| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-29002 | A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via... | E | |
| CVE-2021-29003 | Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via... | E | |
| CVE-2021-29004 | rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerabilit... | | |
| CVE-2021-29005 | Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache... | E | |
| CVE-2021-29006 | rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may succes... | E | |
| CVE-2021-29008 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript v... | E | |
| CVE-2021-29009 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript v... | E | |
| CVE-2021-29010 | A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript v... | E | |
| CVE-2021-29011 | DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name... | E | |
| CVE-2021-29012 | DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie ... | E | |
| CVE-2021-29022 | In InvoicePlane 1.5.11, the upload feature discloses the full path of the file upload directory.... | E | |
| CVE-2021-29023 | InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generat... | E S | |
| CVE-2021-29024 | In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and file ... | E S | |
| CVE-2021-29025 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inj... | E | |
| CVE-2021-29026 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inj... | E | |
| CVE-2021-29027 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inj... | E | |
| CVE-2021-29028 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inj... | E | |
| CVE-2021-29029 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inj... | E | |
| CVE-2021-29030 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inj... | E | |
| CVE-2021-29031 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inj... | E | |
| CVE-2021-29032 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inj... | E | |
| CVE-2021-29033 | A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inj... | E | |
| CVE-2021-29038 | Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix p... | | |
| CVE-2021-29039 | Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Lif... | | |
| CVE-2021-29040 | The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7... | | |
| CVE-2021-29041 | Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 b... | | |
| CVE-2021-29043 | The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 9... | | |
| CVE-2021-29044 | Cross-site scripting (XSS) vulnerability in the Site module's membership request administration page... | | |
| CVE-2021-29045 | Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in... | | |
| CVE-2021-29046 | Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Life... | | |
| CVE-2021-29047 | The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack ... | | |
| CVE-2021-29048 | Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay ... | | |
| CVE-2021-29049 | Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Lifera... | S | |
| CVE-2021-29050 | Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.... | | |
| CVE-2021-29051 | Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal... | | |
| CVE-2021-29052 | The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 ... | | |
| CVE-2021-29053 | Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1... | | |
| CVE-2021-29054 | Certain Papoo products are affected by: Cross Site Request Forgery (CSRF) in the admin interface. Th... | S | |
| CVE-2021-29055 | Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the... | E | |
| CVE-2021-29056 | Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to adm... | E | |
| CVE-2021-29057 | An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows at... | E | |
| CVE-2021-29059 | A vulnerability was discovered in IS-SVG version 2.1.0 to 4.2.2 and below where a Regular Expression... | E S | |
| CVE-2021-29060 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version ... | E S | |
| CVE-2021-29061 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Vfsjfilechooser2 vers... | E S | |
| CVE-2021-29063 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through... | E S | |
| CVE-2021-29065 | NETGEAR RBR850 devices before 3.2.10.11 are affected by authentication bypass.... | | |
| CVE-2021-29066 | Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.17.12,... | | |
| CVE-2021-29067 | Certain NETGEAR devices are affected by authentication bypass. This affects RBW30 before 2.6.2.2, RB... | | |
| CVE-2021-29068 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R67... | | |
