVE-2021-22178 | An issue has been discovered in GitLab affecting all versions starting from 13.2. Gitlab was vulnera... | E | |
| CVE-2021-22179 | A vulnerability was discovered in GitLab versions before 12.2. GitLab was vulnerable to a SSRF attac... | | |
| CVE-2021-22180 | An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access co... | E | |
| CVE-2021-22181 | A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attack... | | |
| CVE-2021-22182 | An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnera... | E | |
| CVE-2021-22183 | An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnera... | | |
| CVE-2021-22184 | An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to t... | | |
| CVE-2021-22185 | Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit... | | |
| CVE-2021-22186 | An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group... | | |
| CVE-2021-22187 | An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A poten... | | |
| CVE-2021-22188 | An issue has been discovered in GitLab affecting all versions starting with 13.0. Confidential issue... | | |
| CVE-2021-22189 | Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to th... | | |
| CVE-2021-22190 | A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in th... | | |
| CVE-2021-22191 | Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execut... | S | |
| CVE-2021-22192 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unau... | | |
| CVE-2021-22193 | An issue has been discovered in GitLab affecting all versions starting with 7.1. A member of a priva... | E | |
| CVE-2021-22194 | In all versions of GitLab, marshalled session keys were being stored in Redis.... | | |
| CVE-2021-22195 | Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute... | | |
| CVE-2021-22196 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possi... | | |
| CVE-2021-22197 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infi... | | |
| CVE-2021-22198 | An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an ... | | |
| CVE-2021-22199 | An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnera... | | |
| CVE-2021-22200 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a spec... | | |
| CVE-2021-22201 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially ... | | |
| CVE-2021-22202 | An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an ad... | | |
| CVE-2021-22203 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8... | E S | |
| CVE-2021-22204 | Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows... | KEV E S | |
| CVE-2021-22205 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was n... | KEV E | |
| CVE-2021-22206 | An issue has been discovered in GitLab affecting all versions starting from 11.6. Pull mirror creden... | | |
| CVE-2021-22207 | Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 all... | E S | |
| CVE-2021-22208 | An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper ... | | |
| CVE-2021-22209 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was n... | | |
| CVE-2021-22210 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When queryin... | | |
| CVE-2021-22211 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Depen... | | |
| CVE-2021-22212 | ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys... | S | |
| CVE-2021-22213 | A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed... | | |
| CVE-2021-22214 | When requests to the internal network for webhooks are enabled, a server-side request forgery vulner... | | |
| CVE-2021-22215 | An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owne... | | |
| CVE-2021-22216 | A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5... | | |
| CVE-2021-22217 | A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5... | | |
| CVE-2021-22218 | All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 bef... | | |
| CVE-2021-22219 | All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 befo... | | |
| CVE-2021-22220 | An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulner... | | |
| CVE-2021-22221 | An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, a... | | |
| CVE-2021-22222 | Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet... | S | |
| CVE-2021-22223 | Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a spe... | | |
| CVE-2021-22224 | A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and befo... | | |
| CVE-2021-22225 | Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exp... | | |
| CVE-2021-22226 | Under certain conditions, some users were able to push to protected branches that were restricted to... | | |
| CVE-2021-22227 | A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 al... | | |
| CVE-2021-22228 | An issue has been discovered in GitLab affecting all versions before 13.11.6, all versions starting ... | E S | |
| CVE-2021-22229 | An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a spec... | | |
| CVE-2021-22230 | Improper code rendering while rendering merge requests could be exploited to submit malicious code. ... | | |
| CVE-2021-22231 | A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attac... | | |
| CVE-2021-22232 | HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in ... | | |
| CVE-2021-22233 | An information disclosure vulnerability in GitLab EE versions 13.10 and later allowed a user to read... | E | |
| CVE-2021-22234 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11... | E | |
| CVE-2021-22235 | Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via ... | E | |
| CVE-2021-22236 | Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorre... | | |
| CVE-2021-22237 | Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git act... | | |
| CVE-2021-22238 | An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnera... | | |
| CVE-2021-22239 | An unauthorized user was able to insert metadata when creating new issue on GitLab CE/EE 14.0 and la... | | |
| CVE-2021-22240 | Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be create... | | |
| CVE-2021-22241 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possi... | | |
| CVE-2021-22242 | Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an at... | | |
| CVE-2021-22243 | Under specialized conditions, GitLab CE/EE versions starting 7.10 may allow existing GitLab users to... | | |
| CVE-2021-22244 | Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since... | | |
| CVE-2021-22245 | Improper validation of commit author in GitLab CE/EE affecting all versions allowed an attacker to m... | | |
| CVE-2021-22246 | A vulnerability was discovered in GitLab versions before 14.0.2, 13.12.6, 13.11.6. GitLab Webhook fe... | | |
| CVE-2021-22247 | Improper authorization in GitLab CE/EE affecting all versions since 13.0 allows guests in private pr... | | |
| CVE-2021-22248 | Improper authorization on the pipelines page in GitLab CE/EE affecting all versions since 13.12 allo... | | |
| CVE-2021-22249 | A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private em... | | |
| CVE-2021-22250 | Improper authorization in GitLab CE/EE affecting all versions since 13.3 allowed users to view and d... | | |
| CVE-2021-22251 | Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 a... | E | |
| CVE-2021-22252 | A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a... | | |
| CVE-2021-22253 | Improper authorization in GitLab EE affecting all versions since 13.4 allowed a user who previously ... | | |
| CVE-2021-22254 | Under very specific conditions a user could be impersonated using Gitlab shell. This vulnerability a... | | |
| CVE-2021-22255 | SSRF in URL file upload in Baserow <1.1.0 allows remote authenticated users to retrieve files from t... | S | |
| CVE-2021-22256 | Improper authorization in GitLab CE/EE affecting all versions since 12.6 allowed guest users to crea... | | |
| CVE-2021-22257 | An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all ... | | |
| CVE-2021-22258 | The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise privat... | | |
| CVE-2021-22259 | A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of ... | | |
| CVE-2021-22260 | A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/... | E | |
| CVE-2021-22261 | A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting ... | | |
| CVE-2021-22262 | Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starti... | | |
| CVE-2021-22263 | An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all ... | E | |
