| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-28000 | A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Manag... | E | |
| CVE-2021-28001 | A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8... | E | |
| CVE-2021-28002 | A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpatte... | E | |
| CVE-2021-28006 | Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options... | E | |
| CVE-2021-28007 | Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name... | E | |
| CVE-2021-28021 | Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a craf... | E | |
| CVE-2021-28022 | Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker ... | E | |
| CVE-2021-28023 | Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.3593... | E | |
| CVE-2021-28024 | Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 a... | E | |
| CVE-2021-28025 | Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2... | E | |
| CVE-2021-28026 | jpeg-xl v0.3.2 is affected by a heap buffer overflow in /lib/jxl/coeff_order.cc ReadPermutation. Whe... | E | |
| CVE-2021-28027 | An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and ou... | S | |
| CVE-2021-28028 | An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double ... | S | |
| CVE-2021-28029 | An issue was discovered in the toodee crate before 0.3.0 for Rust. The row-insertion feature allows ... | S | |
| CVE-2021-28030 | An issue was discovered in the truetype crate before 0.30.1 for Rust. Attackers can read the content... | S | |
| CVE-2021-28031 | An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function ca... | S | |
| CVE-2021-28032 | An issue was discovered in the nano_arena crate before 0.5.2 for Rust. There is an aliasing violatio... | E S | |
| CVE-2021-28033 | An issue was discovered in the byte_struct crate before 0.6.1 for Rust. There can be a drop of unini... | S | |
| CVE-2021-28034 | An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner beha... | S | |
| CVE-2021-28035 | An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner beha... | S | |
| CVE-2021-28036 | An issue was discovered in the quinn crate before 0.7.0 for Rust. It may have invalid memory access ... | S | |
| CVE-2021-28037 | An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can... | S | |
| CVE-2021-28038 | An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of t... | S | |
| CVE-2021-28039 | An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-com... | S | |
| CVE-2021-28040 | An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs w... | E | |
| CVE-2021-28041 | ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenario... | S | |
| CVE-2021-28042 | Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archi... | | |
| CVE-2021-28047 | Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 20... | | |
| CVE-2021-28048 | An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS befo... | | |
| CVE-2021-28052 | Hitachi Content Platform Information Disclosure Vulnerability | | |
| CVE-2021-28053 | An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A SQL injection vulnerability ... | | |
| CVE-2021-28054 | An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting ... | | |
| CVE-2021-28055 | An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. The anti-CSRF token generation... | S | |
| CVE-2021-28060 | A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker ... | E | |
| CVE-2021-28070 | Cross Site Request Forgery (CSRF) vulnerability exist in PopojiCMS 2.0.1 in po-admin/route.php?mod=u... | E | |
| CVE-2021-28075 | iKuaiOS 3.4.8 Build 202012291059 has an arbitrary file download vulnerability, which can be exploite... | | |
| CVE-2021-28079 | Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulner... | E | |
| CVE-2021-28088 | Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows r... | E | |
| CVE-2021-28089 | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resource... | | |
| CVE-2021-28090 | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an asser... | | |
| CVE-2021-28091 | Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.... | S | |
| CVE-2021-28092 | The is-svg package 2.1.0 through 4.2.1 for Node.js uses a regular expression that is vulnerable to R... | | |
| CVE-2021-28093 | OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash collis... | | |
| CVE-2021-28094 | OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash co... | | |
| CVE-2021-28095 | OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML structur... | | |
| CVE-2021-28096 | An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can sa... | | |
| CVE-2021-28098 | An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerabi... | E | |
| CVE-2021-28099 | In Netflix OSS Hollow, since the Files.exists(parent) is run before creating the directories, an att... | | |
| CVE-2021-28100 | Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker wit... | | |
| CVE-2021-28109 | TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS).... | | |
| CVE-2021-28110 | /exec in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a vulnerability in its X... | | |
| CVE-2021-28111 | Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution... | | |
| CVE-2021-28112 | Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote cod... | | |
| CVE-2021-28113 | A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gate... | E | |
| CVE-2021-28114 | Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing.... | | |
| CVE-2021-28115 | The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during ... | E S | |
| CVE-2021-28116 | Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure beca... | | |
| CVE-2021-28117 | libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates ... | S | |
| CVE-2021-28119 | Twinkle Tray (aka twinkle-tray) through 1.13.3 allows remote command execution. A remote attacker ma... | E | |
| CVE-2021-28121 | Virtual Robots.txt before 1.10 does not block HTML tags in the robots.txt field.... | | |
| CVE-2021-28122 | A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI com... | E S | |
| CVE-2021-28123 | Undocumented Default Cryptographic Key Vulnerability in Cohesity DataPlatform version 6.3 prior 6.3.... | | |
| CVE-2021-28124 | A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6.3.... | | |
| CVE-2021-28125 | Apache Superset Open Redirect | M | |
| CVE-2021-28126 | index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site ... | | |
| CVE-2021-28127 | An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur.... | | |
| CVE-2021-28128 | In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering ... | E | |
| CVE-2021-28129 | DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid | | |
| CVE-2021-28130 | Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL fo... | E | |
| CVE-2021-28131 | Impala logs contain secrets | | |
| CVE-2021-28132 | LUCY Security Awareness Software through 4.7.x allows unauthenticated remote code execution because ... | E | |
| CVE-2021-28133 | Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen,... | | |
| CVE-2021-28134 | Clipper before 1.0.5 allows remote command execution. A remote attacker may send a crafted IPC messa... | E S | |
