| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-27000 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-27001 | Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible... | | |
| CVE-2021-27002 | NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a... | S | |
| CVE-2021-27003 | Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Fram... | | |
| CVE-2021-27004 | System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a v... | S | |
| CVE-2021-27005 | Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are suscepti... | S | |
| CVE-2021-27006 | StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vul... | | |
| CVE-2021-27007 | NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerabili... | | |
| CVE-2021-27008 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-27009 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-27010 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-27011 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-27012 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-27013 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-27014 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-27015 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-27016 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-27017 | Deserialization of untrusted data | | |
| CVE-2021-27018 | The mechanism which performs certificate validation was discovered to have a flaw that resulted in c... | | |
| CVE-2021-27019 | PuppetDB logging included potentially sensitive system information.... | | |
| CVE-2021-27020 | Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.... | | |
| CVE-2021-27021 | A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows th... | | |
| CVE-2021-27022 | A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results ... | | |
| CVE-2021-27023 | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credential... | | |
| CVE-2021-27024 | A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user wi... | | |
| CVE-2021-27025 | A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be ... | | |
| CVE-2021-27026 | A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters ma... | | |
| CVE-2021-27027 | An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to code ... | | |
| CVE-2021-27028 | A Memory Corruption Vulnerability in Autodesk FBX Review version 1.5.0 and prior may lead to remote ... | | |
| CVE-2021-27029 | The user may be tricked into opening a malicious FBX file which may exploit a Null Pointer Dereferen... | | |
| CVE-2021-27030 | A user may be tricked into opening a malicious FBX file which may exploit a Directory Traversal Remo... | | |
| CVE-2021-27031 | A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerabi... | | |
| CVE-2021-27032 | Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious ... | | |
| CVE-2021-27033 | A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within af... | | |
| CVE-2021-27034 | A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Desi... | | |
| CVE-2021-27035 | A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013,... | S | |
| CVE-2021-27036 | A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the all... | S | |
| CVE-2021-27037 | A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 ca... | | |
| CVE-2021-27038 | A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when... | S | |
| CVE-2021-27039 | A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries ... | | |
| CVE-2021-27040 | A maliciously crafted DWG file can be forced to read beyond allocated boundaries when parsing the DW... | | |
| CVE-2021-27041 | A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG fi... | | |
| CVE-2021-27042 | A maliciously crafted DWG file can be used to write beyond the allocated buffer while parsing DWG fi... | | |
| CVE-2021-27043 | An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to lever... | | |
| CVE-2021-27044 | A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote cod... | S | |
| CVE-2021-27045 | A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read b... | | |
| CVE-2021-27046 | A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may le... | | |
| CVE-2021-27047 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-27048 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-27049 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-27050 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-27051 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-27052 | Microsoft SharePoint Server Information Disclosure Vulnerability | S | |
| CVE-2021-27053 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-27054 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-27055 | Microsoft Visio Security Feature Bypass Vulnerability | S | |
| CVE-2021-27056 | Microsoft PowerPoint Remote Code Execution Vulnerability | S | |
| CVE-2021-27057 | Microsoft Office Remote Code Execution Vulnerability | S | |
| CVE-2021-27058 | Microsoft Office ClickToRun Remote Code Execution Vulnerability | S | |
| CVE-2021-27059 | Microsoft Office Remote Code Execution Vulnerability | KEV S | |
| CVE-2021-27060 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2021-27061 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-27062 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-27063 | Windows DNS Server Denial of Service Vulnerability | S | |
| CVE-2021-27064 | Visual Studio Installer Elevation of Privilege Vulnerability | S | |
| CVE-2021-27065 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | |
| CVE-2021-27066 | Windows Admin Center Security Feature Bypass Vulnerability | S | |
| CVE-2021-27067 | Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | S | |
| CVE-2021-27068 | Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2021-27070 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | S | |
| CVE-2021-27072 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2021-27074 | Azure Sphere Unsigned Code Execution Vulnerability | E S | |
| CVE-2021-27075 | Azure Virtual Machine Information Disclosure Vulnerability | S | |
| CVE-2021-27076 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2021-27077 | Windows Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2021-27078 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2021-27079 | Windows Media Photo Codec Information Disclosure Vulnerability | S | |
| CVE-2021-27080 | Azure Sphere Unsigned Code Execution Vulnerability | E S | |
| CVE-2021-27081 | Visual Studio Code ESLint Extension Remote Code Execution Vulnerability | S | |
| CVE-2021-27082 | Quantum Development Kit for Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2021-27083 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2021-27084 | Visual Studio Code Java Extension Pack Remote Code Execution Vulnerability | S | |
| CVE-2021-27085 | Internet Explorer Remote Code Execution Vulnerability | KEV S | |
| CVE-2021-27086 | Windows Services and Controller App Elevation of Privilege Vulnerability | S | |
| CVE-2021-27088 | Windows Event Tracing Elevation of Privilege Vulnerability | S | |
| CVE-2021-27089 | Microsoft Internet Messaging API Remote Code Execution Vulnerability | S | |
| CVE-2021-27090 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability | S | |
| CVE-2021-27091 | RPC Endpoint Mapper Service Elevation of Privilege Vulnerability | S | |
| CVE-2021-27092 | Azure AD Web Sign-in Security Feature Bypass Vulnerability | S | |
| CVE-2021-27093 | Windows Kernel Information Disclosure Vulnerability | S | |
| CVE-2021-27094 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | E S | |
| CVE-2021-27095 | Windows Media Video Decoder Remote Code Execution Vulnerability | S | |
| CVE-2021-27096 | NTFS Elevation of Privilege Vulnerability | S | |
| CVE-2021-27097 | The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.... | S | |
| CVE-2021-27098 | In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted... | | |
| CVE-2021-27099 | In SPIRE before versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1, the "aws_iid" Node Attestor improp... | S | |
| CVE-2021-27101 | Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a reque... | KEV | |
| CVE-2021-27102 | Accellion FTA 9_12_411 and earlier is affected by OS command execution via a local web service call.... | KEV | |
| CVE-2021-27103 | Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.... | KEV | |