| CVE-2021-22264 | An issue has been discovered in GitLab affecting all versions starting from 13.8 before 14.0.9, all ... | | |
| CVE-2021-22267 | Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack f... | | |
| CVE-2021-22272 | ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase. | | |
| CVE-2021-22275 | Denial of service vulnerability on Automation Runtime webserver | M | |
| CVE-2021-22276 | free@home System Access Point FW integrity check can be bypassed. | | |
| CVE-2021-22277 | AC 800M MMS - Denial of Service vulnerability in MMS communication | | |
| CVE-2021-22278 | Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool | S | |
| CVE-2021-22279 | OmniCore RobotWare Missing Authentication Vulnerability | S | |
| CVE-2021-22280 | DLL Hijacking Vulnerability in Automation Studio | | |
| CVE-2021-22281 | Zip Slip Vulnerability in B&R Automation Studio Project Import | M | |
| CVE-2021-22282 | RCE in B&R Automation Studio with crafted project files | M | |
| CVE-2021-22283 | MMS File Transfer Vulnerability impact on Distribution Automation products | | |
| CVE-2021-22284 | SECURITY - OPC Server for AC 800M - Remote Code Execution Vulnerability | S | |
| CVE-2021-22285 | SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module | S | |
| CVE-2021-22286 | SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module | S | |
| CVE-2021-22288 | SECURITY – Denial of Service Vulnerabilities in SPIET800 INFI-Net to Ethernet Transfer module and PNI800 S+ Ethernet communication interface module | S | |
| CVE-2021-22289 | RCE through Project Upload from Target | | |
| CVE-2021-22292 | There is a denial of service (DoS) vulnerability in eCNS280 versions V100R005C00, V100R005C10. Due t... | | |
| CVE-2021-22293 | Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers c... | | |
| CVE-2021-22294 | A component API of the HarmonyOS 2.0 has a permission bypass vulnerability. Local attackers may expl... | | |
| CVE-2021-22295 | A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this... | | |
| CVE-2021-22296 | A component of HarmonyOS 2.0 has a DoS vulnerability. Local attackers may exploit this vulnerability... | | |
| CVE-2021-22298 | There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions... | | |
| CVE-2021-22299 | There is a local privilege escalation vulnerability in some Huawei products. A local, authenticated ... | | |
| CVE-2021-22300 | There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A com... | | |
| CVE-2021-22301 | Mate 30 10.0.0.203(C00E201R7P2) have a buffer overflow vulnerability. After obtaining the root permi... | | |
| CVE-2021-22302 | There is an out-of-bound read vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module does not v... | | |
| CVE-2021-22303 | There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of... | | |
| CVE-2021-22304 | There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to s... | | |
| CVE-2021-22305 | There is a buffer overflow vulnerability in Mate 30 10.1.0.126(C00E125R5P3). A module does not verif... | | |
| CVE-2021-22306 | There is an out-of-bound read vulnerability in Mate 30 10.0.0.182(C00E180R6P2). A module does not ve... | | |
| CVE-2021-22307 | There is a weak algorithm vulnerability in Mate 3010.0.0.203(C00E201R7P2). The protection is insuffi... | | |
| CVE-2021-22308 | There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on... | | |
| CVE-2021-22309 | There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a s... | | |
| CVE-2021-22310 | There is an information leakage vulnerability in some huawei products. Due to the properly storage o... | | |
| CVE-2021-22311 | There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to imprope... | | |
| CVE-2021-22312 | There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may e... | | |
| CVE-2021-22313 | There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vul... | | |
| CVE-2021-22314 | There is a local privilege escalation vulnerability in some versions of ManageOne. A local authentic... | | |
| CVE-2021-22316 | There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attacker... | | |
| CVE-2021-22317 | There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of th... | | |
| CVE-2021-22318 | A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may e... | | |
| CVE-2021-22319 | There is an improper verification vulnerability in smartphones. Successful exploitation of this vuln... | | |
| CVE-2021-22320 | There is a denial of service vulnerability in Huawei products. A module cannot deal with specific me... | | |
| CVE-2021-22321 | There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific oper... | | |
| CVE-2021-22322 | There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successf... | | |
| CVE-2021-22323 | There is an Integer Overflow Vulnerability in Huawei Smartphone. Successful exploitation of these vu... | | |
| CVE-2021-22324 | There is a Credentials Management Errors vulnerability in Huawei Smartphone. Successful exploitation... | | |
| CVE-2021-22325 | There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of th... | | |
| CVE-2021-22326 | A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attacke... | | |
| CVE-2021-22327 | There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing.... | | |
| CVE-2021-22328 | There is a denial of service vulnerability in some huawei products. In specific scenarios, due to th... | | |
| CVE-2021-22329 | There has a license management vulnerability in some Huawei products. An attacker with high privileg... | | |
| CVE-2021-22330 | There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00... | | |
| CVE-2021-22331 | There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verif... | | |
| CVE-2021-22332 | There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800,... | | |
| CVE-2021-22333 | There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploi... | | |
| CVE-2021-22334 | There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of t... | | |
| CVE-2021-22335 | There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Successful exp... | | |
| CVE-2021-22336 | There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful ex... | | |
| CVE-2021-22337 | There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of th... | | |
| CVE-2021-22338 | There is an XXE injection vulnerability in eCNS280 V100R005C00 and V100R005C10. A module does not pe... | | |
| CVE-2021-22339 | There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due... | | |
| CVE-2021-22340 | There is a multiple threads race condition vulnerability in Huawei product. A race condition exists ... | | |
| CVE-2021-22341 | There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a ... | | |
| CVE-2021-22342 | There is an information leak vulnerability in Huawei products. A module does not deal with specific ... | | |
| CVE-2021-22343 | There is a Configuration Defect vulnerability in Huawei Smartphone. Successful exploitation of this ... | | |
| CVE-2021-22344 | There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of t... | | |
| CVE-2021-22345 | There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of this v... | | |
| CVE-2021-22346 | There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitati... | | |
| CVE-2021-22347 | There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of t... | | |
| CVE-2021-22348 | There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exp... | | |
| CVE-2021-22349 | There is an Input Verification Vulnerability in Huawei Smartphone. Successful exploitation of insuff... | | |
| CVE-2021-22350 | There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exp... | | |
| CVE-2021-22351 | There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation... | | |
| CVE-2021-22352 | There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this ... | | |
| CVE-2021-22353 | There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Successful exp... | | |
| CVE-2021-22354 | There is an Information Disclosure Vulnerability in Huawei Smartphone. Successful exploitation of th... | | |
| CVE-2021-22356 | There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used i... | | |
| CVE-2021-22357 | There is a denial of service vulnerability in Huawei products. A module cannot deal with specific me... | | |
| CVE-2021-22358 | There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Due to the input val... | | |