| CVE-2021-28135 | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle t... | | |
| CVE-2021-28136 | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle t... | | |
| CVE-2021-28139 | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict... | | |
| CVE-2021-28141 | An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized a... | E | |
| CVE-2021-28142 | CITSmart before 9.1.2.28 mishandles the "filtro de autocomplete."... | | |
| CVE-2021-28143 | /jsonrpc on D-Link DIR-841 3.03 and 3.04 devices allows authenticated command injection via ping, pi... | E S | |
| CVE-2021-28144 | prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject a... | E S | |
| CVE-2021-28145 | Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS atta... | | |
| CVE-2021-28146 | The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control issu... | | |
| CVE-2021-28147 | The team sync HTTP API in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.10, and 7.4.x before 7... | | |
| CVE-2021-28148 | One of the usage insights HTTP API endpoints in Grafana Enterprise 6.x before 6.7.6, 7.x before 7.3.... | | |
| CVE-2021-28149 | Hongdian H8922 3.0.5 devices allow Directory Traversal. The /log_download.cgi log export handler doe... | E | |
| CVE-2021-28150 | Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administra... | E | |
| CVE-2021-28151 | Hongdian H8922 3.0.5 devices allow OS command injection via shell metacharacters into the ip-address... | E | |
| CVE-2021-28152 | Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superus... | E | |
| CVE-2021-28153 | An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREAT... | E S | |
| CVE-2021-28154 | Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access. A remote attacker ... | E | |
| CVE-2021-28155 | The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception... | | |
| CVE-2021-28156 | HashiCorp Consul Enterprise version 1.8.0 up to 1.9.4 audit log can be bypassed by specifically craf... | | |
| CVE-2021-28157 | An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.... | | |
| CVE-2021-28160 | Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsa... | E | |
| CVE-2021-28161 | In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping,... | E | |
| CVE-2021-28162 | In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML ... | E | |
| CVE-2021-28163 | In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user use... | E S | |
| CVE-2021-28164 | In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests w... | E S | |
| CVE-2021-28165 | In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage ca... | E S | |
| CVE-2021-28166 | In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT... | S | |
| CVE-2021-28167 | In Eclipse Openj9 to version 0.25.0, usage of the jdk.internal.reflect.ConstantPool API causes the J... | E S | |
| CVE-2021-28168 | Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosur... | S | |
| CVE-2021-28169 | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the Conca... | S | |
| CVE-2021-28170 | In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManag... | E S | |
| CVE-2021-28171 | Vangene deltaFlow E-platform - Broken Authentication | S | |
| CVE-2021-28172 | Vangene deltaFlow E-platform - Path Traversal | S | |
| CVE-2021-28173 | Vangene deltaFlow E-platform - Arbitrary File Upload | S | |
| CVE-2021-28174 | Mitake Smart Stock Selection System - Broken Authentication | S | |
| CVE-2021-28175 | ASUS BMC's firmware: buffer overflow - Radius configuration function | S | |
| CVE-2021-28176 | ASUS BMC's firmware: buffer overflow - DNS configuration function | S | |
| CVE-2021-28177 | ASUS BMC's firmware: buffer overflow - LDAP configuration function | S | |
| CVE-2021-28178 | ASUS BMC's firmware: buffer overflow - UEFI configuration function | S | |
| CVE-2021-28179 | ASUS BMC's firmware: buffer overflow - Media support configuration setting | S | |
| CVE-2021-28180 | ASUS BMC's firmware: buffer overflow - Audit log configuration setting | S | |
| CVE-2021-28181 | ASUS BMC's firmware: buffer overflow - Remote video configuration setting | S | |
| CVE-2021-28182 | ASUS BMC's firmware: buffer overflow - Web Service configuration function | S | |
| CVE-2021-28183 | ASUS BMC's firmware: buffer overflow - Web License configuration setting | S | |
| CVE-2021-28184 | ASUS BMC's firmware: buffer overflow - Active Directory configuration function | S | |
| CVE-2021-28185 | ASUS BMC's firmware: buffer overflow - ActiveX configuration-1 acquisition | S | |
| CVE-2021-28186 | ASUS BMC's firmware: buffer overflow - ActiveX configuration-2 acquisition | S | |
| CVE-2021-28187 | ASUS BMC's firmware: buffer overflow - Generate new SSL certificate | S | |
| CVE-2021-28188 | ASUS BMC's firmware: buffer overflow - Modify user’s information function | S | |
| CVE-2021-28189 | ASUS BMC's firmware: buffer overflow - SMTP configuration function | S | |
| CVE-2021-28190 | ASUS BMC's firmware: buffer overflow - Generate new certificate function | S | |
| CVE-2021-28191 | ASUS BMC's firmware: buffer overflow - Firmware update function | S | |
| CVE-2021-28192 | ASUS BMC's firmware: buffer overflow - Remote video storage function | S | |
| CVE-2021-28193 | ASUS BMC's firmware: buffer overflow - SMTP configuration function | S | |
| CVE-2021-28194 | ASUS BMC's firmware: buffer overflow - Remote image configuration setting | S | |
| CVE-2021-28195 | ASUS BMC's firmware: buffer overflow - Radius configuration function | S | |
| CVE-2021-28196 | ASUS BMC's firmware: buffer overflow - Generate SSL certificate function | S | |
| CVE-2021-28197 | ASUS BMC's firmware: buffer overflow - Active Directory configuration function | S | |
| CVE-2021-28198 | ASUS BMC's firmware: buffer overflow - Firmware protocol configuration | S | |
| CVE-2021-28199 | ASUS BMC's firmware: buffer overflow - Modify user’s information function | S | |
| CVE-2021-28200 | ASUS BMC's firmware: buffer overflow - CD media configuration function | S | |
| CVE-2021-28201 | ASUS BMC's firmware: buffer overflow - Service configuration-1 function | S | |
| CVE-2021-28202 | ASUS BMC's firmware: buffer overflow - Service configuration-2 function | S | |
| CVE-2021-28203 | ASUS BMC's firmware: command injection - Web Set Media Image function | S | |
| CVE-2021-28204 | ASUS BMC's firmware: command injection - Modify user’s information function | S | |
| CVE-2021-28205 | ASUS BMC's firmware: path traversal - Delete SOL video file function | S | |
| CVE-2021-28206 | ASUS BMC's firmware: path traversal - Record video file function | S | |
| CVE-2021-28207 | ASUS BMC's firmware: path traversal - Get Help file function | S | |
| CVE-2021-28208 | ASUS BMC's firmware: path traversal - Get video file function | S | |
| CVE-2021-28209 | ASUS BMC's firmware: path traversal - Delete video file function | S | |
| CVE-2021-28210 | An unlimited recursion in DxeCore in EDK II.... | E S | |
| CVE-2021-28211 | A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.... | E S | |
| CVE-2021-28213 | Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.... | | |
| CVE-2021-28216 | BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePer... | E | |