| CVE-2021-27104 | Accellion FTA 9_12_370 and earlier is affected by OS command execution via a crafted POST request to... | KEV | |
| CVE-2021-27112 | LightCMS v1.3.5 contains a remote code execution vulnerability in /app/Http/Controllers/Admin/NEdito... | E | |
| CVE-2021-27113 | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in ... | E | |
| CVE-2021-27114 | An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /g... | E | |
| CVE-2021-27116 | An issue was discovered in file profile.go in function MemProf in beego through 2.0.2, allows attack... | E | |
| CVE-2021-27117 | An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows ... | E | |
| CVE-2021-27124 | SQL injection in the expertise parameter in search_result.php in Doctor Appointment System v1.0 allo... | E | |
| CVE-2021-27129 | CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability th... | E | |
| CVE-2021-27130 | Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, whi... | E | |
| CVE-2021-27131 | Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper inpu... | E | |
| CVE-2021-27132 | SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the d... | E | |
| CVE-2021-27135 | xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of servi... | S | |
| CVE-2021-27138 | The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.... | S | |
| CVE-2021-27139 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to extract infor... | E | |
| CVE-2021-27140 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to find password... | E | |
| CVE-2021-27141 | An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig... | E | |
| CVE-2021-27142 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over... | E | |
| CVE-2021-27143 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27144 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27145 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27146 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27147 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27148 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27149 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27150 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27151 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27152 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27153 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27154 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27155 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27156 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credent... | E | |
| CVE-2021-27157 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27158 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27159 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27160 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27161 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27162 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27163 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27164 | An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the har... | E | |
| CVE-2021-27165 | An issue was discovered on FiberHome HG6245D devices through RP2613. The telnet daemon on port 23/tc... | E | |
| CVE-2021-27166 | An issue was discovered on FiberHome HG6245D devices through RP2613. The password for the enable com... | E | |
| CVE-2021-27167 | An issue was discovered on FiberHome HG6245D devices through RP2613. There is a password of four hex... | E | |
| CVE-2021-27168 | An issue was discovered on FiberHome HG6245D devices through RP2613. There is a 6GFJdY4aAuUKJjdtSn7d... | E | |
| CVE-2021-27169 | An issue was discovered on FiberHome AN5506-04-FA devices with firmware RP2631. There is a gepon pas... | E | |
| CVE-2021-27170 | An issue was discovered on FiberHome HG6245D devices through RP2613. By default, there are no firewa... | E | |
| CVE-2021-27171 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to start a Linux... | E | |
| CVE-2021-27172 | An issue was discovered on FiberHome HG6245D devices through RP2613. A hardcoded GEPON password for ... | E | |
| CVE-2021-27173 | An issue was discovered on FiberHome HG6245D devices through RP2613. There is a telnet?enable=0&key=... | E | |
| CVE-2021-27174 | An issue was discovered on FiberHome HG6245D devices through RP2613. wifi_custom.cfg has cleartext p... | E | |
| CVE-2021-27175 | An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_2g.cfg has cleartext pa... | E | |
| CVE-2021-27176 | An issue was discovered on FiberHome HG6245D devices through RP2613. wifictl_5g.cfg has cleartext pa... | E | |
| CVE-2021-27177 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authen... | E | |
| CVE-2021-27178 | An issue was discovered on FiberHome HG6245D devices through RP2613. Some passwords are stored in cl... | E | |
| CVE-2021-27179 | An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the tel... | E | |
| CVE-2021-27180 | An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient... | E S | |
| CVE-2021-27181 | An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perfor... | E | |
| CVE-2021-27182 | An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webm... | E | |
| CVE-2021-27183 | An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to ex... | E | |
| CVE-2021-27184 | Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability (exploitable via ... | E | |
| CVE-2021-27185 | The samba-client package before 4.0.0 for Node.js allows command injection because of the use of pro... | E S | |
| CVE-2021-27186 | Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by... | E S | |
| CVE-2021-27187 | The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credential... | | |
| CVE-2021-27188 | The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a deni... | | |
| CVE-2021-27189 | The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation.... | S | |
| CVE-2021-27190 | A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, wh... | E S | |
| CVE-2021-27191 | The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service (DoS) if the ra... | E S | |
| CVE-2021-27192 | Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including ... | | |
| CVE-2021-27193 | Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1... | | |
| CVE-2021-27194 | Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows... | | |
| CVE-2021-27195 | Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an atta... | | |
| CVE-2021-27196 | Specially Crafted IEC 61850 Protocol Sequence Vulnerability | S | |
| CVE-2021-27197 | DSUtility.dll in Pelco Digital Sentry Server before 7.19.67 has an arbitrary file write vulnerabilit... | E | |
| CVE-2021-27198 | An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code... | | |
| CVE-2021-27200 | In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorith... | E | |
| CVE-2021-27201 | Endian Firewall Community (aka EFW) 3.3.2 allows remote authenticated users to execute arbitrary OS ... | E | |
| CVE-2021-27203 | In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITH... | E | |
| CVE-2021-27204 | Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to info... | E | |
| CVE-2021-27205 | Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a ... | E | |
| CVE-2021-27208 | When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not vali... | | |
| CVE-2021-27209 | In the management interface on TP-Link Archer C5v 1.7_181221 devices, credentials are sent in a base... | E | |
| CVE-2021-27210 | TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via ... | E | |
| CVE-2021-27211 | steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect ... | | |
| CVE-2021-27212 | In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in ... | E S | |
| CVE-2021-27213 | config.py in pystemon before 2021-02-13 allows code execution via YAML deserialization because SafeL... | E S | |
| CVE-2021-27214 | A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine... | E | |
| CVE-2021-27215 | An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 1... | E S | |
| CVE-2021-27216 | Exim 4 before 4.94.2 has Execution with Unnecessary Privileges. By leveraging a delete_pid_file race... | E | |
| CVE-2021-27217 | An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. Th... | E | |
| CVE-2021-27218 | An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_ta... | S | |