| CVE-2021-22359 | There is a denial of service vulnerability in the verisions V200R005C00SPC500 of S5700 and V200R005C... | | |
| CVE-2021-22360 | There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SP... | | |
| CVE-2021-22361 | There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vES... | | |
| CVE-2021-22362 | There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this ... | | |
| CVE-2021-22363 | There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker need... | | |
| CVE-2021-22364 | There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30... | | |
| CVE-2021-22365 | There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V... | | |
| CVE-2021-22366 | There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V... | | |
| CVE-2021-22367 | There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this... | | |
| CVE-2021-22368 | There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vu... | | |
| CVE-2021-22369 | There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Suc... | | |
| CVE-2021-22370 | There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Successful exploitation... | | |
| CVE-2021-22371 | There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitati... | | |
| CVE-2021-22372 | There is a Security Features Vulnerability in Huawei Smartphone. Successful exploitation of this vul... | | |
| CVE-2021-22373 | There is a Defects Introduced in the Design Process Vulnerability in Huawei Smartphone. Successful e... | | |
| CVE-2021-22374 | There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Successful exploi... | | |
| CVE-2021-22375 | There is a Key Management Errors Vulnerability in Huawei Smartphone. Successful exploitation of this... | | |
| CVE-2021-22376 | A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may ... | | |
| CVE-2021-22377 | There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S57... | | |
| CVE-2021-22378 | There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing... | | |
| CVE-2021-22379 | There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Huawei Smartphone.Successful exp... | | |
| CVE-2021-22380 | There is a Cleartext Transmission of Sensitive Information Vulnerability in Huawei Smartphone. Succe... | | |
| CVE-2021-22381 | There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-22382 | Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can... | | |
| CVE-2021-22383 | There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10S... | | |
| CVE-2021-22384 | There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-22385 | A component of the Huawei smartphone has a External Control of System or Configuration Setting vulne... | | |
| CVE-2021-22386 | A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit th... | | |
| CVE-2021-22387 | There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartpho... | | |
| CVE-2021-22388 | There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vuln... | | |
| CVE-2021-22389 | There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-22390 | There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful expl... | | |
| CVE-2021-22391 | There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-22392 | There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-22393 | There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, C... | | |
| CVE-2021-22394 | There is a buffer overflow vulnerability in smartphones. Successful exploitation of this vulnerabili... | | |
| CVE-2021-22395 | There is a code injection vulnerability in smartphones. Successful exploitation of this vulnerabilit... | | |
| CVE-2021-22396 | There is a privilege escalation vulnerability in some Huawei products. Due to improper privilege man... | | |
| CVE-2021-22397 | There is a privilege escalation vulnerability in Huawei ManageOne 8.0.0. External parameters of some... | | |
| CVE-2021-22398 | There is a logic error vulnerability in several smartphones. The software does not properly restrict... | | |
| CVE-2021-22399 | The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install thi... | | |
| CVE-2021-22400 | Some Huawei Smartphones has an insufficient input validation vulnerability due to the lack of parame... | | |
| CVE-2021-22401 | There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerabili... | | |
| CVE-2021-22402 | There is a DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may ... | | |
| CVE-2021-22403 | There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitat... | | |
| CVE-2021-22404 | There is a Directory traversal vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-22405 | There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability ... | | |
| CVE-2021-22406 | There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-22407 | There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability ... | | |
| CVE-2021-22409 | There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in ... | | |
| CVE-2021-22410 | There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client doe... | | |
| CVE-2021-22411 | There is an out-of-bounds write vulnerability in some Huawei products. The code of a module have a b... | | |
| CVE-2021-22412 | There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vuln... | | |
| CVE-2021-22413 | There is an Integer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of this vuln... | | |
| CVE-2021-22414 | There is a Memory Buffer Errors Vulnerability in Huawei Smartphone.Successful exploitation of this v... | | |
| CVE-2021-22415 | There is an Incorrect Calculation of Buffer Size Vulnerability in Huawei Smartphone.Successful explo... | | |
| CVE-2021-22416 | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit... | | |
| CVE-2021-22417 | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit... | | |
| CVE-2021-22418 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may... | | |
| CVE-2021-22419 | A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Loc... | | |
| CVE-2021-22420 | A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability... | | |
| CVE-2021-22421 | A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may ... | | |
| CVE-2021-22422 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may... | | |
| CVE-2021-22423 | A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit th... | | |
| CVE-2021-22424 | A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit ... | | |
| CVE-2021-22425 | A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulne... | | |
| CVE-2021-22426 | There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerabilit... | | |
| CVE-2021-22427 | There is a Heap-based Buffer Overflow Vulnerability in Huawei Smartphone.Successful exploitation of ... | | |
| CVE-2021-22428 | There is an Incomplete Cleanup Vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-22429 | There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerabilit... | | |
| CVE-2021-22430 | There is a logic bypass vulnerability in smartphones. Successful exploitation of this vulnerability ... | | |
| CVE-2021-22431 | There is a vulnerability when configuring permission isolation in smartphones. Successful exploitati... | | |
| CVE-2021-22432 | There is a vulnerability when configuring permission isolation in smartphones. Successful exploitati... | | |
| CVE-2021-22433 | There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerabilit... | | |
| CVE-2021-22434 | There is a memory address out of bounds vulnerability in smartphones. Successful exploitation of thi... | | |
| CVE-2021-22435 | There is a Configuration Defect Vulnerability in Huawei Smartphone.Successful exploitation of this v... | | |
| CVE-2021-22436 | There is a Logic Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerabi... | | |
| CVE-2021-22437 | There is a software integer overflow leading to a TOCTOU condition in smartphones. Successful exploi... | | |
| CVE-2021-22438 | There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone.Successful expl... | | |
| CVE-2021-22439 | There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct ... | | |
| CVE-2021-22440 | There is a path traversal vulnerability in some Huawei products. The vulnerability is due to that th... | | |
| CVE-2021-22441 | Some Huawei products have an integer overflow vulnerability. Successful exploitation of this vulnera... | | |
| CVE-2021-22442 | There is an Improper Validation of Integrity Check Value Vulnerability in Huawei Smartphone.Successf... | | |