| CVE-2021-28233 | Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman... | E S | |
| CVE-2021-28235 | Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privilege... | | |
| CVE-2021-28236 | LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.... | E | |
| CVE-2021-28237 | LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.... | E | |
| CVE-2021-28242 | SQL Injection in the "evoadm.php" component of b2evolution v7.2.2-stable allows remote attackers to ... | E S | |
| CVE-2021-28245 | PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter tha... | E | |
| CVE-2021-28246 | CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamicall... | E | |
| CVE-2021-28247 | CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impac... | E | |
| CVE-2021-28248 | CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Aut... | E | |
| CVE-2021-28249 | CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamicall... | E | |
| CVE-2021-28250 | CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (an... | E | |
| CVE-2021-28254 | A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows attackers to exe... | E | |
| CVE-2021-28269 | Soyal Technology 701Client 9.0.1 is vulnerable to Insecure permissions via client.exe binary with Au... | E | |
| CVE-2021-28271 | Soyal Technologies SOYAL 701Server 9.0.1 suffers from an elevation of privileges vulnerability which... | E | |
| CVE-2021-28275 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 due to a wild address read in the Ge... | E | |
| CVE-2021-28276 | A Denial of Service vulnerability exists in jhead 3.04 and 3.05 via a wild address read in the Proce... | S | |
| CVE-2021-28277 | A Heap-based Buffer Overflow vulnerabilty exists in jhead 3.04 and 3.05 is affected by: Buffer Overf... | E | |
| CVE-2021-28278 | A Heap-based Buffer Overflow vulnerability exists in jhead 3.04 and 3.05 via the RemoveSectionType f... | E | |
| CVE-2021-28280 | CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote at... | E S | |
| CVE-2021-28290 | A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencod... | E S | |
| CVE-2021-28293 | Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability... | E | |
| CVE-2021-28294 | Online Ordering System 1.0 is vulnerable to arbitrary file upload through /onlineordering/GPST/store... | E | |
| CVE-2021-28295 | Online Ordering System 1.0 is vulnerable to unauthenticated SQL injection through /onlineordering/GP... | E | |
| CVE-2021-28300 | NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 a... | E | |
| CVE-2021-28302 | A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_p... | E | |
| CVE-2021-28305 | An issue was discovered in the diesel crate before 1.4.6 for Rust. There is a use-after-free in the ... | | |
| CVE-2021-28306 | An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereferenc... | | |
| CVE-2021-28307 | An issue was discovered in the fltk crate before 0.15.3 for Rust. There is a NULL pointer dereferenc... | | |
| CVE-2021-28308 | An issue was discovered in the fltk crate before 0.15.3 for Rust. There is an out-of bounds read bec... | | |
| CVE-2021-28309 | Windows Kernel Information Disclosure Vulnerability | S | |
| CVE-2021-28310 | Win32k Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-28311 | Windows Application Compatibility Cache Denial of Service Vulnerability | S | |
| CVE-2021-28312 | Windows NTFS Denial of Service Vulnerability | S | |
| CVE-2021-28313 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | S | |
| CVE-2021-28314 | Windows Hyper-V Elevation of Privilege Vulnerability | S | |
| CVE-2021-28315 | Windows Media Video Decoder Remote Code Execution Vulnerability | S | |
| CVE-2021-28316 | Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability | S | |
| CVE-2021-28317 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | S | |
| CVE-2021-28318 | Windows GDI+ Information Disclosure Vulnerability | S | |
| CVE-2021-28319 | Windows TCP/IP Driver Denial of Service Vulnerability | S | |
| CVE-2021-28320 | Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | S | |
| CVE-2021-28321 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | S | |
| CVE-2021-28322 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | S | |
| CVE-2021-28323 | Windows DNS Information Disclosure Vulnerability | S | |
| CVE-2021-28324 | Windows SMB Information Disclosure Vulnerability | S | |
| CVE-2021-28325 | Windows SMB Information Disclosure Vulnerability | S | |
| CVE-2021-28326 | Windows AppX Deployment Server Denial of Service Vulnerability | S | |
| CVE-2021-28327 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28328 | Windows DNS Information Disclosure Vulnerability | S | |
| CVE-2021-28329 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28330 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28331 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28332 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28333 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28334 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28335 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28336 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28337 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28338 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28339 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28340 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28341 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28342 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28343 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28344 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28345 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28346 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28347 | Windows Speech Runtime Elevation of Privilege Vulnerability | S | |
| CVE-2021-28348 | Windows GDI+ Remote Code Execution Vulnerability | S | |
| CVE-2021-28349 | Windows GDI+ Remote Code Execution Vulnerability | S | |
| CVE-2021-28350 | Windows GDI+ Remote Code Execution Vulnerability | S | |
| CVE-2021-28351 | Windows Speech Runtime Elevation of Privilege Vulnerability | S | |
| CVE-2021-28352 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28353 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28354 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28355 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28356 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28357 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28358 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28359 | Apache Airflow Reflected XSS via Origin Query Argument in URL | | |
| CVE-2021-28361 | An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. If a PDU is s... | | |
| CVE-2021-28362 | An issue was discovered in Contiki through 3.0. When sending an ICMPv6 error message because of inva... | | |
| CVE-2021-28363 | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases i... | S | |
| CVE-2021-28372 | ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (T... | E M | |
| CVE-2021-28373 | The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log i... | S | |
| CVE-2021-28374 | The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run... | | |