| CVE-2021-29069 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects XR4... | | |
| CVE-2021-29070 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK... | | |
| CVE-2021-29071 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK... | | |
| CVE-2021-29072 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK... | | |
| CVE-2021-29073 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This... | | |
| CVE-2021-29074 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This... | | |
| CVE-2021-29075 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This... | | |
| CVE-2021-29076 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2021-29077 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2021-29078 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2021-29079 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2021-29080 | Certain NETGEAR devices are affected by password reset by an unauthenticated attacker. This affects ... | | |
| CVE-2021-29081 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker... | | |
| CVE-2021-29082 | Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBW30 befo... | | |
| CVE-2021-29083 | Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Syno... | | |
| CVE-2021-29084 | Improper neutralization of special elements in output used by a downstream component ('Injection') v... | | |
| CVE-2021-29085 | Improper neutralization of special elements in output used by a downstream component ('Injection') v... | | |
| CVE-2021-29086 | Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Syno... | | |
| CVE-2021-29087 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in weba... | | |
| CVE-2021-29088 | Improper limitation of a pathname to a restricted directory ('Path Traversal') in cgi component in S... | | |
| CVE-2021-29089 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2021-29090 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2021-29091 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file... | | |
| CVE-2021-29092 | Unrestricted upload of file with dangerous type vulnerability in file management component in Synolo... | | |
| CVE-2021-29093 | ArcGIS Server image service and raster analytics security update: use-after-free | | |
| CVE-2021-29094 | ArcGIS Server image service and raster analytics security update: buffer overflow | | |
| CVE-2021-29095 | ArcGIS Server image service and raster analytics security update: uninitialized pointer | | |
| CVE-2021-29096 | ArcGIS general raster security update: use-after-free | | |
| CVE-2021-29097 | ArcGIS general raster security update: buffer overflow | | |
| CVE-2021-29098 | ArcGIS general raster security update: uninitialized pointer | | |
| CVE-2021-29099 | There is a SQL injection vulnerability in ArcGIS Server | | |
| CVE-2021-29100 | ArcGIS Earth has a File Parsing Directory Traversal Vulnerability | | |
| CVE-2021-29101 | ArcGIS GeoEvent Server has a Directory Traversal security vulnerability. | S | |
| CVE-2021-29102 | There is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server Manager version 10.8.1 and below. | | |
| CVE-2021-29103 | There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below. | | |
| CVE-2021-29104 | There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below. | | |
| CVE-2021-29105 | There is a stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below. | | |
| CVE-2021-29106 | There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below. | | |
| CVE-2021-29107 | There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below. | | |
| CVE-2021-29108 | There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below. | S | |
| CVE-2021-29109 | A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9. | S | |
| CVE-2021-29110 | Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. | S | |
| CVE-2021-29112 | Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-29113 | Remote file inclusion vulnerability in ArcGIS Server help documentation | | |
| CVE-2021-29114 | SQL injection vulnerability in ArcGIS Server | M | |
| CVE-2021-29115 | An information disclosure vulnerability | M | |
| CVE-2021-29116 | BUG-000142180 Hosted feature services vulnerable to stored XSS | M | |
| CVE-2021-29117 | arcreader use-after-free | | |
| CVE-2021-29118 | Esri ArcReader PMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-29133 | Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 a... | E S | |
| CVE-2021-29134 | The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.... | S | |