| CVE-2021-22443 | There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-22444 | There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-22445 | There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-22446 | There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-22447 | There is an Improper Check for Unusual or Exceptional Conditions Vulnerability in Huawei Smartphone.... | | |
| CVE-2021-22448 | There is an improper verification vulnerability in smartphones. Successful exploitation of this vuln... | | |
| CVE-2021-22449 | There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform spe... | | |
| CVE-2021-22450 | A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit thi... | | |
| CVE-2021-22451 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may... | | |
| CVE-2021-22452 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may expl... | | |
| CVE-2021-22453 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may expl... | | |
| CVE-2021-22454 | A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability... | | |
| CVE-2021-22455 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may... | | |
| CVE-2021-22456 | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit... | | |
| CVE-2021-22457 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may expl... | | |
| CVE-2021-22458 | A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory ... | | |
| CVE-2021-22459 | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may explo... | | |
| CVE-2021-22460 | A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Loc... | | |
| CVE-2021-22461 | A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerabilit... | | |
| CVE-2021-22462 | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may explo... | | |
| CVE-2021-22463 | A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this v... | | |
| CVE-2021-22464 | A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit thi... | | |
| CVE-2021-22465 | A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exp... | | |
| CVE-2021-22466 | A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vu... | | |
| CVE-2021-22467 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may expl... | | |
| CVE-2021-22468 | A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulner... | | |
| CVE-2021-22469 | A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit thi... | | |
| CVE-2021-22470 | A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit th... | | |
| CVE-2021-22471 | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may explo... | | |
| CVE-2021-22472 | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this... | | |
| CVE-2021-22473 | There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulner... | | |
| CVE-2021-22474 | There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-22475 | There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitatio... | | |
| CVE-2021-22478 | The interface of a certain HarmonyOS module has a UAF vulnerability. Successful exploitation of this... | | |
| CVE-2021-22479 | The interface of a certain HarmonyOS module has an invalid address access vulnerability. Successful ... | | |
| CVE-2021-22480 | The interface of a certain HarmonyOS module has an integer overflow vulnerability. Successful exploi... | | |
| CVE-2021-22481 | There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-22482 | There is an Uninitialized variable vulnerability in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-22483 | There is a issue of IP address spoofing in Huawei Smartphone. Successful exploitation of this vulner... | | |
| CVE-2021-22484 | Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. ... | | |
| CVE-2021-22485 | There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitati... | | |
| CVE-2021-22486 | There is a issue of Unstandardized field names in Huawei Smartphone. Successful exploitation of this... | | |
| CVE-2021-22487 | There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this v... | | |
| CVE-2021-22488 | There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-22489 | There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affec... | | |
| CVE-2021-22490 | There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-22491 | There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-22492 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Broadcom Bluetoo... | | |
| CVE-2021-22493 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-25346. Reason: This candidat... | R | |
| CVE-2021-22494 | An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) sof... | | |
| CVE-2021-22495 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos ... | | |
| CVE-2021-22496 | Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior... | | |
| CVE-2021-22497 | Advanced Authentication Improper Session Management | | |
| CVE-2021-22498 | XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previou... | | |
| CVE-2021-22499 | Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management prod... | | |
| CVE-2021-22500 | Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, ... | | |
| CVE-2021-22501 | Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge M... | S | |
| CVE-2021-22502 | Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affectin... | KEV E | |
| CVE-2021-22503 | Improper Neutralization of Input During Web Page Generation Vulnerability | | |
| CVE-2021-22504 | Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting v... | | |
| CVE-2021-22505 | Escalation of privileges vulnerability in Micro Focus Operations Agent, affects versions 12.0x, 12.1... | | |
| CVE-2021-22506 | Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager produ... | KEV | |
| CVE-2021-22507 | Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.0... | | |
| CVE-2021-22508 | Potential SQL injection in OpenText Operations Bridge Reporter | | |
| CVE-2021-22509 | Handling of sensitive data in process memory in NetIQ Advance Authentication | | |
| CVE-2021-22510 | Reflected XSS vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plugin. The... | | |
| CVE-2021-22511 | Improper Certificate Validation vulnerability in Micro Focus Application Automation Tools Plugin - J... | | |
| CVE-2021-22512 | Cross-Site Request Forgery (CSRF) vulnerability in Micro Focus Application Automation Tools Plugin -... | | |
| CVE-2021-22513 | Missing Authorization vulnerability in Micro Focus Application Automation Tools Plugin - Jenkins plu... | | |
| CVE-2021-22514 | An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, ... | | |
| CVE-2021-22515 | Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server | S | |
| CVE-2021-22516 | Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SA... | | |
| CVE-2021-22517 | A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data ... | | |
| CVE-2021-22518 | Sensitive Information logging in NetIQ Identity Manager Driver | | |
| CVE-2021-22519 | Execute arbitrary code vulnerability in Micro Focus SiteScope product, affecting versions 11.40,11.4... | | |
| CVE-2021-22521 | A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Mana... | | |
| CVE-2021-22522 | Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting ve... | | |
| CVE-2021-22523 | XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 U... | | |
| CVE-2021-22524 | Denial of service vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1 | M | |
| CVE-2021-22525 | This release addresses a potential information leakage vulnerability in NetIQ Access Manager version... | | |
| CVE-2021-22526 | Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1 | M | |
| CVE-2021-22527 | Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1 | M | |
| CVE-2021-22528 | Information leakage vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1 | M | |
| CVE-2021-22529 | Sensitive Data Exposure leaks potential information in NetIQ Advance Authentication | | |
| CVE-2021-22530 | Improper account management vulnerability in NetIQ Advance Authentication | | |
| CVE-2021-22531 | A bug exist in the input parameter of Access Manager that allows supply of invalid character to trig... | | |
| CVE-2021-22532 | Possible NLDAP Denial of Service attack Vulnerability | | |
| CVE-2021-22533 | Possible Insertion of Sensitive Information into Log File Vulnerability | | |
| CVE-2021-22535 | Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Adm... | | |
| CVE-2021-22538 | Privilege escalation in RBAC system | S | |