| CVE-2021-28375 | An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/... | S | |
| CVE-2021-28376 | ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.... | E | |
| CVE-2021-28377 | ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.... | E | |
| CVE-2021-28378 | Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations.... | E S | |
| CVE-2021-28379 | web/upload/UploadHandler.php in Vesta Control Panel (aka VestaCP) through 0.9.8-27 and myVesta throu... | E S | |
| CVE-2021-28380 | The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.1... | S | |
| CVE-2021-28381 | The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLan... | | |
| CVE-2021-28382 | Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while i... | E | |
| CVE-2021-28398 | A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvest... | S | |
| CVE-2021-28399 | OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via t... | | |
| CVE-2021-28411 | An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class... | E | |
| CVE-2021-28417 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript v... | E | |
| CVE-2021-28418 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript v... | E | |
| CVE-2021-28419 | The "order_col" parameter in archive.php of SEO Panel 4.8.0 is vulnerable to time-based blind SQL in... | E | |
| CVE-2021-28420 | A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript v... | E S | |
| CVE-2021-28421 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-21417. Reason: This candidat... | R | |
| CVE-2021-28423 | Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remot... | E | |
| CVE-2021-28424 | A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows re... | E | |
| CVE-2021-28427 | Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary ... | S | |
| CVE-2021-28428 | File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello f... | S | |
| CVE-2021-28429 | Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version ... | S | |
| CVE-2021-28434 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | S | |
| CVE-2021-28435 | Windows Event Tracing Information Disclosure Vulnerability | S | |
| CVE-2021-28436 | Windows Speech Runtime Elevation of Privilege Vulnerability | S | |
| CVE-2021-28437 | Windows Installer Information Disclosure Vulnerability | S | |
| CVE-2021-28438 | Windows Console Driver Denial of Service Vulnerability | S | |
| CVE-2021-28439 | Windows TCP/IP Driver Denial of Service Vulnerability | S | |
| CVE-2021-28440 | Windows Installer Elevation of Privilege Vulnerability | S | |
| CVE-2021-28441 | Windows Hyper-V Information Disclosure Vulnerability | S | |
| CVE-2021-28442 | Windows TCP/IP Information Disclosure Vulnerability | S | |
| CVE-2021-28443 | Windows Console Driver Denial of Service Vulnerability | S | |
| CVE-2021-28444 | Windows Hyper-V Security Feature Bypass Vulnerability | S | |
| CVE-2021-28445 | Windows Network File System Remote Code Execution Vulnerability | S | |
| CVE-2021-28446 | Windows Portmapping Information Disclosure Vulnerability | S | |
| CVE-2021-28447 | Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability | E S | |
| CVE-2021-28448 | Visual Studio Code Kubernetes Tools Remote Code Execution Vulnerability | S | |
| CVE-2021-28449 | Microsoft Office Remote Code Execution Vulnerability | S | |
| CVE-2021-28450 | Microsoft SharePoint Denial of Service Vulnerability | S | |
| CVE-2021-28451 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-28452 | Microsoft Outlook Memory Corruption Vulnerability | S | |
| CVE-2021-28453 | Microsoft Word Remote Code Execution Vulnerability | S | |
| CVE-2021-28454 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-28455 | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability | S | |
| CVE-2021-28456 | Microsoft Excel Information Disclosure Vulnerability | S | |
| CVE-2021-28457 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2021-28458 | Azure ms-rest-nodeauth Library Elevation of Privilege Vulnerability | S | |
| CVE-2021-28459 | Azure DevOps Server Spoofing Vulnerability | E S | |
| CVE-2021-28460 | Azure Sphere Unsigned Code Execution Vulnerability | S | |
| CVE-2021-28461 | Dynamics Finance and Operations Cross-site Scripting Vulnerability | S | |
| CVE-2021-28464 | VP9 Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-28465 | Web Media Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-28466 | Raw Image Extension Remote Code Execution Vulnerability | S | |
| CVE-2021-28468 | Raw Image Extension Remote Code Execution Vulnerability | S | |
| CVE-2021-28469 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2021-28470 | Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability | S | |
| CVE-2021-28471 | Remote Development Extension for Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2021-28472 | Visual Studio Code Maven for Java Extension Remote Code Execution Vulnerability | S | |
| CVE-2021-28473 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2021-28474 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2021-28475 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2021-28476 | Windows Hyper-V Remote Code Execution Vulnerability | S | |
| CVE-2021-28477 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2021-28478 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2021-28479 | Windows CSC Service Information Disclosure Vulnerability | S | |
| CVE-2021-28480 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2021-28481 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2021-28482 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2021-28483 | Microsoft Exchange Server Remote Code Execution Vulnerability | S | |
| CVE-2021-28484 | An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.... | | |
| CVE-2021-28485 | In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allow... | | |
| CVE-2021-28488 | Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects ... | | |
| CVE-2021-28490 | In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using o... | | |
| CVE-2021-28492 | Unisys Stealth (core) 5.x before 5.0.048.0, 5.1.x before 5.1.017.0, and 6.x before 6.0.037.0 stores ... | | |
| CVE-2021-28493 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, un... | S | |
| CVE-2021-28494 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, un... | S | |
| CVE-2021-28495 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, un... | S | |
| CVE-2021-28496 | In Arista's EOS software affected releases, the shared secret profiles sensitive configuration might be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device. | S | |
| CVE-2021-28497 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, un... | S | |
| CVE-2021-28498 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, us... | S | |
| CVE-2021-28499 | In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, us... | S | |
| CVE-2021-28500 | An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. | E S | |
| CVE-2021-28501 | An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration. | E S | |
| CVE-2021-28503 | In Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. | S | |
| CVE-2021-28504 | On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol fi ... | S | |