| CVE-2021-29136 | Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via ... | S | |
| CVE-2021-29137 | A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s... | | |
| CVE-2021-29138 | A remote disclosure of privileged information vulnerability was discovered in Aruba ClearPass Policy... | | |
| CVE-2021-29139 | A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager v... | | |
| CVE-2021-29140 | A remote XML external entity (XXE) vulnerability was discovered in Aruba ClearPass Policy Manager ve... | | |
| CVE-2021-29141 | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy ... | | |
| CVE-2021-29142 | A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager v... | | |
| CVE-2021-29143 | A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Serie... | | |
| CVE-2021-29144 | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy ... | | |
| CVE-2021-29145 | A remote server side request forgery (SSRF) remote code execution vulnerability was discovered in Ar... | | |
| CVE-2021-29146 | A remote cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager v... | | |
| CVE-2021-29147 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager ... | | |
| CVE-2021-29148 | A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aru... | S | |
| CVE-2021-29149 | A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, A... | S | |
| CVE-2021-29150 | A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager ver... | | |
| CVE-2021-29151 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio... | | |
| CVE-2021-29152 | A remote denial of service (DoS) vulnerability was discovered in Aruba ClearPass Policy Manager vers... | | |
| CVE-2021-29154 | BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacem... | S | |
| CVE-2021-29155 | An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirab... | S | |
| CVE-2021-29156 | ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an una... | E S | |
| CVE-2021-29157 | Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can... | | |
| CVE-2021-29158 | Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control.... | S | |
| CVE-2021-29159 | A cross-site scripting (XSS) vulnerability has been discovered in Nexus Repository Manager 3.x befor... | | |
| CVE-2021-29200 | RCE vulnerability in latest Apache OFBiz due to Java serialisation using RMI | S | |
| CVE-2021-29201 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380... | | |
| CVE-2021-29202 | A local buffer overflow vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE Sim... | | |
| CVE-2021-29203 | A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known ... | E | |
| CVE-2021-29204 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380... | | |
| CVE-2021-29205 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380... | | |
| CVE-2021-29206 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380... | | |
| CVE-2021-29207 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380... | | |
| CVE-2021-29208 | A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4)... | | |
| CVE-2021-29209 | A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4)... | | |
| CVE-2021-29210 | A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4)... | | |
| CVE-2021-29211 | A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380... | | |
| CVE-2021-29212 | A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO A... | | |
| CVE-2021-29213 | A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant ... | | |
| CVE-2021-29214 | A security vulnerability has been identified in HPE StoreServ Management Console (SSMC). An authenti... | S | |
| CVE-2021-29215 | A potential security vulnerability in HPE Ezmeral Data Fabric that may allow a remote access restric... | | |
| CVE-2021-29216 | A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s... | | |
| CVE-2021-29217 | A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Pr... | | |
| CVE-2021-29218 | A local unquoted search path security vulnerability has been identified in HPE Agentless Management ... | | |
| CVE-2021-29219 | A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switc... | S | |
| CVE-2021-29220 | Multiple buffer overflow security vulnerabilities have been identified in HPE iLO Amplifier Pack ver... | | |
| CVE-2021-29221 | A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By ... | E | |
| CVE-2021-29238 | CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF).... | | |
| CVE-2021-29239 | CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embed... | | |
| CVE-2021-29240 | The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of p... | E | |
