| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-23000 | On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enab... | | |
| CVE-2021-23001 | On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1... | | |
| CVE-2021-23002 | When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x b... | | |
| CVE-2021-23003 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x befo... | | |
| CVE-2021-23004 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x befo... | | |
| CVE-2021-23005 | On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availabilit... | | |
| CVE-2021-23006 | On all 7.x and 6.x versions (fixed in 8.0.0), undisclosed BIG-IQ pages have a reflected cross-site s... | | |
| CVE-2021-23007 | On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handle... | E S | |
| CVE-2021-23008 | On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, a... | | |
| CVE-2021-23009 | On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cau... | | |
| CVE-2021-23010 | On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1... | | |
| CVE-2021-23011 | On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4... | | |
| CVE-2021-23012 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x be... | | |
| CVE-2021-23013 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before... | | |
| CVE-2021-23014 | On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP Advanced ... | | |
| CVE-2021-23015 | On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions ... | | |
| CVE-2021-23016 | On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all v... | | |
| CVE-2021-23017 | A security issue in nginx resolver was identified, which might allow an attacker who is able to forg... | S | |
| CVE-2021-23018 | Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.... | | |
| CVE-2021-23019 | The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in... | | |
| CVE-2021-23020 | The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashin... | | |
| CVE-2021-23021 | The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is w... | | |
| CVE-2021-23022 | On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows ... | | |
| CVE-2021-23023 | On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in... | | |
| CVE-2021-23024 | On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has ... | E | |
| CVE-2021-23025 | On version 15.1.x before 15.1.0.5, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all versions ... | | |
| CVE-2021-23026 | BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 1... | M | |
| CVE-2021-23027 | On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based c... | M | |
| CVE-2021-23028 | On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before... | M | |
| CVE-2021-23029 | On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with... | M | |
| CVE-2021-23030 | On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x... | M | |
| CVE-2021-23031 | On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.... | M | |
| CVE-2021-23032 | On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 1... | | |
| CVE-2021-23033 | On BIG-IP Advanced WAF and BIG-IP ASM version 16.x before 16.1.0x, 15.1.x before 15.1.3.1, 14.1.x be... | | |
| CVE-2021-23034 | On BIG-IP version 16.x before 16.1.0 and 15.1.x before 15.1.3.1, when a DNS profile using a DNS cach... | | |
| CVE-2021-23035 | On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a sp... | M | |
| CVE-2021-23036 | On version 16.0.x before 16.0.1.2, when a BIG-IP ASM and DataSafe profile are configured on a virtua... | M | |
| CVE-2021-23037 | On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-sit... | M | |
| CVE-2021-23038 | On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.... | M | |
| CVE-2021-23039 | On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of... | M | |
| CVE-2021-23040 | On BIG-IP AFM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x b... | | |
| CVE-2021-23041 | On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x befor... | | |
| CVE-2021-23042 | On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before ... | | |
| CVE-2021-23043 | On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a director... | | |
| CVE-2021-23044 | On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before ... | | |
| CVE-2021-23045 | On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x bef... | | |
| CVE-2021-23046 | On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure prop... | | |
| CVE-2021-23047 | On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 1... | | |
| CVE-2021-23048 | On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x bef... | | |
| CVE-2021-23049 | On BIG-IP version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3, when the iRules RESOLVER::summari... | | |
| CVE-2021-23050 | On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2 and 15.1.x before 15.1.3 and NG... | | |
| CVE-2021-23051 | On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Netwo... | | |
| CVE-2021-23052 | On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists ... | | |
| CVE-2021-23053 | On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute ... | | |
| CVE-2021-23054 | On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.... | M | |