| CVE-2021-28505 | On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol. | E S | |
| CVE-2021-28506 | An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. | E S | |
| CVE-2021-28507 | An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent. | E S | |
| CVE-2021-28508 | TerminAttr streams IPsec sensitive data in clear text to other authorized users in CVP | E S | |
| CVE-2021-28509 | TerminAttr streams MACsec sensitive data in clear text to other authorized users in CVP | E S | |
| CVE-2021-28510 | For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable. | E S | |
| CVE-2021-28511 | This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches t ... | E S | |
| CVE-2021-28543 | Varnish varnish-modules before 0.17.1 allows remote attackers to cause a denial of service (daemon r... | | |
| CVE-2021-28544 | Apache Subversion SVN authz protected copyfrom paths regression | E S | |
| CVE-2021-28545 | Acrobat Reader DC Missing Support for Integrity Check | S | |
| CVE-2021-28546 | Acrobat Reader DC Missing Support for Integrity Check | | |
| CVE-2021-28547 | Adobe Creative Cloud for macOS Privilege Escalation Vulnerability | S | |
| CVE-2021-28548 | Adobe Photoshop parsing JS buffer overflow vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28549 | Adobe Photoshop parsing JS buffer overflow vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28550 | Adobe Acrobat Reader use after free vulnerability could lead to arbitrary code execution | KEV | |
| CVE-2021-28551 | Adobe Acrobat Pro DC JPEG2000 Editing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2021-28552 | Adobe Acrobat Reader DC XFA Template Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2021-28553 | Adobe Acrobat Reader use-after-free vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28554 | Adobe Acrobat Reader DC Path Parsing Out-Of-Bounds Read could lead to arbitrary code execution | | |
| CVE-2021-28555 | Adobe Acrobat Reader out-of-bounds Read could lead to information disclosure | | |
| CVE-2021-28556 | Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution | | |
| CVE-2021-28557 | Adobe Acrobat Reader out-of-bounds read in PDFLibTool could lead to information exposure | | |
| CVE-2021-28558 | Adobe Acrobat Reader heap-based buffer overflow could lead to arbitrary code execution | | |
| CVE-2021-28559 | Adobe Acrobat Reader privacy violation vulnerability could lead to privilege escalation | | |
| CVE-2021-28560 | Adobe Acrobat Reader heap corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28561 | Adobe Acrobat Reader memory corruption vulnerability could lead to remote code execution | | |
| CVE-2021-28562 | Adobe Acrobat Reader use-after-free could lead to arbitrary code execution | S | |
| CVE-2021-28563 | Magento Commerce improper Authorization via the 'Create Customer' endpoint | | |
| CVE-2021-28564 | Adobe Acrobat Reader out-of-bounds write vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28565 | Adobe Acrobat Reader out-of-bounds read could lead to information exposure | | |
| CVE-2021-28566 | Magento Commerce information disclosure during upload action leveraging a specially crafted file | | |
| CVE-2021-28567 | Magento Commerce improper authorization allows an authenticated user to perform certain functions without permission | | |
| CVE-2021-28568 | Adobe Genuine Services insecure file permission could lead to privilege escalation | | |
| CVE-2021-28569 | Adobe Media Encoder VOB file parsing out-of-bounds read could lead to information disclosure vulnerability | | |
| CVE-2021-28570 | Adobe After Effects uncontrolled search path element vulnerability could lead to remote code execution | | |
| CVE-2021-28571 | Adobe After Effects improper neutralization of special elements could lead to remote code execution | | |
| CVE-2021-28573 | Adobe Animate out-of-bounds read vulnerability could lead to information exposure | S | |
| CVE-2021-28574 | Adobe Animate out-of-bounds read vulnerability could lead to information exposure | | |
| CVE-2021-28575 | Adobe Animate out-of-bounds read vulnerability could lead to information exposure | | |
| CVE-2021-28576 | Adobe Animate out-of-bounds read vulnerability could lead to information exposure | | |
| CVE-2021-28579 | Adobe Connect improper access control could lead to privilege escalation | | |
| CVE-2021-28580 | Medium by Adobe file parsing buffer overflow vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28581 | Adobe Creative Cloud Desktop uncontrolled search path element vulnerability could lead to local privilege escalation | | |
| CVE-2021-28583 | Magento Commerce insecure storage of sensitive documentation | S | |
| CVE-2021-28584 | Magento Commerce path traversal vulnerability in child theme store creation | S | |
| CVE-2021-28585 | Magento Commerce improper input validation in customer customer webapi | S | |
| CVE-2021-28586 | Adobe After Effects PDF file parsing out-of-bounds write could lead to remote code execution vulnerability | | |
| CVE-2021-28587 | Adobe After Effects TIF file parsing out-of-bounds read information disclosure vulnerability | | |
| CVE-2021-28588 | Adobe RoboHelp Server folderId Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2021-28589 | Adobe Media Encoder TS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-28590 | Adobe Media Encoder VOB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-28591 | Adobe Illustrator PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-28592 | Adobe Illustrator JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-28593 | Adobe Illustrator PostScript Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2021-28594 | Creative Cloud Desktop installer Uncontrolled Search Path element could lead to arbitrary code execution | | |
| CVE-2021-28595 | Adobe Dimension Uncontrolled Search Path Element Could Lead To Remote Code Execution | S | |
| CVE-2021-28596 | Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-28597 | Adobe Photoshop Elements Privilege Escalation Vulnerability - symbolic link | | |
| CVE-2021-28600 | Adobe After Effects Out-of-bounds Read vulnerability could lead to sensitive information disclosure | | |
| CVE-2021-28601 | Adobe After Effects NULL Pointer Dereference vulnerability | | |
| CVE-2021-28602 | Adobe After Effects Memory corruption could lead to code execution vulnerability | | |
| CVE-2021-28603 | Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28604 | Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28605 | Adobe After Effects memory corruption could lead to arbitrary code execution | | |
| CVE-2021-28606 | Adobe After Effects Stack Overflow vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28607 | Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28608 | Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28609 | Adobe After Effects Out-of-bounds Read vulnerability could lead to sensitive information disclosure | | |
| CVE-2021-28610 | Adobe After Effects heap corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-28611 | Adobe After Effects Out-of-bounds Read vulnerability | | |
| CVE-2021-28612 | Adobe After Effects Out-of-bounds Read vulnerability | | |