| CVE-2021-29241 | CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of ser... | | |
| CVE-2021-29242 | CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send cra... | | |
| CVE-2021-29243 | Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.... | | |
| CVE-2021-29245 | BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a ... | | |
| CVE-2021-29246 | BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin ... | | |
| CVE-2021-29247 | BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused ... | | |
| CVE-2021-29248 | BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused ... | | |
| CVE-2021-29249 | BTCPay Server before 1.0.6.0, when the payment button is used, has a privacy vulnerability.... | | |
| CVE-2021-29250 | BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within ... | | |
| CVE-2021-29251 | BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Se... | | |
| CVE-2021-29252 | RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated m... | | |
| CVE-2021-29253 | The Tableau integration in RSA Archer 6.4 P1 (6.4.0.1) through 6.9 P2 (6.9.0.2) is affected by an in... | | |
| CVE-2021-29255 | MicroSeven MYM71080i-B 2.0.5 through 2.0.20 devices send admin credentials in cleartext to pnp.micro... | E | |
| CVE-2021-29256 | . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, lead... | KEV | |
| CVE-2021-29258 | An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, b... | | |
| CVE-2021-29261 | The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute ar... | S | |
| CVE-2021-29262 | Misapplied Zookeeper ACLs can result in leakage of configured authentication and authorization settings | M | |
| CVE-2021-29263 | In JetBrains IntelliJ IDEA 2020.3.3, local code execution was possible because of insufficient check... | | |
| CVE-2021-29264 | An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.... | S | |
| CVE-2021-29265 | An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/s... | S | |
| CVE-2021-29266 | An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free... | S | |
| CVE-2021-29267 | Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files... | E | |
| CVE-2021-29271 | remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payl... | S | |
| CVE-2021-29272 | bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic cha... | | |
| CVE-2021-29274 | Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete ... | E | |
| CVE-2021-29279 | There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0... | E S | |
| CVE-2021-29280 | In TP-Link Wireless N Router WR840N an ARP poisoning attack can cause buffer overflow... | E | |
| CVE-2021-29281 | File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implem... | E | |
| CVE-2021-29294 | Null Pointer Dereference vulnerability exists in D-Link DSL-2740R UK_1.01, which could let a remove ... | | |
| CVE-2021-29295 | Null Pointer Dereference vulnerability exists in D-Link DSP-W215 1.10, which could let a remote mali... | | |
| CVE-2021-29296 | Null Pointer Dereference vulnerability in D-Link DIR-825 2.10b02, which could let a remote malicious... | | |
| CVE-2021-29297 | Buffer Overflow in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker to cause a ... | | |
| CVE-2021-29298 | Improper Input Validation in Emerson GE Automation Proficy Machine Edition v8.0 allows an attacker t... | | |
| CVE-2021-29300 | The @ronomon/opened library before 1.5.2 is vulnerable to a command injection vulnerability which wo... | E S | |
| CVE-2021-29302 | TP-Link TL-WR802N(US), Archer_C50v5_US v4_200 <= 2020.06 contains a buffer overflow vulnerability in... | E | |
| CVE-2021-29313 | Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs p... | E | |
| CVE-2021-29323 | OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modu... | E S | |
| CVE-2021-29324 | OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/x... | E | |
| CVE-2021-29325 | OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_protot... | E S | |
| CVE-2021-29326 | OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString fun... | E | |
| CVE-2021-29327 | OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer f... | E | |
| CVE-2021-29328 | OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function ... | E S | |
| CVE-2021-29329 | OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNode... | E S | |
| CVE-2021-29334 | An issue was discovered in JIZHI CMS 1.9.4. There is a CSRF vulnerability that can add an admin acco... | | |
| CVE-2021-29337 | MODAPI.sys in MSI Dragon Center 2.0.104.0 allows low-privileged users to access kernel memory and po... | S | |