| CVE-2021-27219 | An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_n... | E | |
| CVE-2021-27220 | An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot func... | | |
| CVE-2021-27221 | MikroTik RouterOS 6.47.9 allows remote authenticated ftp users to create or overwrite arbitrary .rsc... | E | |
| CVE-2021-27222 | In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored ... | | |
| CVE-2021-27223 | A denial-of-service issue existed in one of modules that was incorporated in Kaspersky Anti-Virus pr... | | |
| CVE-2021-27224 | The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a user-mode write access violation starting at ... | E | |
| CVE-2021-27225 | In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows... | | |
| CVE-2021-27228 | An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control... | S | |
| CVE-2021-27229 | Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server ... | S | |
| CVE-2021-27230 | ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticate... | E | |
| CVE-2021-27231 | Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authe... | E | |
| CVE-2021-27232 | The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConn... | E | |
| CVE-2021-27233 | An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web appli... | | |
| CVE-2021-27234 | An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL... | | |
| CVE-2021-27235 | An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web appli... | | |
| CVE-2021-27236 | An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. getfile.asp allows Unauthenticated L... | | |
| CVE-2021-27237 | The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to ... | E S | |
| CVE-2021-27239 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2021-27240 | This vulnerability allows local attackers to escalate privileges on affected installations of SolarW... | | |
| CVE-2021-27241 | This vulnerability allows local attackers to delete arbitrary directories on affected installations ... | | |
| CVE-2021-27242 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2021-27243 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2021-27244 | This vulnerability allows local attackers to disclose sensitive information on affected installation... | | |
| CVE-2021-27245 | This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to ... | | |
| CVE-2021-27246 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | | |
| CVE-2021-27247 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-27248 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2021-27249 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2021-27250 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i... | S | |
| CVE-2021-27251 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2021-27252 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2021-27253 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2021-27254 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | S | |
| CVE-2021-27255 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NE... | S | |
| CVE-2021-27256 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat... | S | |
| CVE-2021-27257 | This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded infor... | S | |
| CVE-2021-27258 | This vulnerability allows remote attackers to execute escalate privileges on affected installations ... | | |
| CVE-2021-27259 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2021-27260 | This vulnerability allows local attackers to disclose sensitive information on affected installation... | | |
| CVE-2021-27261 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2021-27262 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-27263 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-27264 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-27265 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-27266 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-27267 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2021-27268 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2021-27269 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2021-27270 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2021-27271 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2021-27272 | This vulnerability allows remote attackers to delete arbitrary files on affected installations of NE... | | |
| CVE-2021-27273 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NE... | | |
| CVE-2021-27274 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of NE... | | |
| CVE-2021-27275 | This vulnerability allows remote attackers to disclose sensitive information and delete arbitrary fi... | | |
| CVE-2021-27276 | This vulnerability allows remote attackers to delete arbitrary files on affected installations of NE... | | |
| CVE-2021-27277 | This vulnerability allows local attackers to escalate privileges on affected installations of SolarW... | | |
| CVE-2021-27278 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2021-27279 | MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode).... | E S | |
| CVE-2021-27280 | OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via cra... | E | |
| CVE-2021-27285 | An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local p... | | |
| CVE-2021-27288 | Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive inform... | E | |
| CVE-2021-27289 | A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee... | | |
| CVE-2021-27290 | ssri 5.2.2-8.0.0, fixed in 8.0.1, processes SRIs using a regular expression which is vulnerable to a... | E S | |
| CVE-2021-27291 | In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on reg... | E S | |
| CVE-2021-27292 | ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of ... | E S | |
| CVE-2021-27293 | RestSharp < 106.11.8-alpha.0.13 uses a regular expression which is vulnerable to Regular Expression ... | E S | |
| CVE-2021-27294 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-27306 | An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows u... | | |
| CVE-2021-27308 | A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows re... | E | |
| CVE-2021-27309 | Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.... | E | |
| CVE-2021-27310 | Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.... | E | |
| CVE-2021-27312 | Server Side Request Forgery (SSRF) vulnerability in Gleez Cms 1.2.0, allows remote attackers to exec... | E | |
| CVE-2021-27314 | SQL injection in admin.php in doctor appointment system 1.0 allows an unauthenticated attacker to in... | E | |
| CVE-2021-27315 | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated atta... | E | |
| CVE-2021-27316 | Blind SQL injection in contactus.php in doctor appointment system 1.0 allows an unauthenticated atta... | E | |
| CVE-2021-27317 | Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows re... | E | |
| CVE-2021-27318 | Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows re... | E | |
| CVE-2021-27319 | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated atta... | E | |
| CVE-2021-27320 | Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated atta... | E | |
| CVE-2021-27328 | Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user ca... | E | |
| CVE-2021-27329 | Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary do... | E | |
| CVE-2021-27330 | Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php.... | E | |
| CVE-2021-27332 | Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 a... | E | |
| CVE-2021-27335 | KollectApps before 4.8.16c is affected by insecure Java deserialization, leading to Remote Code Exec... | E | |
| CVE-2021-27338 | Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter.... | | |
| CVE-2021-27340 | OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.... | S | |
| CVE-2021-27341 | OpenSIS Community Edition version <= 7.6 is affected by a local file inclusion vulnerability in Down... | S | |
| CVE-2021-27342 | An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 ... | E | |
| CVE-2021-27343 | SerenityOS Unspecified is affected by: Buffer Overflow. The impact is: obtain sensitive information ... | S | |
| CVE-2021-27345 | A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows att... | E S | |
| CVE-2021-27347 | Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause ... | E S | |