| CVE-2021-23055 | On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippe... | M | |
| CVE-2021-23056 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23057 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23058 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23059 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23060 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23061 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23062 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23063 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23064 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23065 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23066 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23067 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23068 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23069 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23070 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23071 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23072 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23073 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23074 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23075 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23076 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23077 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23078 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23079 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23080 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23081 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23082 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23083 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23084 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23085 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23086 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23087 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23088 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23089 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23090 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23091 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23092 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23093 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23094 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23095 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23096 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23097 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23098 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23099 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23100 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23101 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23102 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23103 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23104 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23105 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23106 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23107 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23108 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23109 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23110 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23111 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23112 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23113 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23114 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23115 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23116 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23117 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23118 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23119 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23120 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23121 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23122 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-23123 | [20210101] - Core - com_modules exposes module names | | |
| CVE-2021-23124 | [20210102] - Core - XSS in mod_breadcrumbs aria-label attribute | | |
| CVE-2021-23125 | [20210103] - Core - XSS in com_tags image parameters | | |
| CVE-2021-23126 | [20210301] - Core - Insecure randomness within 2FA secret generation | | |
| CVE-2021-23127 | [20210301] - Core - Insecure randomness within 2FA secret generation | | |
| CVE-2021-23128 | [20210302] - Core - Potential Insecure FOFEncryptRandval | | |
| CVE-2021-23129 | [20210303] - Core - XSS within alert messages showed to users | | |
| CVE-2021-23130 | [20210304] - Core - XSS within the feed parser library | | |
| CVE-2021-23131 | [20210305] - Core - Input validation within the template manager | | |
| CVE-2021-23132 | [20210306] - Core - com_media allowed paths that are not intended for image uploads | | |
| CVE-2021-23133 | Linux Kernel sctp_destroy_sock race condition | E S | |
| CVE-2021-23134 | Linux kernel llcp_sock_bind/connect use-after-free | S | |
| CVE-2021-23135 | Argo CD leaked secret data into error messages and logs on invalid edits via UI | S | |