| CVE-2021-28613 | Adobe Creative Cloud Arbitrary File Overwrite Vulnerability | S | |
| CVE-2021-28614 | Adobe After Effects Out-of-bounds Read vulnerability | | |
| CVE-2021-28615 | Adobe After Effects Out-of-bounds Read vulnerability could lead to sensitive information disclosure | | |
| CVE-2021-28616 | Adobe After Effects Out-of-bounds Read vulnerability | | |
| CVE-2021-28617 | Adobe Animate out-of-bounds read vulnerability could lead to sensitive information disclosure | S | |
| CVE-2021-28618 | Adobe Animate out-of-bounds read vulnerability could lead to sensitive information disclosure | S | |
| CVE-2021-28619 | Adobe Animate out-of-bounds read vulnerability could lead to sensitive information disclosure | S | |
| CVE-2021-28620 | Adobe Animate heap corruption vulnerability could lead to arbitrary code execution | S | |
| CVE-2021-28621 | Adobe Animate FLA File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | S | |
| CVE-2021-28622 | Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2021-28623 | Adobe Premiere Elements Privilege Escalation Vulnerability | | |
| CVE-2021-28624 | Adobe Bridge SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2021-28625 | Adobe Experience Manager Cross-site Scripting vulnerability in inbox workitem.jsp | | |
| CVE-2021-28626 | Adobe Experience Manager Improper Authorization at /content/usergenerated | | |
| CVE-2021-28627 | Adobe Experience Manager Server-side Request Forgery could lead to Security feature bypass | | |
| CVE-2021-28628 | Adobe Experience Manager Cross-site Scripting vulnerability in inbox render.jsp | | |
| CVE-2021-28629 | Adobe Animate heap corruption vulnerability could lead to arbitrary code execution | S | |
| CVE-2021-28630 | Adobe Animate FLA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-28631 | Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2021-28632 | ZDI-CAN-13471: Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2021-28633 | Adobe Creative Cloud Installer Arbitrary File Write | | |
| CVE-2021-28634 | Adobe Acrobat Reader AcrobatUtils.scpt Extension OS Command Injection Vulnerability | S | |
| CVE-2021-28635 | Adobe Acrobat Reader Use-After-Free Vulnerability | S | |
| CVE-2021-28636 | Adobe Acrobat Reader Unquoted Search Path Vulnerability | S | |
| CVE-2021-28637 | Adobe Acrobat Pro DC PDFLibTool Out-of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2021-28638 | Adobe Acrobat Reader DC PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2021-28639 | Adobe Acrobat Reader DC setAction Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2021-28640 | Adobe Acrobat Reader Use-After-Free Arbitrary Code Execution Vulnerability | | |
| CVE-2021-28641 | Adobe Acrobat Reader Use-After-Free Arbitrary Code Execution Vulnerability | | |
| CVE-2021-28642 | Adobe Acrobat Pro DC Out-of-Bounds Write Arbitrary Code Execution Vulnerability | | |
| CVE-2021-28643 | Adobe Acrobat Pro DC embedDocAsDataObject Type Confusion Information Disclosure Vulnerability | | |
| CVE-2021-28644 | Adobe Acrobat SpellDictionaryCreate Path Traversal Remote Code Execution Vulnerability | | |
| CVE-2021-28645 | An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and ... | | |
| CVE-2021-28646 | An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and Office... | | |
| CVE-2021-28647 | Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability whi... | | |
| CVE-2021-28648 | Trend Micro Antivirus for Mac 2020 v10.5 and 2021 v11 (Consumer) is vulnerable to an improper access... | S | |
| CVE-2021-28649 | An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Ne... | | |
| CVE-2021-28650 | autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other s... | S | |
| CVE-2021-28651 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, i... | E S | |
| CVE-2021-28652 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validatio... | E S | |
| CVE-2021-28653 | The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store ke... | | |
| CVE-2021-28655 | Apache Zeppelin: Arbitrary file deletion vulnerability | | |
| CVE-2021-28656 | Apache Zeppelin: CSRF vulnerability in the Credentials page | | |
| CVE-2021-28657 | Infinite loop in Apache Tika's MP3 parser | S | |
| CVE-2021-28658 | In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed direct... | | |
| CVE-2021-28660 | rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6... | S | |
| CVE-2021-28661 | Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker ... | E | |
| CVE-2021-28662 | An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a ce... | S | |
| CVE-2021-28663 | The Arm Mali GPU kernel driver allows privilege escalation or information disclosure because GPU mem... | KEV E | |
| CVE-2021-28664 | The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption... | KEV | |
| CVE-2021-28665 | Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the ... | | |
| CVE-2021-28667 | StackStorm before 3.4.1, in some situations, has an infinite loop that consumes all available memory... | S | |
| CVE-2021-28668 | Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 bef... | S | |
| CVE-2021-28669 | Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 bef... | S | |
| CVE-2021-28670 | Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C80... | S | |
| CVE-2021-28671 | Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.1... | | |
| CVE-2021-28672 | Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.1... | | |
| CVE-2021-28673 | Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.1... | | |
| CVE-2021-28674 | The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to crea... | S | |
| CVE-2021-28675 | An issue was discovered in Pillow before 8.2.0. PSDImagePlugin.PsdImageFile lacked a sanity check on... | | |
| CVE-2021-28676 | An issue was discovered in Pillow before 8.2.0. For FLI data, FliDecode did not properly check that ... | S | |
| CVE-2021-28677 | An issue was discovered in Pillow before 8.2.0. For EPS data, the readline implementation used in EP... | S | |
| CVE-2021-28678 | An issue was discovered in Pillow before 8.2.0. For BLP data, BlpImagePlugin did not properly check ... | S | |
| CVE-2021-28680 | The devise_masquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An ap... | E | |
| CVE-2021-28681 | Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verificatio... | E S | |
| CVE-2021-28682 | An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in... | E | |
| CVE-2021-28683 | An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer derefe... | | |
| CVE-2021-28684 | The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entitie... | E | |
| CVE-2021-28685 | AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to inter... | | |
| CVE-2021-28686 | AsIO2_64.sys and AsIO2_32.sys in ASUS GPUTweak II before 2.3.0.3 allow low-privileged users to trigg... | | |
| CVE-2021-28687 | HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interfa... | | |
| CVE-2021-28688 | The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't u... | S | |
| CVE-2021-28689 | x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels r... | | |
| CVE-2021-28690 | x86: TSX Async Abort protections not restored after S3 This issue relates to the TSX Async Abort spe... | S | |