| CVE-2021-29338 | Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Deni... | E S | |
| CVE-2021-29343 | Ovidentia CMS 6.x contains a SQL injection vulnerability in the "id" parameter of index.php. The "ch... | E | |
| CVE-2021-29349 | Mahara 20.10 is affected by Cross Site Request Forgery (CSRF) that allows a remote attacker to remov... | E | |
| CVE-2021-29350 | SQL injection in the getip function in conn/function.php in 发货100-设计素材下载系统 1.1 allows remote attacke... | E | |
| CVE-2021-29357 | The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 ... | | |
| CVE-2021-29358 | A buffer overflow vulnerability in FORMATS!ReadPVR_W+0xfa of Irfanview 4.57 allows attackers to caus... | | |
| CVE-2021-29360 | A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to... | | |
| CVE-2021-29361 | A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to... | | |
| CVE-2021-29362 | A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa30 of Irfanview 4.57 allows attackers to exe... | | |
| CVE-2021-29363 | A buffer overflow vulnerability in FORMATS!ReadRAS_W+0xa74 of Irfanview 4.57 allows attackers to exe... | | |
| CVE-2021-29364 | A buffer overflow vulnerability in Formats!ReadRAS_W+0x1001 of Irfanview 4.57 allows attackers to ex... | | |
| CVE-2021-29365 | Irfanview 4.57 is affected by an infinite loop when processing a crafted BMP file in the EFFECTS!Aut... | | |
| CVE-2021-29366 | A buffer overflow vulnerability in FORMATS!GetPlugInInfo+0x2de9 of Irfanview 4.57 allows attackers t... | | |
| CVE-2021-29367 | A buffer overflow vulnerability in WPG+0x1dda of Irfanview 4.57 allows attackers to execute arbitrar... | | |
| CVE-2021-29368 | Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on N... | E M | |
| CVE-2021-29369 | The gnuplot package prior to version 0.1.0 for Node.js allows code execution via shell metacharacter... | S | |
| CVE-2021-29370 | A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filt... | | |
| CVE-2021-29376 | ircII before 20210314 allows remote attackers to cause a denial of service (segmentation fault and c... | | |
| CVE-2021-29377 | Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to e... | E | |
| CVE-2021-29378 | SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and esca... | E | |
| CVE-2021-29379 | An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP)... | E | |
| CVE-2021-29387 | Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory Sys... | E | |
| CVE-2021-29388 | A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 all... | | |
| CVE-2021-29390 | libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data i... | S | |
| CVE-2021-29393 | Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club... | | |
| CVE-2021-29394 | Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Clu... | | |
| CVE-2021-29395 | Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Cl... | | |
| CVE-2021-29396 | Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows rem... | | |
| CVE-2021-29397 | Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technolog... | | |
| CVE-2021-29398 | Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technolog... | | |
| CVE-2021-29399 | XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bu... | S | |
| CVE-2021-29400 | A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple... | E | |
| CVE-2021-29414 | STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control.... | | |
| CVE-2021-29415 | The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 3... | | |
| CVE-2021-29416 | An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious reque... | E | |
| CVE-2021-29417 | gitjacker before 0.1.0 allows remote attackers to execute arbitrary code via a crafted .git director... | S | |
| CVE-2021-29418 | The netmask package before 2.0.1 for Node.js mishandles certain unexpected characters in an IP addre... | S | |
| CVE-2021-29421 | models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP... | S | |
| CVE-2021-29424 | The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters... | E | |
| CVE-2021-29425 | Possible limited path traversal vulnerabily in Apache Commons IO | E S | |
| CVE-2021-29427 | Repository content filters do not work in Settings pluginManagement | E | |
| CVE-2021-29428 | Local privilege escalation through system temporary directory | E S | |
| CVE-2021-29429 | Information disclosure through temporary directory permissions | E M | |
| CVE-2021-29430 | Denial of service attack via memory exhaustion | S | |