| CVE-2021-23136 | Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be... | | |
| CVE-2021-23138 | WECON LeviStudioU | M | |
| CVE-2021-23139 | A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could... | S | |
| CVE-2021-23140 | Improper Authorization vulnerability in Gallagher Command Centre Server allows command line macros t... | | |
| CVE-2021-23145 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23146 | An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an at... | | |
| CVE-2021-23147 | Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient protections for the UART console.... | | |
| CVE-2021-23150 | WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-23151 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-23152 | Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenti... | S | |
| CVE-2021-23154 | Command injection in Lens causes arbitrary shell command execution when malicious custom helm chart configuration provided | | |
| CVE-2021-23155 | Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack ... | | |
| CVE-2021-23156 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-23157 | WECON LeviStudioU | M | |
| CVE-2021-23158 | A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may res... | E S | |
| CVE-2021-23159 | A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() i... | E | |
| CVE-2021-23161 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-23162 | Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack... | | |
| CVE-2021-23163 | JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Fo... | S | |
| CVE-2021-23165 | A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-... | E S | |
| CVE-2021-23166 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows au... | S | |
| CVE-2021-23167 | Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retr... | | |
| CVE-2021-23168 | Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an ... | S | |
| CVE-2021-23169 | A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3... | | |
| CVE-2021-23172 | A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hco... | E | |
| CVE-2021-23173 | ICSMA-22-006-01 Philips Engage Software | S | |
| CVE-2021-23174 | WordPress Download Monitor plugin <= 4.4.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2021-23175 | NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not ... | | |
| CVE-2021-23176 | Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier... | S | |
| CVE-2021-23177 | An improper link resolution flaw while extracting an archive can lead to changing the access control... | S | |
| CVE-2021-23178 | Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allo... | S | |
| CVE-2021-23179 | Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) p... | S | |
| CVE-2021-23180 | A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in f... | E S | |
| CVE-2021-23182 | Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Serve... | | |
| CVE-2021-23185 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-23186 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows au... | S | |
| CVE-2021-23188 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allo... | S | |
| CVE-2021-23191 | A security issue was found in htmldoc v1.9.12 and before. A NULL pointer dereference in the function... | E S | |
| CVE-2021-23192 | A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very lar... | S | |
| CVE-2021-23193 | Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allo... | | |
| CVE-2021-23195 | Fresenius Kabi Agilia Connect Infusion System exposure of information through directory listing | S | |
| CVE-2021-23196 | Fresenius Kabi Agilia Connect Infusion System insufficiently protected credentials | S | |
| CVE-2021-23197 | Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user ... | | |
| CVE-2021-23198 | mySCADA myPRO | S | |
| CVE-2021-23199 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-23201 | NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allo... | | |
| CVE-2021-23203 | Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise... | S | |
| CVE-2021-23204 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre... | | |
| CVE-2021-23205 | Improper Encoding or Escaping in Gallagher Command Centre Server allows a Command Centre Operator to... | | |
| CVE-2021-23206 | A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parse_table() in ps-pdf... | E S | |
| CVE-2021-23207 | Fresenius Kabi Agilia Connect Infusion System plaintext storage of a password | S | |
| CVE-2021-23209 | WordPress AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.32 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities | S | |
| CVE-2021-23210 | A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of... | E | |
| CVE-2021-23211 | Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Serve... | | |
| CVE-2021-23212 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-23214 | When the server is configured to use trust authentication with a clientcert requirement or to use ce... | S | |
| CVE-2021-23215 | An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in v... | S | |
| CVE-2021-23217 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may all... | | |
| CVE-2021-23218 | Memory Leak in Mirantis Container Runtime (MCR) running in FIPS mode causes a Denial of Service | M | |