| CVE-2021-22539 | Code execution in VSCode-bazel via malicious Bazel config files | S | |
| CVE-2021-22540 | XSS in Dart SDK | S | |
| CVE-2021-22543 | Improper memory handling in Linux KVM | E | |
| CVE-2021-22545 | Use-after-free in BinDiff | | |
| CVE-2021-22547 | Buffer overrun in Google Cloud IoT Device SDK for Embedded C | S | |
| CVE-2021-22548 | Arbitrary enclave memory overread vulnerability in Asylo TrustedPrimitives::UntrustedCall | S | |
| CVE-2021-22549 | Arbitrary enclave memory overwrite vulnerability in Asylo TrustedPrimitives::UntrustedCall | S | |
| CVE-2021-22550 | Enclave memory overwrite/overread vulnerability in Asylo UntrustedCacheMalloc::GetBuffer | S | |
| CVE-2021-22552 | Memory overread secure enclave in Asylo 0.6.2 | E S | |
| CVE-2021-22553 | Heap Memory exhaustion in Gerrit | S | |
| CVE-2021-22555 | Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE | E S | |
| CVE-2021-22556 | Integer Overflow in Fuchsia Kernel | S | |
| CVE-2021-22557 | Code execution in SLO Generator via YAML Payload | E S | |
| CVE-2021-22563 | Memory Overread in libjxl | E S | |
| CVE-2021-22564 | Out of bounds Copy in Libjxl in large image groups | E S | |
| CVE-2021-22565 | Insufficient Granularity of Access Control in GAEN Notification Server | S | |
| CVE-2021-22566 | Incorrect mapping of Executable bits in Fuchsia Kernel | S | |
| CVE-2021-22567 | Bidirectional Override in Dart SDK | S | |
| CVE-2021-22568 | Dart - Publishing to third-party package repositories may expose pub.dev credentials | S | |
| CVE-2021-22569 | Denial of Service of protobuf-java parsing procedure | E S | |
| CVE-2021-22570 | Nullptr Dereference in Protobuf | | |
| CVE-2021-22571 | Information Leak in SA360-webquery-bigquery through read on /tmp | S | |
| CVE-2021-22572 | Data-transfer-project information disclosure via tmp directory | S | |
| CVE-2021-22573 | Incorrect signature verification on Google-oauth-java-client | S | |
| CVE-2021-22600 | Double Free in net/packet/af_packet.c leading to priviledge escalation | KEV S | |
| CVE-2021-22636 | Texas Instruments TI-RTOS Integer Overflow or Wraparound | S | |
| CVE-2021-22637 | Multiple stack-based buffer overflow issues have been identified in the way the application processe... | | |
| CVE-2021-22638 | Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds read while processing pr... | | |
| CVE-2021-22639 | An uninitialized pointer issue has been identified in the way the application processes project file... | | |
| CVE-2021-22640 | Ovarro TBox Insufficiently Protected Credentials | S | |
| CVE-2021-22641 | A heap-based buffer overflow issue has been identified in the way the application processes project ... | E | |
| CVE-2021-22642 | Ovarro TBox Uncontrolled Resource Consumption | S | |
| CVE-2021-22643 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot ... | | |
| CVE-2021-22644 | Ovarro TBox Use of Hard-coded Cryptographic Key | S | |
| CVE-2021-22645 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot ... | | |
| CVE-2021-22646 | Ovarro TBox Code Injection | S | |
| CVE-2021-22647 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot ... | | |
| CVE-2021-22648 | Ovarro TBox Incorrect Permission Assignment for Critical Resource | S | |
| CVE-2021-22649 | Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot ... | | |
| CVE-2021-22650 | Ovarro TBox Relative Path Traversal | S | |
| CVE-2021-22651 | When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer ... | S | |
| CVE-2021-22652 | Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authenticatio... | E | |
| CVE-2021-22653 | Multiple out-of-bounds write issues have been identified in the way the application processes projec... | | |
| CVE-2021-22654 | Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an... | | |
| CVE-2021-22655 | Multiple out-of-bounds read issues have been identified in the way the application processes project... | | |
| CVE-2021-22656 | Advantech iView versions prior to v5.7.03.6112 are vulnerable to directory traversal, which may allo... | | |
| CVE-2021-22657 | mySCADA myPRO | S | |
| CVE-2021-22658 | Advantech iView versions prior to v5.7.03.6112 are vulnerable to a SQL injection, which may allow an... | | |
| CVE-2021-22659 | Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attack... | | |
| CVE-2021-22660 | CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an atta... | | |
| CVE-2021-22661 | Changing the password on the module webpage does not require the user to type in the current passwor... | | |
| CVE-2021-22662 | A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way t... | | |
| CVE-2021-22663 | Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing... | | |
| CVE-2021-22664 | CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds write, which may allow an att... | | |
| CVE-2021-22665 | Rockwell Automation DriveTools SP v5.13 and below and Drives AOP v4.12 and below both contain a vuln... | | |
| CVE-2021-22666 | Fatek FvDesigner Version 1.5.76 and prior is vulnerable to a stack-based buffer overflow while proje... | | |
| CVE-2021-22667 | BB-ESWGP506-2SFP-T versions 1.01.09 and prior is vulnerable due to the use of hard-coded credentials... | M | |
| CVE-2021-22668 | Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2)... | | |
| CVE-2021-22669 | Incorrect permissions are set to default on the ‘Project Management’ page of WebAccess/SCADA portal ... | | |
| CVE-2021-22670 | An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the app... | | |
| CVE-2021-22671 | Multiple integer overflow issues exist while processing long domain names, which may allow an attack... | | |
| CVE-2021-22672 | Delta Electronics' CNCSoft ScreenEditor in versions prior to v1.01.30 could allow the corruption of ... | | |
| CVE-2021-22673 | The affected product is vulnerable to stack-based buffer overflow while processing over-the-air firm... | | |
| CVE-2021-22674 | The affected product is vulnerable to a relative path traversal condition, which may allow an attack... | S | |
| CVE-2021-22675 | The affected product is vulnerable to integer overflow while parsing malformed over-the-air firmware... | | |
| CVE-2021-22676 | UserExcelOut.asp within WebAccess/SCADA is vulnerable to cross-site scripting (XSS), which could all... | | |
| CVE-2021-22677 | An integer overflow exists in the APIs of the host MCU while trying to connect to a WIFI network may... | | |
| CVE-2021-22678 | Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing p... | | |
| CVE-2021-22679 | The affected product is vulnerable to an integer overflow while processing HTTP headers, which may a... | | |
| CVE-2021-22680 | NXP MQX Integer Overflow or Wraparound | S | |
| CVE-2021-22681 | Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions 16 t... | | |
| CVE-2021-22682 | Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, whic... | | |
| CVE-2021-22683 | Fatek FvDesigner Version 1.5.76 and prior is vulnerable to an out-of-bounds write while processing p... | | |
| CVE-2021-22684 | Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc... | | |
| CVE-2021-22685 | Cassia Networks Access Controller Path Traversal | S | |
| CVE-2021-22686 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-22687 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-22688 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-22689 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-22690 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-22691 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-22692 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-22693 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-22694 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-22695 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-22696 | OAuth 2 authorization service vulnerable to DDos attacks | S | |
| CVE-2021-22697 | A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure P... | | |
| CVE-2021-22698 | A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure P... | | |
| CVE-2021-22699 | Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior... | | |
| CVE-2021-22701 | A CWE-352: Cross-Site Request Forgery vulnerability exists in PowerLogic ION7400, ION7650, ION83xx/8... | M | |
| CVE-2021-22702 | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION740... | M | |
| CVE-2021-22703 | A CWE-319: Cleartext transmission of sensitive information vulnerability exists in PowerLogic ION740... | M | |