| CVE-2021-29431 | SSRF in Sydent due to missing validation of hostnames | S | |
| CVE-2021-29432 | Malicious users could control the content of invitation emails | S | |
| CVE-2021-29433 | Denial of service (via resource exhaustion) due to improper input validation | S | |
| CVE-2021-29434 | Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields | M | |
| CVE-2021-29435 | Cross-Site Request Forgery (CSRF) in trestle-auth | S | |
| CVE-2021-29436 | Cross site request forgery vulnerability | S | |
| CVE-2021-29437 | Account compromise by man-in-the-middle attack | S | |
| CVE-2021-29438 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs | | |
| CVE-2021-29439 | Plugins can be installed with minimal admin privileges | | |
| CVE-2021-29440 | Twig allowing dangerous PHP functions by default | E | |
| CVE-2021-29441 | Authentication bypass | E S | |
| CVE-2021-29442 | Authentication bypass | E S | |
| CVE-2021-29443 | Padding Oracle Attack due to Observable Timing Discrepancy in jose | S | |
| CVE-2021-29444 | Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime | | |
| CVE-2021-29445 | Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime | | |
| CVE-2021-29446 | Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime | | |
| CVE-2021-29447 | WordPress Authenticated XXE attack when installation is running PHP 8 | E | |
| CVE-2021-29448 | Stored DOM XSS in Pi-hole Admin Web Interface | E | |
| CVE-2021-29449 | Multiple Privilege Escalation Vulnerabilities Pihole | E | |
| CVE-2021-29450 | WordPress Authenticated disclosure of password-protected posts and pages | | |
| CVE-2021-29451 | Missing validation of JWT signature in `ManyDesigns/Portofino` | S | |
| CVE-2021-29452 | Any logged in user could edit any other logged in user. | | |
| CVE-2021-29453 | Denial of service through memory exhaustion | S | |
| CVE-2021-29454 | Sandbox Escape by math function in smarty | S | |
| CVE-2021-29455 | Missing validation of JWT signature in `grassrootza/grassroot-platform` | S | |
| CVE-2021-29456 | Authelia allows open redirects on the logout endpoint | S | |
| CVE-2021-29457 | Heap buffer overflow in Exiv2::Jp2Image::doWriteMetadata | E S | |
| CVE-2021-29458 | Out-of-bounds read in Exiv2::Internal::CrwMap::encode | E S | |
| CVE-2021-29459 | XSS Cross Site Scripting | E | |
| CVE-2021-29460 | Cross-site scripting (XSS) from unsanitized uploaded SVG files | E | |
| CVE-2021-29461 | LFI and possible code execution on discord-recon using tools arguments | | |
| CVE-2021-29462 | DNS rebinding in pupnp | | |
| CVE-2021-29463 | Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata | S | |
| CVE-2021-29464 | Heap buffer overflow in Exiv2::Jp2Image::encodeJp2Header | S | |
| CVE-2021-29465 | Remote file overwrite on discord-recon can result in DoS and Remote Code Execution | M | |
| CVE-2021-29466 | Path Traversal at Discord-Recon .recon Command Path | M | |
| CVE-2021-29467 | Self-XSS | E | |
| CVE-2021-29468 | Arbitrary code execution when checking out an attacker-controlled Git branch | S | |
| CVE-2021-29469 | Potential exponential regex in monitor mode | S | |
| CVE-2021-29470 | Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header | S | |
| CVE-2021-29471 | Denial of service in Matrix Synapse | S | |
| CVE-2021-29472 | Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer | E | |
| CVE-2021-29473 | Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata | S | |
| CVE-2021-29474 | Relative Path Traversal Attack on note creation | E S | |
| CVE-2021-29475 | PDF export allows arbitrary file reads | S | |
| CVE-2021-29476 | Insecure Deserialization of untrusted data in rmccue/requests | S | |
| CVE-2021-29477 | Vulnerability in the STRALGO LCS command | | |
| CVE-2021-29478 | Vulnerability in the COPY command for large intsets | | |
| CVE-2021-29479 | Cached redirect poisoning via X-Forwarded-Host header | E | |
| CVE-2021-29480 | Default client side session signing key is highly predictable | | |
| CVE-2021-29481 | Client side sessions should not allow unencrypted storage | S | |
| CVE-2021-29482 | denial of service in github.com/ulikunitz/xz | S | |
| CVE-2021-29483 | wikiconfig API leaked private config variables set through ManageWiki | S | |
| CVE-2021-29484 | DOM XSS in Theme Preview | E M | |
| CVE-2021-29485 | Remote Code Execution Vulnerability in Session Storage | | |
| CVE-2021-29486 | Improper Input Validation and Loop with Unreachable Exit Condition ('Infinite Loop') in cumulative-distribution-function | E S | |
| CVE-2021-29487 | Authentication bypass in Octobercms | S | |