| CVE-2021-23219 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may all... | | |
| CVE-2021-23220 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-23222 | A man-in-the-middle attacker can inject false responses to the client's first few queries, despite t... | S | |
| CVE-2021-23223 | Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allo... | S | |
| CVE-2021-23224 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-23225 | Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web scr... | | |
| CVE-2021-23227 | WordPress PHP Everywhere Plugin <= 2.0.2 is vulnerable to Cross Site Request Forgery (CSRF) | S | |
| CVE-2021-23228 | Delta Electronics DIAEnergie (Update A) | S | |
| CVE-2021-23230 | A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unp... | | |
| CVE-2021-23232 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-23233 | Fresenius Kabi Agilia Connect Infusion System | S | |
| CVE-2021-23236 | Fresenius Kabi Agilia Connect Infusion System uncontrolled resource consumption | S | |
| CVE-2021-23239 | The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitra... | E | |
| CVE-2021-23240 | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain f... | E S | |
| CVE-2021-23241 | MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ in conjunction with a loginLes... | E | |
| CVE-2021-23242 | MERCUSYS Mercury X18G 1.0.5 devices allow Directory Traversal via ../ to the UPnP server, as demonst... | E | |
| CVE-2021-23243 | In Oppo's battery application, the third-party SDK provides the function of loading a third-party Pr... | | |
| CVE-2021-23244 | ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-gra... | | |
| CVE-2021-23246 | In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion,... | | |
| CVE-2021-23247 | A command injection vulerability found in quick game engine allows arbitrary remote code in quick ap... | | |
| CVE-2021-23253 | Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a mali... | | |
| CVE-2021-23258 | Spring SPEL Expression Language Injection | | |
| CVE-2021-23259 | Groovy Sandbox Bypass | | |
| CVE-2021-23260 | Stored XSS Vulnerability in File Name of the File Upload function | | |
| CVE-2021-23261 | Overriding the system configuration file causes a denial of service | | |
| CVE-2021-23262 | Snakeyaml deserialization vulnerability bypass | | |
| CVE-2021-23263 | Transmission of Private Resources into a New Sphere ('Resource Leak') in Crafter Engine | | |
| CVE-2021-23264 | Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search | M | |
| CVE-2021-23265 | Improper Privilege Management in Crafter Studio | | |
| CVE-2021-23266 | Improper Output Neutralization for Logs in Crafter Studio | | |
| CVE-2021-23267 | Improper Control of Dynamically-Managed Code Resources in Crafter Studio | | |
| CVE-2021-23270 | In Gargoyle OS 1.12.0, when IPv6 is used, a routing loop can occur that generates excessive network ... | S | |
| CVE-2021-23271 | TIBCO EBX Cross Site Scripting (XSS) | S | |
| CVE-2021-23272 | TIBCO BPM Cross Site Scripting (XSS) | S | |
| CVE-2021-23273 | TIBCO Spotfire Cross Site Scripting Vulnerability | S | |
| CVE-2021-23274 | TIBCO API Exchange Gateway Clickjack Vulnerability | S | |
| CVE-2021-23275 | TIBCO Spotfire Windows Platform Installation vulnerability | S | |
| CVE-2021-23276 | Improper Neutralization of Special Elements used in an SQL Command | S | |
| CVE-2021-23277 | Improper Neutralization of Directives in Dynamically Evaluated Code | S | |
| CVE-2021-23278 | Arbitrary File delete | S | |
| CVE-2021-23279 | Arbitrary File delete | S | |
| CVE-2021-23280 | Arbitrary File upload | S | |
| CVE-2021-23281 | Remote Code execution | S | |
| CVE-2021-23282 | Stored Cross-site Scripting reported in Intelligent Power Manager v1 | S | |
| CVE-2021-23283 | Security issues in Eaton Intelligent Power Protector (IPP) | S | |
| CVE-2021-23284 | Security issues in Eaton Intelligent Power Manager Infrastructure | S | |
| CVE-2021-23285 | Security issues in Eaton Intelligent Power Manager Infrastructure | S | |
| CVE-2021-23286 | Security issues in Eaton Intelligent Power Manager Infrastructure | S | |
| CVE-2021-23287 | Security issues in Intelligent Power Manager (IPM 1) | S | |
| CVE-2021-23288 | Security issues in Intelligent Power Protector | S | |
| CVE-2021-23326 | Command Injection | S | |
| CVE-2021-23327 | Cross-site Scripting (XSS) | E S | |
| CVE-2021-23328 | Prototype Pollution | E | |
| CVE-2021-23329 | Prototype Pollution | E S | |
| CVE-2021-23330 | Command Injection | E S | |
| CVE-2021-23331 | Insecure Temporary File | | |
| CVE-2021-23334 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-23335 | LDAP Injection | E | |
| CVE-2021-23336 | Web Cache Poisoning | E S | |
| CVE-2021-23337 | Command Injection | E S | |
| CVE-2021-23338 | Deserialization of Untrusted Data | E S | |
| CVE-2021-23339 | HTTP Request Smuggling | | |
| CVE-2021-23340 | Local File Inclusion | E S | |
| CVE-2021-23341 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23342 | Cross-site Scripting (XSS) | E S | |
| CVE-2021-23343 | Regular Expression Denial of Service (ReDoS) | E | |
| CVE-2021-23344 | Remote Code Execution (RCE) | E S | |