| CVE-2021-28691 | Guest triggered use-after-free in Linux xen-netback A malicious or buggy network PV frontend can for... | | |
| CVE-2021-28692 | inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in paral... | M | |
| CVE-2021-28693 | xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs... | | |
| CVE-2021-28694 | IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text exp... | | |
| CVE-2021-28695 | IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text exp... | | |
| CVE-2021-28696 | IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text exp... | | |
| CVE-2021-28697 | grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to ... | | |
| CVE-2021-28698 | long running loops in grant table handling In order to properly monitor resource use, Xen maintains ... | | |
| CVE-2021-28699 | inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant at... | | |
| CVE-2021-28700 | xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create m... | | |
| CVE-2021-28701 | Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pa... | | |
| CVE-2021-28702 | PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Re... | | |
| CVE-2021-28703 | grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted... | | |
| CVE-2021-28704 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text ex... | S | |
| CVE-2021-28705 | issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple... | S | |
| CVE-2021-28706 | guests may exceed their designated memory limit When a guest is permitted to have close to 16TiB of ... | S | |
| CVE-2021-28707 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text ex... | S | |
| CVE-2021-28708 | PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text ex... | S | |
| CVE-2021-28709 | issues with partially successful P2M updates on x86 T[his CNA information record relates to multiple... | S | |
| CVE-2021-28710 | certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translati... | | |
| CVE-2021-28711 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relate... | S | |
| CVE-2021-28712 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relate... | S | |
| CVE-2021-28713 | Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relate... | S | |
| CVE-2021-28714 | Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information rec... | | |
| CVE-2021-28715 | Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information rec... | | |
| CVE-2021-28732 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-28372. Reason: This candidat... | R | |
| CVE-2021-28789 | The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attack... | | |
| CVE-2021-28790 | The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to ex... | | |
| CVE-2021-28791 | The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to ... | | |
| CVE-2021-28792 | The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows r... | | |
| CVE-2021-28793 | vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a c... | S | |
| CVE-2021-28794 | The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.execu... | S | |
| CVE-2021-28796 | Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.... | S | |
| CVE-2021-28797 | Stack Buffer Overflow in Surveillance Station | S | |
| CVE-2021-28798 | Relative Path Traversal Vulnerability in QTS and QuTS hero | S | |
| CVE-2021-28799 | Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync) | KEV S | |
| CVE-2021-28800 | Command Injection Vulnerability in QTS | S | |
| CVE-2021-28801 | Out-of-Bounds Read Vulnerability in QSS | S | |
| CVE-2021-28802 | Command Injection Vulnerabilities in QTS and QuTS hero | S | |
| CVE-2021-28803 | Stored XSS Vulnerability in Q'center | S | |
| CVE-2021-28804 | Command Injection Vulnerabilities in QTS and QuTS hero | S | |
| CVE-2021-28805 | Inclusion of Sensitive Information in QSS | S | |
| CVE-2021-28806 | DOM-Based XSS Vulnerability in QTS and QuTS hero | S | |
| CVE-2021-28807 | Post-Authentication Reflected XSS Vulnerability in Q'center | E S | |
| CVE-2021-28809 | Missing Authentication for Critical Function in RTRR Server in HBS3 | S | |
| CVE-2021-28810 | Vulnerability in Roon Server | S | |
| CVE-2021-28811 | Vulnerability in Roon Server | S | |
| CVE-2021-28812 | Command Injection Vulnerability in Video Station | S | |
| CVE-2021-28813 | Insufficiently Protected Credentials Vulnerability in QSW-M2116P-2T2S and QuNetSwitch | S | |
| CVE-2021-28814 | Improper Access Control Vulnerability in Helpdesk | S | |
| CVE-2021-28815 | Insecure Storage of Sensitive Information in myQNAPcloud Link | S | |
| CVE-2021-28816 | Stack Buffer Overflow Vulnerabilities in QTS, QuTS hero, and QuTScloud | S | |
| CVE-2021-28817 | TIBCO Rendezvous Windows Platform Installation vulnerability | S | |
| CVE-2021-28818 | TIBCO Rendezvous Windows Platform Artifact Search vulnerability | S | |
| CVE-2021-28819 | TIBCO FTL Windows Platform Installation vulnerability | S | |
| CVE-2021-28820 | TIBCO FTL Windows Platform Artifact Search vulnerability | S | |
| CVE-2021-28821 | TIBCO Enterprise Message Service Windows Platform Installation vulnerability | S | |
| CVE-2021-28822 | TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability | S | |
| CVE-2021-28823 | TIBCO eFTL Windows Platform Installation vulnerability | S | |
| CVE-2021-28824 | TIBCO ActiveSpaces Windows Platform Installation vulnerability | S | |
| CVE-2021-28825 | TIBCO Messaging - Eclipse Mosquitto Distribution - Core Windows Platform Installation vulnerability | S | |
| CVE-2021-28826 | TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge Windows Platform Installation vulnerability | S | |
| CVE-2021-28827 | TIBCO Administrator Stored Cross Site Scripting vulnerability | S | |
| CVE-2021-28828 | TIBCO Administrator SQL injection vulnerability | S | |
| CVE-2021-28829 | TIBCO Administrator CSV injection vulnerability | S | |
| CVE-2021-28830 | TIBCO Spotfire Windows Platform Artifact Search vulnerability | S | |
| CVE-2021-28831 | decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result poin... | S | |
| CVE-2021-28832 | VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configura... | S | |
| CVE-2021-28833 | Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerabili... | | |
| CVE-2021-28834 | Kramdown before 2.3.1 does not restrict Rouge formatters to the Rouge::Formatters namespace, and thu... | E S | |
| CVE-2021-28835 | Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary cod... | | |
| CVE-2021-28838 | Null pointer dereference vulnerability in D-Link DAP-2310 2,10RC039, DAP-2330 1.10RC036 BETA, DAP-23... | E | |
| CVE-2021-28839 | Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DA... | E | |
| CVE-2021-28840 | Null Pointer Dereference vulnerability exists in D-Link DAP-2310 2.07.RC031, DAP-2330 1.07.RC028, DA... | E | |
| CVE-2021-28841 | Null Pointer Dereference vulnerability in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821... | | |
| CVE-2021-28842 | Null Pointer Deference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TE... | | |
| CVE-2021-28843 | Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, ... | | |