| CVE-2021-29488 | Creation of files outside the Download Folder through malicious PAR2 files | S | |
| CVE-2021-29489 | Options structure open to XSS if passed unfiltered | | |
| CVE-2021-29490 | Unauthenticated GET requests through Remote Image endpoints | S | |
| CVE-2021-29491 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-28860. Reason: This candidat... | R | |
| CVE-2021-29492 | Bypass of path matching rules using escaped slash characters | M | |
| CVE-2021-29493 | Kennnyshiwa-cogs vulnerable to Remote Code Execution in Tickets Module | S | |
| CVE-2021-29495 | Nim stdlib httpClient does not validate peer certificates by default | | |
| CVE-2021-29499 | Predictable SIF UUID Identifiers | E | |
| CVE-2021-29500 | Missing validation of JWT signature | | |
| CVE-2021-29501 | Remote code execution in ticketer | S | |
| CVE-2021-29502 | Remote code execution in the WarnSystem module of Laggrons-Dumb-Cogs | S | |
| CVE-2021-29503 | Improper Neutralization of Script-Related HTML Tags in Notes | S | |
| CVE-2021-29504 | Improper Certificate Validation in WP-CLI framework | S | |
| CVE-2021-29505 | XStream is vulnerable to a Remote Command Execution attack | S | |
| CVE-2021-29506 | Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service. | S | |
| CVE-2021-29507 | dlt-daemon could crash if there is special character in dlt.conf | | |
| CVE-2021-29508 | Insecure deserialization in Wire | E | |
| CVE-2021-29509 | Keepalive Connections Causing Denial Of Service in puma | S | |
| CVE-2021-29510 | Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic | S | |
| CVE-2021-29511 | Memory over-allocation in evm crate | S | |
| CVE-2021-29512 | Heap buffer overflow in `RaggedBinCount` | E S | |
| CVE-2021-29513 | Type confusion during tensor casts lead to dereferencing null pointers | E S | |
| CVE-2021-29514 | Heap out of bounds write in `RaggedBinCount` | E S | |
| CVE-2021-29515 | Reference binding to null pointer in `MatrixDiag*` ops | E S | |
| CVE-2021-29516 | Null pointer dereference via invalid Ragged Tensors | E S | |
| CVE-2021-29517 | Division by zero in `Conv3D` | E S | |
| CVE-2021-29518 | Session operations in eager mode lead to null pointer dereferences | E S | |
| CVE-2021-29519 | CHECK-fail in SparseCross due to type confusion | E S | |
| CVE-2021-29520 | Heap buffer overflow in `Conv3DBackprop*` | E S | |
| CVE-2021-29521 | Segfault in SparseCountSparseOutput | E S | |
| CVE-2021-29522 | Division by 0 in `Conv3DBackprop*` | E S | |
| CVE-2021-29523 | CHECK-fail in AddManySparseToTensorsMap | E S | |
| CVE-2021-29524 | Division by 0 in `Conv2DBackpropFilter` | E S | |
| CVE-2021-29525 | Division by 0 in `Conv2DBackpropInput` | E S | |
| CVE-2021-29526 | Division by 0 in `Conv2D` | E S | |
| CVE-2021-29527 | Division by 0 in `QuantizedConv2D` | E S | |
| CVE-2021-29528 | Division by 0 in `QuantizedMul` | E S | |
| CVE-2021-29529 | Heap buffer overflow caused by rounding | E S | |
| CVE-2021-29530 | Invalid validation in `SparseMatrixSparseCholesky` | E S | |
| CVE-2021-29531 | CHECK-fail in tf.raw_ops.EncodePng | E S | |
| CVE-2021-29532 | Heap out of bounds read in `RaggedCross` | E S | |
| CVE-2021-29533 | CHECK-fail in DrawBoundingBoxes | E S | |
| CVE-2021-29534 | CHECK-fail in SparseConcat | E S | |
| CVE-2021-29535 | Heap buffer overflow in `QuantizedMul` | E S | |
| CVE-2021-29536 | Heap buffer overflow in `QuantizedReshape` | E S | |
| CVE-2021-29537 | Heap buffer overflow in `QuantizedResizeBilinear` | E S | |
| CVE-2021-29538 | Division by zero in `Conv2DBackpropFilter` | E S | |
| CVE-2021-29539 | Segfault in tf.raw_ops.ImmutableConst | E S | |
| CVE-2021-29540 | Heap buffer overflow in `Conv2DBackpropFilter` | E S | |
| CVE-2021-29541 | Null pointer dereference in `StringNGrams` | E S | |
| CVE-2021-29542 | Heap buffer overflow in `StringNGrams` | E S | |
| CVE-2021-29543 | CHECK-fail in `CTCGreedyDecoder` | E S | |
| CVE-2021-29544 | CHECK-fail in `QuantizeAndDequantizeV4Grad` | E S | |
| CVE-2021-29545 | Heap buffer overflow in `SparseTensorToCSRSparseMatrix` | E S | |
| CVE-2021-29546 | Division by 0 in `QuantizedBiasAdd` | E S | |
| CVE-2021-29547 | Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization` | E S | |
| CVE-2021-29548 | Division by 0 in `QuantizedBatchNormWithGlobalNormalization` | E S | |
| CVE-2021-29549 | Division by 0 in `QuantizedAdd` | E S | |
| CVE-2021-29550 | Division by 0 in `FractionalAvgPool` | E S | |
| CVE-2021-29551 | OOB read in `MatrixTriangularSolve` | E S | |
| CVE-2021-29552 | CHECK-failure in `UnsortedSegmentJoin` | E S | |