| CVE-2021-23345 | Server-side Request Forgery (SSRF) | E | |
| CVE-2021-23346 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23347 | Cross-site Scripting (XSS) | S | |
| CVE-2021-23348 | Arbitrary Command Injection | E S | |
| CVE-2021-23351 | Denial of Service (DoS) | S | |
| CVE-2021-23352 | Command Injection | E S | |
| CVE-2021-23353 | Regular Expression Denial of Service (ReDoS) | S | |
| CVE-2021-23354 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23355 | Arbitrary Command Injection | E | |
| CVE-2021-23356 | Arbitrary Command Injection | E | |
| CVE-2021-23357 | Directory Traversal | E | |
| CVE-2021-23358 | Arbitrary Code Injection | E | |
| CVE-2021-23359 | Arbitrary Command Injection | E | |
| CVE-2021-23360 | Arbitrary Command Injection | E S | |
| CVE-2021-23361 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-23362 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23363 | Arbitrary Command Injection | E S | |
| CVE-2021-23364 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23365 | Authentication Bypass | S | |
| CVE-2021-23368 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23369 | Remote Code Execution (RCE) | E S | |
| CVE-2021-23370 | Prototype Pollution | E S | |
| CVE-2021-23371 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23372 | Denial of Service (DoS) | | |
| CVE-2021-23373 | Prototype Pollution | E | |
| CVE-2021-23374 | Arbitrary Command Injection | E | |
| CVE-2021-23375 | Arbitrary Command Injection | E | |
| CVE-2021-23376 | Arbitrary Command Injection | E | |
| CVE-2021-23377 | Arbitrary Command Injection | E | |
| CVE-2021-23378 | Arbitrary Command Injection | E | |
| CVE-2021-23379 | Arbitrary Command Injection | E | |
| CVE-2021-23380 | Arbitrary Command Injection | E | |
| CVE-2021-23381 | Arbitrary Command Injection | E | |
| CVE-2021-23382 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23383 | Prototype Pollution | E S | |
| CVE-2021-23384 | Open Redirect | E | |
| CVE-2021-23385 | Open Redirect | E | |
| CVE-2021-23386 | Remote Memory Exposure | S | |
| CVE-2021-23387 | Open Redirect | E S | |
| CVE-2021-23388 | Regular Expression Denial of Service (ReDoS) | S | |
| CVE-2021-23389 | Arbitrary Code Execution | E S | |
| CVE-2021-23390 | Arbitrary Code Execution | E S | |
| CVE-2021-23391 | Arbitrary File Write via Archive Extraction (Zip Slip) | E | |
| CVE-2021-23392 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23393 | Open Redirect | S | |
| CVE-2021-23394 | Remote Code Execution (RCE) | E S | |
| CVE-2021-23395 | Prototype Pollution | E | |
| CVE-2021-23396 | Prototype Pollution | E | |
| CVE-2021-23397 | Prototype Pollution | E | |
| CVE-2021-23398 | Cross-site Scripting (XSS) | E | |
| CVE-2021-23399 | Arbitrary Command Injection | E | |
| CVE-2021-23400 | HTTP Header Injection | E S | |
| CVE-2021-23401 | Open Redirect | E | |
| CVE-2021-23402 | Prototype Pollution | E | |
| CVE-2021-23403 | Prototype Pollution | E | |
| CVE-2021-23404 | Cross-site Request Forgery (CSRF) | E | |
| CVE-2021-23405 | SQL Injection | E S | |
| CVE-2021-23406 | Remote Code Execution (RCE) | E S | |
| CVE-2021-23407 | Directory Traversal | E S | |
| CVE-2021-23408 | Prototype Pollution | E S | |
| CVE-2021-23409 | Denial of Service (DoS) | S | |
| CVE-2021-23410 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-23411 | Cross-site Scripting (XSS) | E | |
| CVE-2021-23412 | Command Injection | E | |
| CVE-2021-23413 | Denial of Service (DoS) | E S | |
| CVE-2021-23414 | Cross-site Scripting (XSS) | E S | |
| CVE-2021-23415 | Directory Traversal | E S | |
| CVE-2021-23416 | Cross-site Scripting (XSS) | E | |
| CVE-2021-23417 | Prototype Pollution | E | |
| CVE-2021-23418 | XML External Entity (XXE) Injection | E S | |
| CVE-2021-23419 | Prototype Pollution | E S | |
| CVE-2021-23420 | Deserialization of Untrusted Data | E S | |
| CVE-2021-23421 | Prototype Pollution | E | |
| CVE-2021-23422 | Arbitrary Code Injection | S | |
| CVE-2021-23423 | Directory Traversal | E S | |
| CVE-2021-23424 | Regular Expression Denial of Service (ReDoS) | E | |
| CVE-2021-23425 | Regular Expression Denial of Service (ReDoS) | E | |
| CVE-2021-23426 | Prototype Pollution | E M | |
| CVE-2021-23427 | Arbitrary File Write via Archive Extraction (Zip Slip) | E | |
| CVE-2021-23428 | Directory Traversal | | |
| CVE-2021-23429 | Denial of Service (DoS) | E | |
| CVE-2021-23430 | Directory Traversal | E | |
| CVE-2021-23431 | Cross-site Request Forgery (CSRF) | S | |
| CVE-2021-23432 | Prototype Pollution | E | |
| CVE-2021-23433 | Prototype Pollution | E S | |
| CVE-2021-23434 | Prototype Pollution | E S | |
| CVE-2021-23435 | Open Redirect | S | |
| CVE-2021-23436 | Prototype Pollution | E S | |
| CVE-2021-23437 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23438 | Prototype Pollution | E S | |
| CVE-2021-23439 | Cross-site Scripting (XSS) | S | |
| CVE-2021-23440 | Prototype Pollution | E S | |
| CVE-2021-23441 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-23442 | Prototype Pollution | E S | |
| CVE-2021-23443 | Cross-site Scripting (XSS) | E S | |
| CVE-2021-23444 | Prototype Pollution | E S | |
| CVE-2021-23445 | Cross-site Scripting (XSS) | E S | |