| CVE-2021-27349 | Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-20... | | |
| CVE-2021-27351 | The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4... | | |
| CVE-2021-27352 | An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an a... | E | |
| CVE-2021-27357 | RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_contr... | | |
| CVE-2021-27358 | The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to... | | |
| CVE-2021-27362 | The WPG plugin before 3.1.0.0 for IrfanView 4.57 has a Read Access Violation on Control Flow startin... | E | |
| CVE-2021-27363 | An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to det... | E S | |
| CVE-2021-27364 | An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is a... | E S | |
| CVE-2021-27365 | An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not hav... | E S | |
| CVE-2021-27367 | Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt b... | S | |
| CVE-2021-27368 | The Contact page in Monica 2.19.1 allows stored XSS via the First Name field.... | E | |
| CVE-2021-27369 | The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field.... | E | |
| CVE-2021-27370 | The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field.... | E | |
| CVE-2021-27371 | The Contact page in Monica 2.19.1 allows stored XSS via the Description field.... | E | |
| CVE-2021-27372 | Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly ga... | | |
| CVE-2021-27374 | VertiGIS WebOffice 10.7 SP1 before patch20210202 and 10.8 SP1 before patch20210207 allows attackers ... | | |
| CVE-2021-27375 | Traefik before 2.4.5 allows the loading of IFRAME elements from other domains.... | S | |
| CVE-2021-27376 | An issue was discovered in the nb-connect crate before 1.0.3 for Rust. It may have invalid memory ac... | E | |
| CVE-2021-27377 | An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patte... | E | |
| CVE-2021-27378 | An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read... | | |
| CVE-2021-27379 | An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unin... | S | |
| CVE-2021-27380 | A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2... | S | |
| CVE-2021-27381 | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2... | | |
| CVE-2021-27382 | A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2... | | |
| CVE-2021-27383 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPL... | | |
| CVE-2021-27384 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPL... | S | |
| CVE-2021-27385 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPL... | | |
| CVE-2021-27386 | A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPL... | | |
| CVE-2021-27387 | A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcente... | S | |
| CVE-2021-27388 | SINAMICS medium voltage routable products are affected by a vulnerability in the Sm@rtServer compone... | | |
| CVE-2021-27389 | A vulnerability has been identified in Opcenter Quality (All versions < V12.2), QMS Automotive (All ... | | |
| CVE-2021-27390 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.3), Teamcenter Visualization (A... | S | |
| CVE-2021-27391 | A vulnerability has been identified in APOGEE MBC (PPC) (P2 Ethernet) (All versions >= V2.6.3), APOG... | S | |
| CVE-2021-27392 | A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance ... | | |
| CVE-2021-27393 | A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versio... | | |
| CVE-2021-27394 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19),... | | |
| CVE-2021-27395 | A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SI... | | |
| CVE-2021-27396 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The Pla... | | |
| CVE-2021-27397 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The Pla... | | |
| CVE-2021-27398 | A vulnerability has been identified in Tecnomatix Plant Simulation (All versions < V16.0.5). The Pla... | | |
| CVE-2021-27399 | A vulnerability has been identified in Simcenter Femap 2020.2 (All versions < V2020.2.MP3), Simcente... | S | |
| CVE-2021-27400 | HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets en... | | |
| CVE-2021-27401 | The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access ... | | |
| CVE-2021-27402 | The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to acc... | | |
| CVE-2021-27403 | Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWeb... | E | |
| CVE-2021-27404 | Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.... | E | |
| CVE-2021-27405 | A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser packag... | S | |
| CVE-2021-27406 | PerFact OpenVPN-Client | S | |
| CVE-2021-27408 | The affected product is vulnerable to an out-of-bounds read, which can cause information leakage lea... | M | |
| CVE-2021-27410 | The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data... | M | |
| CVE-2021-27411 | Micrium OS Integer Overflow or Wraparound | S | |
| CVE-2021-27412 | Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, whic... | | |
| CVE-2021-27413 | Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerabl... | | |
| CVE-2021-27414 | User interface misrepresentation of critical information in Hitachi ABB Power Grids Ellipse EAM | S | |
| CVE-2021-27416 | Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM | S | |
| CVE-2021-27417 | eCosCentric eCosPro RTOS Integer Overflow or Wraparound | S | |
| CVE-2021-27418 | GE UR family input validation | S | |
| CVE-2021-27419 | uClibc-ng Integer Overflow or Wraparound | S | |
| CVE-2021-27420 | GE UR family input validation | S | |
| CVE-2021-27421 | NXP MCUXpresso SDK Integer Overflow or Wraparound | S | |
| CVE-2021-27422 | GE UR family exposure of sensitive information to an unauthorized actor | S | |
| CVE-2021-27424 | GE UR family exposure of sensitive information to an unauthorized actor | S | |
| CVE-2021-27425 | Cesanta Software Mongoose-OS Integer Overflow or Wraparound | S | |
| CVE-2021-27426 | GE UR family insecure default variable initialization | S | |
| CVE-2021-27427 | RIOT OS Integer Overflow or Wraparound | S | |
| CVE-2021-27428 | GE UR family Unrestricted Upload of File with Dangerous Type | S | |
| CVE-2021-27429 | Texas Instruments TI-RTOS Integer Overflow or Wraparound | S | |
| CVE-2021-27430 | GE UR family hardcoded credentials | S | |
| CVE-2021-27431 | ARM CMSIS RTOS2 Integer Overflow or Wraparound | S | |
| CVE-2021-27432 | OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable t... | | |
| CVE-2021-27433 | ARM mbed-ualloc memory library Integer Overflow or Wraparound | S | |
| CVE-2021-27434 | Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and pri... | | |
| CVE-2021-27435 | ARM mbed Integer Overflow or Wraparound | E S | |
| CVE-2021-27436 | WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an att... | | |
| CVE-2021-27437 | The affected product allows attackers to obtain sensitive information from the WISE-PaaS dashboard. ... | | |
| CVE-2021-27438 | The software contains a hard-coded password it uses for its own inbound authentication or for outbou... | | |
| CVE-2021-27439 | TencentOS-tiny Integer Overflow or Wraparound | S | |
| CVE-2021-27440 | The software contains a hard-coded password it uses for its own inbound authentication or for outbou... | | |
| CVE-2021-27442 | Weintek EasyWeb cMT Cross-site Scripting | S | |
| CVE-2021-27444 | Weintek EasyWeb cMT Improper Access Control | S | |
| CVE-2021-27445 | Mesa Labs AmegaView Improper Privilege Management | M | |
| CVE-2021-27446 | Weintek EasyWeb cMT Code Injection | S | |
| CVE-2021-27447 | Mesa Labs AmegaView command injection | M | |
| CVE-2021-27448 | A miscommunication in the file system allows adversaries with access to the MU320E to escalate privi... | | |
| CVE-2021-27449 | Mesa Labs AmegaView Command Injection | M | |
| CVE-2021-27450 | SSH server configuration file does not implement some best practices. This could lead to a weakening... | | |
| CVE-2021-27451 | Mesa Labs AmegaView improper authentication | M | |
| CVE-2021-27452 | The software contains a hard-coded password that could allow an attacker to take control of the merg... | | |
| CVE-2021-27453 | Mesa Labs AmegaView authentication bypass | M | |
| CVE-2021-27454 | The software performs an operation at a privilege level higher than the minimum level required, whic... | | |
| CVE-2021-27455 | Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while... | | |