| CVE-2021-22704 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Harmon... | | |
| CVE-2021-22705 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that co... | S | |
| CVE-2021-22706 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne... | | |
| CVE-2021-22707 | A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 a... | | |
| CVE-2021-22708 | A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC... | | |
| CVE-2021-22709 | A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exis... | S | |
| CVE-2021-22710 | A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exis... | S | |
| CVE-2021-22711 | A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exis... | S | |
| CVE-2021-22712 | A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exis... | S | |
| CVE-2021-22713 | A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exis... | | |
| CVE-2021-22714 | A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exis... | | |
| CVE-2021-22716 | A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could all... | | |
| CVE-2021-22717 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | | |
| CVE-2021-22718 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | | |
| CVE-2021-22719 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | | |
| CVE-2021-22720 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | E | |
| CVE-2021-22721 | A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versio... | | |
| CVE-2021-22722 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting'... | | |
| CVE-2021-22723 | A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through ... | | |
| CVE-2021-22724 | A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to imp... | S | |
| CVE-2021-22725 | A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to imp... | S | |
| CVE-2021-22726 | A CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S... | | |
| CVE-2021-22727 | A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versio... | | |
| CVE-2021-22728 | A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versio... | | |
| CVE-2021-22729 | A CWE-259: Use of Hard-coded Password vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all ... | | |
| CVE-2021-22730 | A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 a... | | |
| CVE-2021-22731 | Weak Password Recovery Mechanism for Forgotten Password vulnerability exists on Modicon Managed Swit... | S | |
| CVE-2021-22732 | Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 a... | | |
| CVE-2021-22733 | Improper Privilege Management vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 a... | | |
| CVE-2021-22734 | Improper Verification of Cryptographic Signature vulnerability exists in homeLYnk (Wiser For KNX) an... | | |
| CVE-2021-22735 | Improper Verification of Cryptographic Signature vulnerability exists inhomeLYnk (Wiser For KNX) and... | | |
| CVE-2021-22736 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists ... | | |
| CVE-2021-22737 | Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk ... | | |
| CVE-2021-22738 | Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in homeLYnk (Wiser For KNX) an... | | |
| CVE-2021-22739 | Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior ... | | |
| CVE-2021-22740 | Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior ... | | |
| CVE-2021-22741 | Use of Password Hash with Insufficient Computational Effort vulnerability exists in ClearSCADA (all ... | S | |
| CVE-2021-22742 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP ... | | |
| CVE-2021-22743 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TCM 4351B inst... | | |
| CVE-2021-22744 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP ... | | |
| CVE-2021-22745 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP ... | | |
| CVE-2021-22746 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP ... | | |
| CVE-2021-22747 | Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP ... | | |
| CVE-2021-22748 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | S | |
| CVE-2021-22749 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modico... | | |
| CVE-2021-22750 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21041 and pr... | | |
| CVE-2021-22751 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and pr... | | |
| CVE-2021-22752 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and pr... | | |
| CVE-2021-22753 | A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and pri... | | |
| CVE-2021-22754 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and pr... | | |
| CVE-2021-22755 | A CWE-787: Out-of-bounds write vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and pr... | | |
| CVE-2021-22756 | A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and pri... | | |
| CVE-2021-22757 | A CWE-125: Out-of-bounds read vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and pri... | | |
| CVE-2021-22758 | A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.... | | |
| CVE-2021-22759 | A CWE-416: Use after free vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior t... | | |
| CVE-2021-22760 | A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) ... | | |
| CVE-2021-22761 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exi... | | |
| CVE-2021-22762 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists inIGSS De... | | |
| CVE-2021-22763 | A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists in PowerLogi... | | |
| CVE-2021-22764 | A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, Pow... | | |
| CVE-2021-22765 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and ne... | | |
| CVE-2021-22766 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and ne... | | |
| CVE-2021-22767 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and ne... | | |
| CVE-2021-22768 | A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and ne... | | |
| CVE-2021-22769 | A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 ... | | |
| CVE-2021-22770 | A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older ... | | |
| CVE-2021-22771 | A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easerg... | | |
| CVE-2021-22772 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbu... | | |
| CVE-2021-22773 | A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all ... | | |
| CVE-2021-22774 | A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC... | | |
| CVE-2021-22775 | A CWE-427: Uncontrolled Search Path Element vulnerability exists in GP-Pro EX,V4.09.250 and prior, t... | S | |
| CVE-2021-22777 | A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by... | | |
| CVE-2021-22778 | Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all version... | | |
| CVE-2021-22779 | Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions p... | | |
| CVE-2021-22780 | Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all version... | | |
| CVE-2021-22781 | Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all version... | | |
| CVE-2021-22782 | Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all version... | | |
| CVE-2021-22783 | A CWE-200: Information Exposure vulnerability exists which could allow a session hijack when the doo... | | |
| CVE-2021-22784 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.... | E | |
| CVE-2021-22785 | A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files... | S | |
| CVE-2021-22786 | A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive info... | S | |
| CVE-2021-22787 | A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the d... | S | |
| CVE-2021-22788 | A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attac... | S | |
| CVE-2021-22789 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability tha... | S | |
| CVE-2021-22790 | A CWE-125: Out-of-bounds Read vulnerability that could cause a Denial of Service on the Modicon PLC ... | S | |
| CVE-2021-22791 | A CWE-787: Out-of-bounds Write vulnerability that could cause a Denial of Service on the Modicon PLC... | S | |
| CVE-2021-22792 | A CWE-476: NULL Pointer Dereference vulnerability that could cause a Denial of Service on the Modico... | S | |
| CVE-2021-22793 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSin... | S | |
| CVE-2021-22794 | A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabilit... | | |
| CVE-2021-22795 | A CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') ... | | |