| CVE-2021-23446 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23447 | Cross-site Scripting (XSS) | E S | |
| CVE-2021-23448 | Prototype Pollution | E M | |
| CVE-2021-23449 | Sandbox Bypass | E S | |
| CVE-2021-23450 | Prototype Pollution | E S | |
| CVE-2021-23451 | Insecure Randomness | S | |
| CVE-2021-23452 | Prototype Pollution | E | |
| CVE-2021-23460 | Prototype Pollution | E S | |
| CVE-2021-23463 | XML External Entity (XXE) Injection | E S | |
| CVE-2021-23470 | Prototype Pollution | E S | |
| CVE-2021-23472 | Cross-site Scripting (XSS) | E S | |
| CVE-2021-23484 | Arbitrary File Write via Archive Extraction (Zip Slip) | E S | |
| CVE-2021-23490 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2021-23495 | Open Redirect | S | |
| CVE-2021-23497 | Prototype Pollution | E S | |
| CVE-2021-23507 | Prototype Pollution | E S | |
| CVE-2021-23509 | Prototype Pollution | E S | |
| CVE-2021-23514 | Path Traversal | E S | |
| CVE-2021-23518 | Prototype Pollution | E S | |
| CVE-2021-23520 | Arbitrary File Write via Archive Extraction (Zip Slip) | E S | |
| CVE-2021-23521 | Link Following | E S | |
| CVE-2021-23543 | Sandbox Bypass | E | |
| CVE-2021-23555 | Sandbox Bypass | E S | |
| CVE-2021-23556 | Exposed Dangerous Method or Function | E S | |
| CVE-2021-23558 | Prototype Pollution | E S | |
| CVE-2021-23561 | Prototype Pollution | E M | |
| CVE-2021-23562 | Arbitrary File Upload | S | |
| CVE-2021-23566 | Information Exposure | E S | |
| CVE-2021-23567 | Denial of Service (DoS) | E S | |
| CVE-2021-23568 | Prototype Pollution | E S | |
| CVE-2021-23574 | Prototype Pollution | E S | |
| CVE-2021-23592 | Deserialization of Untrusted Data | S | |
| CVE-2021-23594 | Sandbox Bypass | E | |
| CVE-2021-23597 | Denial of Service (DoS) | E S | |
| CVE-2021-23624 | Prototype Pollution | E S | |
| CVE-2021-23631 | Directory Traversal | E | |
| CVE-2021-23632 | Remote Code Execution (RCE) | E | |
| CVE-2021-23639 | Remote Code Execution (RCE) | E S | |
| CVE-2021-23648 | Cross-site Scripting (XSS) | E S | |
| CVE-2021-23654 | Improper Input Validation | E | |
| CVE-2021-23663 | Prototype Pollution | E M | |
| CVE-2021-23664 | Server-side Request Forgery (SSRF) | E S | |
| CVE-2021-23673 | Cross-site Scripting (XSS) | E | |
| CVE-2021-23682 | Prototype Pollution | E S | |
| CVE-2021-23700 | Prototype Pollution | E M | |
| CVE-2021-23702 | Prototype Pollution | E | |
| CVE-2021-23718 | Server-side Request Forgery (SSRF) | E | |
| CVE-2021-23727 | Stored Command Injection | E | |
| CVE-2021-23732 | Arbitrary Code Execution | E | |
| CVE-2021-23758 | Deserialization of Untrusted Data | S | |
| CVE-2021-23760 | Prototype Pollution | E | |
| CVE-2021-23771 | Sandbox Bypass | E | |
| CVE-2021-23772 | Arbitrary File Write | E S | |
| CVE-2021-23784 | Cross-site Scripting (XSS) | E S | |
| CVE-2021-23792 | XML External Entity (XXE) Injection | S | |
| CVE-2021-23797 | Directory Traversal | E | |
| CVE-2021-23803 | Access Control Bypass | E S | |
| CVE-2021-23807 | Prototype Pollution | E S | |
| CVE-2021-23814 | This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() functio... | | |
| CVE-2021-23820 | Prototype Pollution | E S | |
| CVE-2021-23824 | Content Injection | E S | |
| CVE-2021-23827 | Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attac... | E | |
| CVE-2021-23835 | An issue was discovered in flatCore before 2.0.0 build 139. A local file disclosure vulnerability wa... | E | |
| CVE-2021-23836 | An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identifie... | E | |
| CVE-2021-23837 | An issue was discovered in flatCore before 2.0.0 build 139. A time-based blind SQL injection was ide... | E | |
| CVE-2021-23838 | An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identi... | E | |
| CVE-2021-23839 | Incorrect SSLv2 rollback protection | S | |
| CVE-2021-23840 | Integer overflow in CipherUpdate | S | |
| CVE-2021-23841 | Null pointer deref in X509_issuer_and_serial_hash() | S | |
| CVE-2021-23842 | Use of Hard-coded Cryptographic Key | M | |
| CVE-2021-23843 | Lack of authentication mechanisms on the device | M | |
| CVE-2021-23845 | B426 Web Configuration Authentication Bypass | | |
| CVE-2021-23846 | B426 Credential Disclosure | | |
| CVE-2021-23847 | Unauthenticated Information Extraction Vulnerability | | |
| CVE-2021-23848 | Reflected XSS in URL handler | | |
| CVE-2021-23849 | Cross Site Request Forgery (CSRF) vulnerability in web based management interface | | |
| CVE-2021-23850 | Buffer Overflow vulnerability in the recovery image telnet server | | |
| CVE-2021-23851 | Buffer Overflow vulnerability in the recovery image web-based interface | | |
| CVE-2021-23852 | Denial of Service (DoS) due to invalid web parameter | | |
| CVE-2021-23853 | Improper Input Validation of HTTP Headers | | |
| CVE-2021-23854 | Reflected XSS in page parameter | | |
| CVE-2021-23855 | Information disclosure | | |
| CVE-2021-23856 | Reflected Cross-Site-Scripting | | |
| CVE-2021-23857 | Login with hash | | |
| CVE-2021-23858 | Information disclosure | | |
| CVE-2021-23859 | Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products | | |
| CVE-2021-23860 | Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS | | |
| CVE-2021-23861 | Possible Access to Debug Functions in Bosch VRM / BVMS | | |
| CVE-2021-23862 | Authenticated Remote Code Execution | | |
| CVE-2021-23863 | HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or ea... | | |
| CVE-2021-23872 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) | | |
| CVE-2021-23873 | McAfee Total Protection (MTP) privilege escalation vulnerability | | |
| CVE-2021-23874 | McAfee Total Protection (MTP) privilege escalation vulnerability | KEV | |
| CVE-2021-23876 | McAfee Total Protection (MTP) Bypass Remote Procedure call vulnerability | | |
| CVE-2021-23877 | McAfee Total Protection (MTP) - Privilege Escalation vulnerability | | |
| CVE-2021-23878 | Clear text storage of sensitive Information in ENS | | |
| CVE-2021-23879 | Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and ... | | |
| CVE-2021-23880 | Improper Access Control in the ENS installer | | |
| CVE-2021-23881 | Stored Cross Site Scripting in ENS | | |
| CVE-2021-23882 | Improper Access Control in the ENS installer | | |
| CVE-2021-23883 | Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) | | |
| CVE-2021-23884 | Clear text exposure of password in McAfee CSR ePO extension | | |
| CVE-2021-23885 | Privilege escalation vulnerability in McAfee Web Gateway (MWG) UI | | |
| CVE-2021-23886 | Local Denial of Service in McAfee DLP Endpoint for Windows | | |
| CVE-2021-23887 | Privilege escalation in McAfee DLP Endpoint for Windows | | |
| CVE-2021-23888 | McAfee ePO unvalidated URL redirect vulnerability | | |
| CVE-2021-23889 | McAfee ePO Cross-site Scripting vulnerability | | |
| CVE-2021-23890 | McAfee ePO Information Leak vulnerability | | |
| CVE-2021-23891 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) | | |
| CVE-2021-23892 | By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security fo... | | |
| CVE-2021-23893 | Privilege Escalation vulnerability in McAfee Drive Encryption (MDE) | | |
| CVE-2021-23894 | Unauthorized deserialization of untrusted data in McAfee DBSec | | |
| CVE-2021-23895 | Authorized deserialization of untrusted data in McAfee DBSec | | |
| CVE-2021-23896 | Cleartext Transmission of Sensitive Information in McAfee DBSec | | |
| CVE-2021-23897 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-23899 | OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for craf... | S | |
| CVE-2021-23900 | OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for craft... | S | |
| CVE-2021-23901 | An XML external entity (XXE) injection vulnerability exists in the Nutch DmozParser | S | |
| CVE-2021-23906 | An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicl... | E | |
| CVE-2021-23907 | An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicl... | E | |
| CVE-2021-23908 | An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicl... | E | |
| CVE-2021-23909 | An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles thro... | E | |
| CVE-2021-23910 | An issue was discovered in HERMES 2.1 in the MBUX Infotainment System on Mercedes-Benz vehicles thro... | E | |
| CVE-2021-23921 | An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Passw... | | |
| CVE-2021-23922 | An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-sit... | | |
| CVE-2021-23923 | An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Win... | | |
| CVE-2021-23924 | An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive infor... | | |
| CVE-2021-23925 | An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) v... | | |
| CVE-2021-23926 | XMLBeans XML Entity Expansion | S | |
| CVE-2021-23927 | OX App Suite through 7.10.4 allows SSRF via a URL with an @ character in an appsuite/api/oauth/proxy... | | |
| CVE-2021-23928 | OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string.... | | |
| CVE-2021-23929 | OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML ... | | |
| CVE-2021-23930 | OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile.... | | |
| CVE-2021-23931 | OX App Suite through 7.10.4 allows XSS via an inline binary file.... | | |
| CVE-2021-23932 | OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename.... | | |
| CVE-2021-23933 | OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL.... | | |
| CVE-2021-23934 | OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code.... | | |
| CVE-2021-23935 | OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript ... | | |
| CVE-2021-23936 | OX App Suite through 7.10.4 allows XSS via the subject of a task.... | | |
| CVE-2021-23937 | DNS proxy and possible amplification attack | M | |
| CVE-2021-23938 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23939 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23940 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23941 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23942 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23943 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23944 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23945 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23946 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23947 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23948 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23949 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23950 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23951 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23952 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-23953 | If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cro... | | |