| CVE-2021-27456 | Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control | M | |
| CVE-2021-27457 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The... | | |
| CVE-2021-27458 | If Ethernet communication of the JTEKT Corporation TOYOPUC product series’ (TOYOPUC-PC10 Series: PC1... | | |
| CVE-2021-27459 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The... | | |
| CVE-2021-27460 | Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data | S | |
| CVE-2021-27461 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The... | | |
| CVE-2021-27462 | Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data | S | |
| CVE-2021-27463 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The... | | |
| CVE-2021-27464 | Rockwell Automation FactoryTalk AssetCentre SQL Injection | S | |
| CVE-2021-27465 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The... | | |
| CVE-2021-27466 | Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data | S | |
| CVE-2021-27467 | A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The... | | |
| CVE-2021-27468 | Rockwell Automation FactoryTalk AssetCentre SQL Injection | S | |
| CVE-2021-27470 | Rockwell Automation FactoryTalk AssetCentre Deserialization of Untrusted Data | S | |
| CVE-2021-27471 | Rockwell Automation Connected Components Workbench Path Traversal | S | |
| CVE-2021-27472 | Rockwell Automation FactoryTalk AssetCentre SQL Injection | S | |
| CVE-2021-27473 | Rockwell Automation Connected Components Workbench Improper Input Validation | S | |
| CVE-2021-27474 | Rockwell Automation FactoryTalk AssetCentre Use of Potentially Dangerous Function | S | |
| CVE-2021-27475 | Rockwell Automation Connected Components Workbench Deserialization of Untrusted Data | S | |
| CVE-2021-27476 | Rockwell Automation FactoryTalk AssetCentre OS Command Injection | S | |
| CVE-2021-27477 | When JTEKT Corporation TOYOPUC PLC versions PC10G-CPU, 2PORT-EFR, Plus CPU, Plus EX, Plus EX2, Plus ... | | |
| CVE-2021-27478 | EIPStackGroup OpENer Ethernet/IP Incorrect Conversion between Numeric Types | S | |
| CVE-2021-27479 | ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a lo... | | |
| CVE-2021-27480 | Delta Industrial Automation COMMGR Versions 1.12 and prior are vulnerable to a stack-based buffer ov... | | |
| CVE-2021-27481 | ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the... | | |
| CVE-2021-27482 | EIPStackGroup OpENer Ethernet/IP Out-of-bounds Read | S | |
| CVE-2021-27483 | ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permi... | | |
| CVE-2021-27485 | ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords i... | | |
| CVE-2021-27486 | FATEK Automation WinProladder Versions 3.30 and prior is vulnerable to an integer underflow, which m... | | |
| CVE-2021-27487 | ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in pl... | M | |
| CVE-2021-27488 | Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modu... | | |
| CVE-2021-27489 | ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user t... | M | |
| CVE-2021-27490 | Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modu... | | |
| CVE-2021-27491 | Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Yps... | | |
| CVE-2021-27492 | When opening a specially crafted 3DXML file, the application containing Datakit Software libraries C... | | |
| CVE-2021-27493 | Philips Vue PACS | S | |
| CVE-2021-27494 | Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modu... | | |
| CVE-2021-27495 | Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Yps... | | |
| CVE-2021-27496 | Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modu... | | |
| CVE-2021-27497 | Philips Vue PACS Protection Mechanism Failure | S | |
| CVE-2021-27498 | EIPStackGroup OpENer Ethernet/IP Reachable Assertion | S | |
| CVE-2021-27499 | Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, ... | | |
| CVE-2021-27500 | EIPStackGroup OpENer Ethernet/IP Reachable Assertion | S | |
| CVE-2021-27501 | Philips Vue PACS Improper Adherence to Coding Standards | S | |
| CVE-2021-27502 | Texas Instruments TI-RTOS Integer Overflow or Wraparound | S | |
| CVE-2021-27503 | Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, ... | | |
| CVE-2021-27504 | Texas Instruments FREERTOS Integer Overflow or Wraparound | S | |
| CVE-2021-27505 | mySCADA myPRO Exposure of Information Through Directory Listing | S | |
| CVE-2021-27506 | The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (S... | | |
| CVE-2021-27509 | In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated w... | | |
| CVE-2021-27513 | The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary ... | E S | |
| CVE-2021-27514 | EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might be l... | E S | |
| CVE-2021-27515 | url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI a... | E S | |
| CVE-2021-27516 | URI.js (aka urijs) before 1.19.6 mishandles certain uses of backslash such as http:\/ and interprets... | E S | |
| CVE-2021-27517 | Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the ... | S | |
| CVE-2021-27519 | A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript vi... | E S | |
| CVE-2021-27520 | A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript vi... | E S | |
| CVE-2021-27522 | Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx throug... | E | |
| CVE-2021-27523 | An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, mod... | E | |
| CVE-2021-27524 | Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attacke... | E | |
| CVE-2021-27526 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject ... | E | |
| CVE-2021-27527 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject ... | E | |
| CVE-2021-27528 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject ... | E | |
| CVE-2021-27529 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject ... | E | |
| CVE-2021-27530 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject ja... | E | |
| CVE-2021-27531 | A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject ... | E | |
| CVE-2021-27544 | Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Manageme... | E | |
| CVE-2021-27545 | SQL Injection in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.... | E | |
| CVE-2021-27548 | There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScann... | E | |
| CVE-2021-27549 | Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by defau... | E | |
| CVE-2021-27550 | Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dl... | E | |
| CVE-2021-27556 | The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execut... | E | |
| CVE-2021-27557 | A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allo... | E | |
| CVE-2021-27558 | A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbi... | E | |
| CVE-2021-27559 | The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field.... | E | |
| CVE-2021-27561 | Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall... | KEV | |
| CVE-2021-27562 | In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secur... | KEV | |
| CVE-2021-27564 | A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload... | E | |
| CVE-2021-27565 | The web server in InterNiche NicheStack through 4.0.1 allows remote attackers to cause a denial of s... | M | |
| CVE-2021-27568 | An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. A... | E S | |
| CVE-2021-27569 | An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize th... | E | |
| CVE-2021-27570 | An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running process... | E | |
| CVE-2021-27571 | An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently used ... | E | |
| CVE-2021-27572 | An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via P... | E | |
| CVE-2021-27573 | An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can exec... | E | |
| CVE-2021-27574 | An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check, and ... | E | |
| CVE-2021-27576 | Apache OpenMeetings: bandwidth can be overloaded with public web service | | |
| CVE-2021-27577 | Incorrect handling of url fragment leads to cache poisoning | | |
| CVE-2021-27578 | Cross Site Scripting in markdown interpreter | | |
| CVE-2021-27579 | Snow Inventory Agent through 6.7.0 on Windows uses CPUID to report on processor types and versions t... | | |