| CVE-2021-22796 | A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when ... | S | |
| CVE-2021-22797 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal) vulnerabilit... | S | |
| CVE-2021-22798 | A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data... | M | |
| CVE-2021-22799 | A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an ... | S | |
| CVE-2021-22800 | A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a... | S | |
| CVE-2021-22801 | A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command ... | M | |
| CVE-2021-22802 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remo... | S | |
| CVE-2021-22803 | A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to r... | S | |
| CVE-2021-22804 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that coul... | S | |
| CVE-2021-22805 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deleti... | S | |
| CVE-2021-22806 | A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data ex... | S | |
| CVE-2021-22807 | A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a... | | |
| CVE-2021-22808 | A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a mali... | | |
| CVE-2021-22809 | A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a... | | |
| CVE-2021-22810 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne... | M | |
| CVE-2021-22811 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne... | M | |
| CVE-2021-22812 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne... | M | |
| CVE-2021-22813 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne... | M | |
| CVE-2021-22814 | A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulne... | M | |
| CVE-2021-22815 | A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive t... | M | |
| CVE-2021-22816 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could caus... | | |
| CVE-2021-22817 | A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access t... | | |
| CVE-2021-22818 | A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could ... | S | |
| CVE-2021-22819 | A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could caus... | S | |
| CVE-2021-22820 | A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maint... | S | |
| CVE-2021-22821 | A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web s... | S | |
| CVE-2021-22822 | A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulner... | S | |
| CVE-2021-22823 | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deleti... | S | |
| CVE-2021-22824 | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in deni... | S | |
| CVE-2021-22825 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that coul... | | |
| CVE-2021-22826 | A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution w... | S | |
| CVE-2021-22827 | A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution w... | S | |
| CVE-2021-22847 | Hyweb HyCMS-J1 - SQL Injection | S | |
| CVE-2021-22848 | HGiga MailSherlock - SQL Injection-2 | S | |
| CVE-2021-22849 | Hyweb HyCMS-J1 - Stored XSS | S | |
| CVE-2021-22850 | HGiga OAKloud Portal - Security Misconfiguration | S | |
| CVE-2021-22851 | HGiga OAKloud Portal - SQL injection -1 | S | |
| CVE-2021-22852 | HGiga OAKloud Portal - SQL injection -2 | S | |
| CVE-2021-22853 | Soar Cloud System Co., Ltd. HR Portal - Broken Access Control | S | |
| CVE-2021-22854 | Soar Cloud System Co., Ltd. HR Portal - SQL Injection | S | |
| CVE-2021-22855 | Soar Cloud System Co., Ltd. HR Portal - Arbitrary Code Execution | S | |
| CVE-2021-22856 | ChanGate EnterPrise Co., Ltd property management system - SQL Injection | S | |
| CVE-2021-22857 | ChanGate EnterPrise Co., Ltd property management system - Directory Traversal | S | |
| CVE-2021-22858 | ChanGate EnterPrise Co., Ltd property management system - Broken Authentication | S | |
| CVE-2021-22859 | EIC e-document system - SQL Injection | S | |
| CVE-2021-22860 | EIC e-document system - Broken Authentication | S | |
| CVE-2021-22861 | Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories | | |
| CVE-2021-22862 | Improper access control in GitHub Enterprise Server leading to the disclosure of Actions secrets to forks | | |
| CVE-2021-22863 | Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests | | |
| CVE-2021-22864 | Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server | | |
| CVE-2021-22865 | Improper access control in GitHub Enterprise Server leading to unauthorized read access to private repository metadata | | |
| CVE-2021-22866 | UI misrepresentation of granted permissions in GitHub Enterprise Server leading to unauthorized access to user resources | | |
| CVE-2021-22867 | Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server | | |
| CVE-2021-22868 | Unsafe configuration options in GitHub Pages leading to path traversal on GitHub Enterprise Server | | |
| CVE-2021-22869 | Improper access control in GitHub Enterprise Server allows self-hosted runners to execute outside their control group | | |
| CVE-2021-22870 | Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access | | |
| CVE-2021-22871 | Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious con... | E S | |
| CVE-2021-22872 | Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability v... | E S | |
| CVE-2021-22873 | Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` ... | E | |
| CVE-2021-22874 | Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via... | E S | |
| CVE-2021-22875 | Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `se... | E S | |
| CVE-2021-22876 | curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to ... | E S | |
| CVE-2021-22877 | A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials f... | E S | |
| CVE-2021-22878 | Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack o... | E S | |
| CVE-2021-22879 | Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing valida... | E S | |
| CVE-2021-22880 | The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expr... | E S | |
| CVE-2021-22881 | The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redire... | E S | |
| CVE-2021-22882 | UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-servic... | | |
| CVE-2021-22883 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack wh... | S | |
| CVE-2021-22884 | Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the ... | E S | |
| CVE-2021-22885 | A possible information disclosure / unintended method execution vulnerability in Action Pack >= 2.0.... | E | |
| CVE-2021-22886 | Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS)... | S | |
| CVE-2021-22887 | A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could a... | S | |
| CVE-2021-22888 | Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` paramet... | E S | |
| CVE-2021-22889 | Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown`... | E S | |
| CVE-2021-22890 | curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MI... | E S | |
| CVE-2021-22891 | A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7... | S | |
| CVE-2021-22892 | An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.1... | E | |
| CVE-2021-22893 | Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability ... | KEV | |
| CVE-2021-22894 | A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authe... | KEV | |
| CVE-2021-22895 | Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack o... | E S | |
| CVE-2021-22896 | Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check a... | S | |
| CVE-2021-22897 | curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake i... | E S | |
| CVE-2021-22898 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, kn... | E S | |
| CVE-2021-22899 | A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote aut... | KEV | |
| CVE-2021-22900 | A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that c... | KEV | |
| CVE-2021-22901 | curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed me... | E S | |
| CVE-2021-22902 | The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.... | E S | |
| CVE-2021-22903 | The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Speciall... | S | |
| CVE-2021-22904 | The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of se... | E S | |
| CVE-2021-22905 | Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure ... | E | |
| CVE-2021-22906 | Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulne... | E | |
| CVE-2021-22907 | An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allo... | | |