| CVE-2021-28844 | Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, ... | | |
| CVE-2021-28845 | Null Pointer Dereference vulnerability exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, ... | | |
| CVE-2021-28846 | A Format String vulnerablity exists in TRENDnet TEW-755AP 1.11B03, TEW-755AP2KAC 1.11B03, TEW-821DAP... | | |
| CVE-2021-28847 | MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab ... | | |
| CVE-2021-28848 | Mintty before 3.4.5 allows remote servers to cause a denial of service (Windows GUI hang) by telling... | S | |
| CVE-2021-28855 | In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the db... | S | |
| CVE-2021-28856 | In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.... | S | |
| CVE-2021-28857 | TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 username and password are sent via the cookie.... | E | |
| CVE-2021-28858 | TP-Link's TL-WPA4220 4.0.2 Build 20180308 Rel.37064 does not use SSL by default. Attacker on the loc... | E | |
| CVE-2021-28860 | In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto... | S | |
| CVE-2021-28861 | Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protec... | S | |
| CVE-2021-28874 | SerenityOS fixed as of c9f25bca048443e317f1994ba9b106f2386688c3 contains a buffer overflow vulnerabi... | | |
| CVE-2021-28875 | In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from... | E S | |
| CVE-2021-28876 | In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It c... | E S | |
| CVE-2021-28877 | In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked... | S | |
| CVE-2021-28878 | In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked... | E S | |
| CVE-2021-28879 | In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size d... | E S | |
| CVE-2021-28890 | J2eeFAST 2.2.1 allows remote attackers to perform SQL injection via the (1) compId parameter to fast... | E | |
| CVE-2021-28899 | Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRA... | | |
| CVE-2021-28901 | Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earl... | E | |
| CVE-2021-28902 | In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retva... | E | |
| CVE-2021-28903 | A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_m... | E | |
| CVE-2021-28904 | In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision ... | E | |
| CVE-2021-28905 | In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't ... | E S | |
| CVE-2021-28906 | In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ex... | E S | |
| CVE-2021-28909 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncont... | | |
| CVE-2021-28910 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unau... | | |
| CVE-2021-28911 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /tmp p... | | |
| CVE-2021-28912 | BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key pas... | | |
| CVE-2021-28913 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers access to /webif... | | |
| CVE-2021-28914 | BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because th... | | |
| CVE-2021-28918 | Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenti... | E | |
| CVE-2021-28924 | Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.... | E | |
| CVE-2021-28925 | SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/... | E | |
| CVE-2021-28927 | The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerS... | E S | |
| CVE-2021-28931 | Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrar... | | |
| CVE-2021-28935 | CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script throug... | E | |
| CVE-2021-28936 | The Acexy Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) Web management administrator password can be... | E | |
| CVE-2021-28937 | The /password.html page of the Web management interface of the Acexy Wireless-N WiFi Repeater REV 1.... | E | |
| CVE-2021-28938 | Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x befo... | | |
| CVE-2021-28940 | Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc fil... | E | |
| CVE-2021-28941 | Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, w... | E | |
| CVE-2021-28950 | An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can ... | S | |
| CVE-2021-28951 | An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to ... | S | |
| CVE-2021-28952 | An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire de... | S | |
| CVE-2021-28953 | The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to... | S | |
| CVE-2021-28954 | In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a cra... | | |
| CVE-2021-28955 | git-bug before 0.7.2 has an Uncontrolled Search Path Element. It will execute git.bat from the curre... | | |
| CVE-2021-28956 | The unofficial vscode-sass-lint (aka Sass Lint) extension through 1.0.7 for Visual Studio Code allow... | S | |
| CVE-2021-28957 | An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabl... | E S | |
| CVE-2021-28958 | Zoho ManageEngine ADSelfService Plus through 6101 is vulnerable to unauthenticated Remote Code Execu... | | |
| CVE-2021-28959 | Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory travers... | | |
| CVE-2021-28960 | Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due... | | |
| CVE-2021-28961 | applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 al... | S | |
| CVE-2021-28962 | Stormshield Network Security (SNS) before 4.2.2 allows a read-only administrator to gain privileges ... | | |
| CVE-2021-28963 | Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses a... | S | |
| CVE-2021-28964 | A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11... | | |
| CVE-2021-28965 | The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not p... | | |
| CVE-2021-28966 | In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application h... | E S | |
| CVE-2021-28967 | The unofficial MATLAB extension before 2.0.1 for Visual Studio Code allows attackers to execute arbi... | S | |
| CVE-2021-28968 | An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows... | | |
| CVE-2021-28969 | eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL inject... | E | |
| CVE-2021-28970 | eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated u... | E | |
| CVE-2021-28971 | In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some... | S | |
| CVE-2021-28972 | In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driv... | S | |
| CVE-2021-28973 | The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 a... | E | |
| CVE-2021-28975 | WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page,... | E | |
| CVE-2021-28976 | Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar files... | | |
| CVE-2021-28977 | Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or ... | | |
| CVE-2021-28979 | SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remo... | | |
| CVE-2021-28993 | Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. The impact is: obtain sensitive information... | | |
| CVE-2021-28994 | kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x ... | E | |
| CVE-2021-28998 | File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to... | E | |
| CVE-2021-28999 | SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arb... | E |