| CVE-2021-27581 | The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.... | | |
| CVE-2021-27582 | org/mitre/oauth2/web/OAuthConfirmationController.java in the OpenID Connect server implementation fo... | E S | |
| CVE-2021-27583 | In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database th... | E | |
| CVE-2021-27584 | When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources... | | |
| CVE-2021-27585 | When a user opens manipulated Computer Graphics Metafile (.CGM) format files received from untrusted... | | |
| CVE-2021-27586 | When a user opens manipulated Interchange File Format (.IFF) format files received from untrusted so... | | |
| CVE-2021-27587 | When a user opens manipulated Jupiter Tessellation (.JT) format files received from untrusted source... | | |
| CVE-2021-27588 | When a user opens manipulated HPGL format files received from untrusted sources in SAP 3D Visual Ent... | | |
| CVE-2021-27589 | When a user opens manipulated Scalable Vector Graphics (.SVG) format files received from untrusted s... | | |
| CVE-2021-27590 | When a user opens manipulated Tag Image File Format (.TIFF) format files received from untrusted sou... | | |
| CVE-2021-27591 | When a user opens manipulated Portable Document Format (.PDF) format files received from untrusted s... | | |
| CVE-2021-27592 | When a user opens manipulated Universal 3D (.U3D) files received from untrusted sources in SAP 3D Vi... | | |
| CVE-2021-27593 | When a user opens manipulated Graphics Interchange Format (.GIF) files received from untrusted sourc... | | |
| CVE-2021-27594 | When a user opens manipulated Windows Bitmap (.BMP) files received from untrusted sources in SAP 3D ... | | |
| CVE-2021-27595 | When a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources ... | | |
| CVE-2021-27596 | When a user opens manipulated Autodesk 3D Studio for MS-DOS (.3DS) files received from untrusted sou... | | |
| CVE-2021-27597 | SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22E... | | |
| CVE-2021-27598 | SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an ... | | |
| CVE-2021-27599 | SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), v... | | |
| CVE-2021-27600 | SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized ... | | |
| CVE-2021-27601 | SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacke... | | |
| CVE-2021-27602 | SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authori... | | |
| CVE-2021-27603 | An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, a... | | |
| CVE-2021-27604 | In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform... | | |
| CVE-2021-27605 | SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization chec... | | |
| CVE-2021-27606 | SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, K... | | |
| CVE-2021-27607 | SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL3... | | |
| CVE-2021-27608 | An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the i... | | |
| CVE-2021-27609 | SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authentica... | | |
| CVE-2021-27610 | SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753,... | | |
| CVE-2021-27611 | SAP NetWeaver AS ABAP, versions - 700, 701, 702, 730, 731, allow a high privileged attacker to injec... | | |
| CVE-2021-27612 | In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user t... | | |
| CVE-2021-27613 | Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install ... | | |
| CVE-2021-27614 | SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP ... | | |
| CVE-2021-27615 | SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security ... | | |
| CVE-2021-27616 | Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, ... | | |
| CVE-2021-27617 | The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31... | | |
| CVE-2021-27618 | The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31... | | |
| CVE-2021-27619 | SAP Commerce (Backoffice Search), versions - 1808, 1811, 1905, 2005, 2011, allows a low privileged u... | | |
| CVE-2021-27620 | SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated... | | |
| CVE-2021-27621 | Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server fo... | | |
| CVE-2021-27622 | SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated... | | |
| CVE-2021-27623 | SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated... | | |
| CVE-2021-27624 | SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated... | | |
| CVE-2021-27625 | SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated... | | |
| CVE-2021-27626 | SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated... | | |
| CVE-2021-27627 | SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated... | | |
| CVE-2021-27628 | SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL3... | | |
| CVE-2021-27629 | SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, K... | | |
| CVE-2021-27630 | SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, K... | | |
| CVE-2021-27631 | SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, K... | | |
| CVE-2021-27632 | SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, K... | | |
| CVE-2021-27633 | SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22E... | | |
| CVE-2021-27634 | SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22E... | | |
| CVE-2021-27635 | SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated... | S | |
| CVE-2021-27637 | Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.... | | |
| CVE-2021-27638 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received fro... | | |
| CVE-2021-27639 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received fro... | | |
| CVE-2021-27640 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received fr... | | |
| CVE-2021-27641 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received fr... | | |
| CVE-2021-27642 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr... | | |
| CVE-2021-27643 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received fr... | | |
| CVE-2021-27644 | DolphinScheduler mysql jdbc connector parameters deserialize remote code execution | | |
| CVE-2021-27645 | The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, wh... | S | |
| CVE-2021-27646 | Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) befor... | | |
| CVE-2021-27647 | Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) b... | | |
| CVE-2021-27648 | Externally controlled reference to a resource in another sphere in quarantine functionality in Synol... | | |
| CVE-2021-27649 | Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DS... | | |
| CVE-2021-27650 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-27651 | In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local account... | | |
| CVE-2021-27653 | Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to u... | E | |
| CVE-2021-27654 | Forgotten password reset functionality for local accounts can be used to bypass local authentication... | | |
| CVE-2021-27656 | exacqVision Web Services - Information Exposure | S | |
| CVE-2021-27657 | Metasys Improper Privilege Management | S | |
| CVE-2021-27658 | exacqVision Enterprise Manager CSS | S | |
| CVE-2021-27659 | exacqVision Web Service CSS | S | |
| CVE-2021-27660 | C-CURE 9000 | S | |
| CVE-2021-27661 | Facility Explorer | S | |
| CVE-2021-27662 | KT-1 Capture-replay | S | |
| CVE-2021-27663 | CEM Systems AC2000 | S | |
| CVE-2021-27664 | exacqVision Web Service | S | |
| CVE-2021-27665 | exacqVision Server 32-bit | S | |
| CVE-2021-27668 | HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR secondar... | | |
| CVE-2021-27670 | Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.... | E | |
| CVE-2021-27671 | An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protect... | | |
| CVE-2021-27672 | SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allow... | E | |
| CVE-2021-27673 | Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.... | E | |
| CVE-2021-27676 | Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_descript... | S | |
| CVE-2021-27677 | Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers t... | E | |
| CVE-2021-27678 | Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to... | E | |
| CVE-2021-27679 | Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers ... | E | |
| CVE-2021-27691 | Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876... | | |