| CVE-2021-22908 | A buffer overflow vulnerability exists in Windows File Resource Profiles in 9.X allows a remote auth... | | |
| CVE-2021-22909 | A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to exec... | | |
| CVE-2021-22910 | A sanitization vulnerability exists in Rocket.Chat server versions <3.13.2, <3.12.4, <3.11.4 that al... | E | |
| CVE-2021-22911 | A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that coul... | E | |
| CVE-2021-22912 | Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sh... | E | |
| CVE-2021-22913 | Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searche... | | |
| CVE-2021-22914 | Citrix Cloud Connector before 6.31.0.62192 suffers from insecure storage of sensitive information du... | | |
| CVE-2021-22915 | Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of... | | |
| CVE-2021-22916 | In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser e... | | |
| CVE-2021-22917 | Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way ... | | |
| CVE-2021-22918 | Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii... | E S | |
| CVE-2021-22919 | A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gatew... | | |
| CVE-2021-22920 | A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gatew... | | |
| CVE-2021-22921 | Node.js before 16.4.1, 14.17.2, and 12.22.2 is vulnerable to local privilege escalation attacks unde... | E S | |
| CVE-2021-22922 | When curl is instructed to download content using the metalink feature, thecontents is verified agai... | E S | |
| CVE-2021-22923 | When curl is instructed to get content using the metalink feature, and a user name and password are ... | E S | |
| CVE-2021-22924 | libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if ... | E S | |
| CVE-2021-22925 | curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely ... | E S | |
| CVE-2021-22926 | libcurl-using applications can ask for a specific client certificate to be used in a transfer. This ... | E S | |
| CVE-2021-22927 | A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured ... | | |
| CVE-2021-22928 | A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, al... | S | |
| CVE-2021-22929 | An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged war... | E S | |
| CVE-2021-22930 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attack... | S | |
| CVE-2021-22931 | Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application... | E S | |
| CVE-2021-22932 | An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones con... | | |
| CVE-2021-22933 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to ... | | |
| CVE-2021-22934 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator or ... | | |
| CVE-2021-22935 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to ... | | |
| CVE-2021-22936 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-... | | |
| CVE-2021-22937 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to ... | | |
| CVE-2021-22938 | A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to ... | | |
| CVE-2021-22939 | If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthori... | E S | |
| CVE-2021-22940 | Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attack... | S | |
| CVE-2021-22941 | Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an una... | KEV | |
| CVE-2021-22942 | A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 ... | S | |
| CVE-2021-22943 | A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who... | | |
| CVE-2021-22944 | A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with... | | |
| CVE-2021-22945 | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances errone... | E S | |
| CVE-2021-22946 | A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to... | E S | |
| CVE-2021-22947 | When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS... | E S | |
| CVE-2021-22948 | Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographi... | E S | |
| CVE-2021-22949 | A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to duplicate files which can lead ... | | |
| CVE-2021-22950 | Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the convers... | | |
| CVE-2021-22951 | Unauthorized individuals could view password protected files using view_inline in Concrete CMS (prev... | | |
| CVE-2021-22952 | A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who ha... | | |
| CVE-2021-22953 | A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to ... | | |
| CVE-2021-22954 | A cross-site request forgery vulnerability exists in Concrete CMS | | |
| CVE-2021-22955 | A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and ... | | |
| CVE-2021-22956 | An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and... | | |
| CVE-2021-22957 | A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19... | S | |
| CVE-2021-22958 | A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal no... | | |
| CVE-2021-22959 | The parser in accepts requests with a space (SP) right after the header name before the colon. This ... | E S | |
| CVE-2021-22960 | The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of ... | E S | |
| CVE-2021-22961 | A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could ... | | |
| CVE-2021-22962 | An attacker can send a specially crafted request which could lead to leakage of sensitive data or po... | | |
| CVE-2021-22963 | A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to red... | E | |
| CVE-2021-22964 | A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote a... | E S | |
| CVE-2021-22965 | A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator... | | |
| CVE-2021-22966 | Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If ... | | |
| CVE-2021-22967 | In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restri... | | |
| CVE-2021-22968 | A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote ... | E | |
| CVE-2021-22969 | Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind... | | |
| CVE-2021-22970 | Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importin... | | |
| CVE-2021-22973 | On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x befor... | | |
| CVE-2021-22974 | On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x b... | | |
| CVE-2021-22975 | On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under ... | | |
| CVE-2021-22976 | On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 1... | | |
| CVE-2021-22977 | On BIG-IP version 16.0.0-16.0.1 and 14.1.2.4-14.1.3, cooperation between malicious HTTP client code ... | | |
| CVE-2021-22978 | On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before ... | | |
| CVE-2021-22979 | On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before ... | | |
| CVE-2021-22980 | In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.... | | |
| CVE-2021-22981 | On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the ma... | | |
| CVE-2021-22982 | On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d d... | | |
| CVE-2021-22983 | On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, auth... | | |
| CVE-2021-22984 | On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before... | | |
| CVE-2021-22985 | On BIG-IP APM version 16.0.x before 16.0.1.1, under certain conditions, when processing VPN traffic ... | | |
| CVE-2021-22986 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | KEV E | |
| CVE-2021-22987 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | | |
| CVE-2021-22988 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | | |
| CVE-2021-22989 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | | |
| CVE-2021-22990 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | | |
| CVE-2021-22991 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | KEV | |
| CVE-2021-22992 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | | |
| CVE-2021-22993 | On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x ... | | |
| CVE-2021-22994 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | | |
| CVE-2021-22995 | On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum devi... | | |
| CVE-2021-22996 | On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device... | | |
| CVE-2021-22997 | On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement any... | | |
| CVE-2021-22998 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x befo... | | |
| CVE-2021-22999 | On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to c... | |