| CVE-2021-23954 | Using the new logical assignment operators in a JavaScript switch statement could have caused a type... | | |
| CVE-2021-23955 | The browser could have been confused into transferring a pointer lock state into another tab, which ... | | |
| CVE-2021-23956 | An ambiguous file picker design could have confused users who intended to select and upload a single... | E S | |
| CVE-2021-23957 | Navigations through the Android-specific `intent` URL scheme could have been misused to escape ifram... | | |
| CVE-2021-23958 | The browser could have been confused into transferring a screen sharing state into another tab, whic... | | |
| CVE-2021-23959 | An XSS bug in internal error pages could have led to various spoofing attacks, including other error... | | |
| CVE-2021-23960 | Performing garbage collection on re-declared JavaScript variables resulted in a user-after-poison, a... | | |
| CVE-2021-23961 | Further techniques that built on the slipstream research combined with a malicious webpage could hav... | | |
| CVE-2021-23962 | Incorrect use of the ' | | |
| CVE-2021-23963 | When sharing geolocation during an active WebRTC share, Firefox could have reset the webRTC sharing ... | | |
| CVE-2021-23964 | Mozilla developers reported memory safety bugs present in Firefox 84 and Firefox ESR 78.6. Some of t... | | |
| CVE-2021-23965 | Mozilla developers reported memory safety bugs present in Firefox 84. Some of these bugs showed evid... | E S | |
| CVE-2021-23968 | If Content Security Policy blocked frame navigation, the full destination of a redirect served in th... | | |
| CVE-2021-23969 | As specified in the W3C Content Security Policy draft, when creating a violation report, "User agent... | | |
| CVE-2021-23970 | Context-specific code was included in a shared jump table; resulting in assertions being triggered i... | | |
| CVE-2021-23971 | When processing a redirect with a conflicting Referrer-Policy, Firefox would have adopted the redire... | | |
| CVE-2021-23972 | One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishin... | | |
| CVE-2021-23973 | When trying to load a cross-origin resource in an audio/video context a decoding error may have resu... | | |
| CVE-2021-23974 | The DOMParser API did not properly process ' | | |
| CVE-2021-23975 | The developer page about:memory has a Measure function for exploring what object types the browser h... | | |
| CVE-2021-23976 | When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests ... | | |
| CVE-2021-23977 | Firefox for Android suffered from a time-of-check-time-of-use vulnerability that allowed a malicious... | | |
| CVE-2021-23978 | Mozilla developers reported memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of t... | | |
| CVE-2021-23979 | Mozilla developers reported memory safety bugs present in Firefox 85. Some of these bugs showed evid... | E | |
| CVE-2021-23980 | A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or ... | E | |
| CVE-2021-23981 | A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buf... | | |
| CVE-2021-23982 | Using techniques that built on the slipstream research, a malicious webpage could have scanned both ... | | |
| CVE-2021-23983 | By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker co... | | |
| CVE-2021-23984 | A malicious extension could have opened a popup window lacking an address bar. The title of the popu... | | |
| CVE-2021-23985 | If an attacker is able to alter specific about:config values (for example malware running on the use... | | |
| CVE-2021-23986 | A malicious extension with the 'search' permission could have installed a new search engine whose fa... | | |
| CVE-2021-23987 | Mozilla developers and community members reported memory safety bugs present in Firefox 86 and Firef... | S | |
| CVE-2021-23988 | Mozilla developers reported memory safety bugs present in Firefox 86. Some of these bugs showed evid... | | |
| CVE-2021-23991 | If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validi... | E | |
| CVE-2021-23992 | Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. ... | | |
| CVE-2021-23993 | An attacker may perform a DoS attack to prevent a user from sending encrypted email to a corresponde... | | |
| CVE-2021-23994 | A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of b... | | |
| CVE-2021-23995 | When Responsive Design Mode was enabled, it used references to objects that were previously freed. W... | | |
| CVE-2021-23996 | By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the web... | | |
| CVE-2021-23997 | Due to unexpected data type conversions, a use-after-free could have occurred when interacting with ... | | |
| CVE-2021-23998 | Through complicated navigations with new windows, an HTTP page could have inherited a secure lock ic... | | |
| CVE-2021-23999 | If a Blob URL was loaded through some unusual user interaction, it could have been loaded by the Sys... | E |