| CVE-2021-27692 | Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0... | | |
| CVE-2021-27693 | Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/adm... | E S | |
| CVE-2021-27695 | Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attac... | E | |
| CVE-2021-27697 | RIOT-OS 2021.01 contains a buffer overflow vulnerability in sys/net/gnrc/routing/rpl/gnrc_rpl_valida... | | |
| CVE-2021-27698 | RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_contr... | | |
| CVE-2021-27700 | SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized cus... | | |
| CVE-2021-27701 | SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wif... | | |
| CVE-2021-27702 | Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic ... | | |
| CVE-2021-27703 | Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware u... | | |
| CVE-2021-27704 | Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset pa... | | |
| CVE-2021-27705 | Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attacker... | E | |
| CVE-2021-27706 | Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote ... | E | |
| CVE-2021-27707 | Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attacker... | E | |
| CVE-2021-27708 | Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R... | E | |
| CVE-2021-27710 | Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R... | E | |
| CVE-2021-27715 | An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypa... | | |
| CVE-2021-27722 | An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering ... | | |
| CVE-2021-27723 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-27730 | Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to a... | | |
| CVE-2021-27731 | Accellion FTA 9_12_432 and earlier is affected by stored XSS via a crafted POST request to a user en... | | |
| CVE-2021-27733 | In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment.... | | |
| CVE-2021-27734 | Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 al... | | |
| CVE-2021-27736 | FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequ... | E S | |
| CVE-2021-27737 | Apache Traffic Server 9.0.0 is vulnerable to a remote DOS attack on the experimental Slicer plugin.... | | |
| CVE-2021-27738 | Improper Access Control to Streaming Coordinator & SSRF | M | |
| CVE-2021-27741 | " Security vulnerability in HCL Commerce Management Center allowing XML external entity (XXE) inject... | | |
| CVE-2021-27746 | "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"... | | |
| CVE-2021-27751 | HCL Commerce is affected by an Insufficient Session Expiration vulnerability. | | |
| CVE-2021-27753 | "Sametime Android PathTraversal Vulnerability"... | | |
| CVE-2021-27755 | "Sametime Android potential path traversal vulnerability when using File class"... | | |
| CVE-2021-27756 | "TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure cip... | M | |
| CVE-2021-27757 | " Insecure password storage issue.The application stores sensitive information in cleartext within a... | S | |
| CVE-2021-27758 | There is a security vulnerability in login form related to Cross-site Request Forgery which prevents... | M | |
| CVE-2021-27759 | This vulnerability arises because the application allows the user to perform some sensitive action w... | M | |
| CVE-2021-27760 | HCL Notes 11.0 - 11.0.1 FP4 Sametime Embedded chat clients are vulnerable to group chats loading script on restart | | |
| CVE-2021-27761 | HCL BigFix Platform is affected by weak web transport security | | |
| CVE-2021-27762 | HCL BigFix Platform is affected by misconfigured security-related HTTP headers | | |
| CVE-2021-27764 | HCL BigFix WebUI Cookie missing attributes | | |
| CVE-2021-27765 | HCL BigFix Platform Server API is affected by Privilege Escalation Vulnerability | E | |
| CVE-2021-27766 | HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability | | |
| CVE-2021-27767 | HCL BigFix Platform Console is affected by a Privilege Escalation Vulnerability | | |
| CVE-2021-27768 | An SSL certificate host verification vulnerability affects HCL Verse for Android | | |
| CVE-2021-27769 | HCL Sametime is vulnerable to an information disclosure | | |
| CVE-2021-27770 | HCL Sametime is vulnerable to arbitrary HTTP requests | | |
| CVE-2021-27771 | HCL Sametime is susceptible a file transfer service vulnerability | | |
| CVE-2021-27772 | HCL Sametime is vulnerable to an information disclosure | | |
| CVE-2021-27773 | HCL Sametime is vulnerable to clickjacking | | |
| CVE-2021-27774 | An injection vulnerability affects HCL Digital Experience | | |
| CVE-2021-27777 | HCL Unica Platform is vulnerable to XML External Entity (XXE) injection | | |
| CVE-2021-27778 | HCL Traveler is susceptible to a cross-site scripting vulnerability which could allow an attacker to execute a malicious script to access sensitive information. | | |
| CVE-2021-27779 | A Security Misconfiguration vulnerability affects HCL VersionVault Express | | |
| CVE-2021-27780 | HCL BigFix Mobile / Modern Client Management is vulnerable to unauthenticated XML interaction | | |
| CVE-2021-27781 | HCL BigFix Mobile / Modern Client Management is vulnerable to stored cross-site scripting | | |
| CVE-2021-27782 | HCL BigFix Mobile / Modern Client Management Server passwords are susceptible to a brute-force attack | | |
| CVE-2021-27783 | HCL BigFix Mobile / Modern Client Management is vulnerable to sensitive information exposure | | |
| CVE-2021-27784 | HCL Launch container images may contain non-unique https certificates and database encryption key | | |
| CVE-2021-27785 | HCL Commerce could allow a local attacker to obtain sensitive personal information (CVE-2021-27785) | | |
| CVE-2021-27786 | HCL OneTest Server is vulnerable to Cross Origin Resource Sharing: Arbitrary Origin Trusted | | |
| CVE-2021-27788 | HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability | | |
| CVE-2021-27789 | The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a conta... | | |
| CVE-2021-27790 | The command ipfilter in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0_CBN4... | | |
| CVE-2021-27791 | The function that is used to parse the Authentication header in Brocade Fabric OS Web application se... | | |
| CVE-2021-27792 | The request handling functions in web management interface of Brocade Fabric OS versions before v9.0... | | |
| CVE-2021-27793 | ntermittent authorization failure in aaa tacacs+ with Brocade Fabric OS versions before Brocade Fabr... | | |
| CVE-2021-27794 | A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric ... | | |
| CVE-2021-27795 | License forgery in Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, | | |
| CVE-2021-27796 | A vulnerability in Brocade Fabric OS versions before Brocade Fabric OS v8.0.1b, v7.4.1d could allow ... | | |
| CVE-2021-27797 | Brocade Fabric OS before Brocade Fabric OS v8.2.1c, v8.1.2h, and all versions of Brocade Fabric OS v... | | |
| CVE-2021-27798 | privileged directory transversal.in Brocade Fabric OS versions 7.4.1.x and 7.3.x | | |
| CVE-2021-27799 | ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer over... | E S | |
| CVE-2021-27802 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-24177. Reason: This candidat... | R | |
| CVE-2021-27803 | A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-F... | S | |
| CVE-2021-27804 | JPEG XL (aka jpeg-xl) through 0.3.2 allows writable memory corruption.... | | |
| CVE-2021-27807 | A carefully crafted PDF file can trigger an infinite loop while loading the file | S | |
| CVE-2021-27811 | A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An at... | E | |
| CVE-2021-27815 | NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in ... | E S | |
| CVE-2021-27817 | A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code... | | |
| CVE-2021-27821 | The Web Interface for OpenWRT LuCI version 19.07 and lower has been discovered to have a cross-site ... | | |
| CVE-2021-27822 | A persistent cross site scripting (XSS) vulnerability in the Add Categories module of Vehicle Parkin... | E | |
| CVE-2021-27823 | An information disclosure vulnerability was discovered in /index.class.php (via port 8181) on NetWav... | | |
| CVE-2021-27825 | A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary f... | | |
| CVE-2021-27828 | SQL injection in In4Suite ERP 3.2.74.1370 allows attackers to modify or delete data, causing persist... | E | |
| CVE-2021-27836 | An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers... | S | |
| CVE-2021-27839 | A CSV injection vulnerability found in Online Invoicing System (OIS) 4.3 and below can be exploited ... | | |
| CVE-2021-27845 | A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc... | E | |
| CVE-2021-27847 | Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and func... | E | |
| CVE-2021-27850 | Bypass of the fix for CVE-2019-0195 | E | |
| CVE-2021-27851 | Local privilege escalation in GNU Guix via guix-daemon and '--keep-failed' | S | |
| CVE-2021-27852 | Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unau... | KEV | |
| CVE-2021-27853 | L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers | E | |
| CVE-2021-27854 | L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation | | |
| CVE-2021-27855 | FatPipe software allows privilege escalation | | |
| CVE-2021-27856 | FatPipe software administrative account with no password | | |
| CVE-2021-27857 | FatPipe software allows unauthenticated configuration download | | |
| CVE-2021-27858 | Missing authorization vulnerability in FatPipe software | | |
| CVE-2021-27859 | Missing authorization vulnerability in FatPipe software | | |
| CVE-2021-27860 | Arbitrary file upload vulnerability in FatPipe software | KEV E M | |
| CVE-2021-27861 | L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths | | |
| CVE-2021-27862 | L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation | | |
| CVE-2021-27876 | An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and a... | KEV E | |
| CVE-2021-27877 | An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication sche... | KEV E | |
| CVE-2021-27878 | An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and a... | KEV E | |
| CVE-2021-27884 | Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of ... | | |
| CVE-2021-27885 | usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.... | S | |
| CVE-2021-27886 | rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js... | S | |
| CVE-2021-27887 | Stored XSS vulnerability in Ellipse APM | S | |
| CVE-2021-27888 | ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpe... | | |
| CVE-2021-27889 | Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing mess... | E S | |
| CVE-2021-27890 | SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.... | E S | |
| CVE-2021-27891 | SSH Tectia Client and Server before 6.4.19 on Windows have weak key generation. ConnectSecure on Win... | | |
| CVE-2021-27892 | SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation. ConnectSecur... | | |
| CVE-2021-27893 | SSH Tectia Client and Server before 6.4.19 on Windows allow local privilege escalation in nonstandar... | | |
| CVE-2021-27899 | The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perfo... | | |
| CVE-2021-27900 | The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorizat... | | |
| CVE-2021-27901 | An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint... | | |
| CVE-2021-27902 | An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerabil... | S | |
| CVE-2021-27903 | An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Ex... | S | |
| CVE-2021-27904 | An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation o... | S | |
| CVE-2021-27905 | SSRF vulnerability with the Replication handler | M | |
| CVE-2021-27906 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file | S | |
| CVE-2021-27907 | Apache Superset stored XSS on Dashboard markdown | | |
| CVE-2021-27908 | In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be expos... | E | |
| CVE-2021-27909 | XSS vulnerability on password reset page | S | |
| CVE-2021-27910 | Stored XSS vulnerability on Bounce Management Callback | S | |
| CVE-2021-27911 | XSS vulnerability on contacts view | S | |
| CVE-2021-27912 | XSS vulnerability on asset view | S | |
| CVE-2021-27913 | Use of a Broken or Risky Cryptographic Algorithm | E S | |
| CVE-2021-27914 | A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows ... | | |
| CVE-2021-27915 | XSS Cross-site Scripting Stored (XSS) - Description field | S | |
| CVE-2021-27916 | Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder) | S | |
| CVE-2021-27917 | XSS in contact tracking and page hits report | S | |
| CVE-2021-27918 | encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenRead... | | |
| CVE-2021-27919 | archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon at... | | |
| CVE-2021-27921 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the r... | | |
| CVE-2021-27922 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the r... | | |
| CVE-2021-27923 | Pillow before 8.1.1 allows attackers to cause a denial of service (memory consumption) because the r... | | |
| CVE-2021-27924 | An issue was discovered in Couchbase Server 6.x through 6.6.1. The Couchbase Server UI is insecurely... | | |
| CVE-2021-27925 | An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engin... | | |
| CVE-2021-27927 | In Zabbix from 4.0.x before 4.0.28rc1, 5.0.0alpha1 before 5.0.10rc1, 5.2.x before 5.2.6rc1, and 5.4.... | S | |
| CVE-2021-27928 | A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10... | E | |
| CVE-2021-27930 | Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or co... | E | |
| CVE-2021-27931 | LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API re... | E | |
| CVE-2021-27932 | Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.... | | |
| CVE-2021-27933 | pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.... | E | |
| CVE-2021-27935 | An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able... | S | |
| CVE-2021-27938 | A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverst... | | |
| CVE-2021-27940 | resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestr... | E S | |
| CVE-2021-27941 | Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the e... | | |
| CVE-2021-27942 | Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary ... | E | |
| CVE-2021-27943 | The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobi... | E | |
| CVE-2021-27944 | Several high privileged APIs on the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs do not... | E | |
| CVE-2021-27945 | The Squirro Insights Engine was affected by a Reflected Cross-Site Scripting (XSS) vulnerability aff... | S | |
| CVE-2021-27946 | SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).... | E S | |
| CVE-2021-27947 | SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (i... | S | |
| CVE-2021-27948 | SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).... | S | |
| CVE-2021-27949 | Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.... | S | |
| CVE-2021-27950 | A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authentica... | E | |
| CVE-2021-27952 | Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat... | E | |
| CVE-2021-27953 | A NULL pointer dereference vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HomeKit... | E | |
| CVE-2021-27954 | A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKPro... | E | |
| CVE-2021-27956 | Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/dir... | E | |
| CVE-2021-27962 | Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to... | | |
| CVE-2021-27963 | SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAd... | E | |
| CVE-2021-27964 | SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a ... | E | |
| CVE-2021-27965 | The MsIo64.sys driver before 1.1.19.1016 in MSI Dragon Center before 2.0.98.0 has a buffer overflow ... | S | |
| CVE-2021-27969 | Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.... | E | |
| CVE-2021-27971 | Alps Alpine Touchpad Driver 10.3201.101.215 is vulnerable to DLL Injection.... | | |
| CVE-2021-27973 | SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.... | E S | |
| CVE-2021-27983 | Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5 via the Documents page.... | E | |
| CVE-2021-27984 | In Pluck-4.7.15 admin background a remote command execution vulnerability exists when uploading file... | E | |
| CVE-2021-27989 | Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /med... | | |
| CVE-2021-27990 | Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail... | | |
| CVE-2021-27999 | A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine... | |