| CVE-2021-29553 | Heap OOB in `QuantizeAndDequantizeV3` | E S | |
| CVE-2021-29554 | Division by 0 in `DenseCountSparseOutput` | E S | |
| CVE-2021-29555 | Division by 0 in `FusedBatchNorm` | E S | |
| CVE-2021-29556 | Division by 0 in `Reverse` | E S | |
| CVE-2021-29557 | Division by 0 in `SparseMatMul` | E S | |
| CVE-2021-29558 | Heap buffer overflow in `SparseSplit` | E S | |
| CVE-2021-29559 | Heap OOB access in unicode ops | E S | |
| CVE-2021-29560 | Heap buffer overflow in `RaggedTensorToTensor` | E S | |
| CVE-2021-29561 | CHECK-fail in `LoadAndRemapMatrix` | E S | |
| CVE-2021-29562 | CHECK-fail in `tf.raw_ops.IRFFT` | E S | |
| CVE-2021-29563 | CHECK-fail in `tf.raw_ops.RFFT` | E S | |
| CVE-2021-29564 | Null pointer dereference in `EditDistance` | E S | |
| CVE-2021-29565 | Null pointer dereference in `SparseFillEmptyRows` | E S | |
| CVE-2021-29566 | Heap OOB access in `Dilation2DBackpropInput` | E S | |
| CVE-2021-29567 | Lack of validation in `SparseDenseCwiseMul` | E S | |
| CVE-2021-29568 | Reference binding to null in `ParameterizedTruncatedNormal` | E S | |
| CVE-2021-29569 | Heap out of bounds read in `RequantizationRange` | E S | |
| CVE-2021-29570 | Heap out of bounds read in `MaxPoolGradWithArgmax` | S | |
| CVE-2021-29571 | Memory corruption in `DrawBoundingBoxesV2` | E S | |
| CVE-2021-29572 | Reference binding to nullptr in `SdcaOptimizer` | E S | |
| CVE-2021-29573 | Division by 0 in `MaxPoolGradWithArgmax` | E S | |
| CVE-2021-29574 | Undefined behavior in `MaxPool3DGradGrad` | E S | |
| CVE-2021-29575 | Overflow/denial of service in `tf.raw_ops.ReverseSequence` | E S | |
| CVE-2021-29576 | Heap buffer overflow in `MaxPool3DGradGrad` | E S | |
| CVE-2021-29577 | Heap buffer overflow in `AvgPool3DGrad` | E S | |
| CVE-2021-29578 | Heap buffer overflow in `FractionalAvgPoolGrad` | E S | |
| CVE-2021-29579 | Heap buffer overflow in `MaxPoolGrad` | E S | |
| CVE-2021-29580 | Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad` | E S | |
| CVE-2021-29581 | Segfault in `CTCBeamSearchDecoder` | E S | |
| CVE-2021-29582 | Heap OOB read in `tf.raw_ops.Dequantize` | E S | |
| CVE-2021-29583 | Heap buffer overflow and undefined behavior in `FusedBatchNorm` | E S | |
| CVE-2021-29584 | CHECK-fail due to integer overflow | E S | |
| CVE-2021-29585 | Division by zero in padding computation in TFLite | E S | |
| CVE-2021-29586 | Division by zero in optimized pooling implementations in TFLite | E S | |
| CVE-2021-29587 | Division by zero in TFLite's implementation of `SpaceToDepth` | E S | |
| CVE-2021-29588 | Division by zero in TFLite's implementation of `TransposeConv` | E S | |
| CVE-2021-29589 | Division by zero in TFLite's implementation of `GatherNd` | E S | |
| CVE-2021-29590 | Heap OOB read in TFLite's implementation of `Minimum` or `Maximum` | E S | |
| CVE-2021-29591 | Stack overflow due to looping TFLite subgraph | E S | |
| CVE-2021-29592 | Null pointer dereference in TFLite's `Reshape` operator | E S | |
| CVE-2021-29593 | Division by zero in TFLite's implementation of `BatchToSpaceNd` | E S | |
| CVE-2021-29594 | Division by zero in TFLite's convolution code | E S | |
| CVE-2021-29595 | Division by zero in TFLite's implementation of `DepthToSpace` | E S | |
| CVE-2021-29596 | Division by zero in TFLite's implementation of `EmbeddingLookup` | E S | |
| CVE-2021-29597 | Division by zero in TFLite's implementation of `SpaceToBatchNd` | E S | |
| CVE-2021-29598 | Division by zero in TFLite's implementation of `SVDF` | E S | |
| CVE-2021-29599 | Division by zero in TFLite's implementation of `Split` | E S | |
| CVE-2021-29600 | Division by zero in TFLite's implementation of `OneHot` | E S | |
| CVE-2021-29601 | Integer overflow in TFLite concatentation | E S | |
| CVE-2021-29602 | Division by zero in TFLite's implementation of `DepthwiseConv` | E S | |
| CVE-2021-29603 | Heap OOB write in TFLite | E S | |
| CVE-2021-29604 | Division by zero in TFLite's implementation of hashtable lookup | E S | |
| CVE-2021-29605 | Integer overflow in TFLite memory allocation | E S | |
| CVE-2021-29606 | Heap OOB read in TFLite | E S | |
| CVE-2021-29607 | Incomplete validation in `SparseSparseMinimum` | E S | |
| CVE-2021-29608 | Heap OOB and null pointer dereference in `RaggedTensorToTensor` | E S | |
| CVE-2021-29609 | Incomplete validation in `SparseAdd` | E S | |
| CVE-2021-29610 | Invalid validation in `QuantizeAndDequantizeV2` | E S | |
| CVE-2021-29611 | Incomplete validation in `SparseReshape` | E S | |
| CVE-2021-29612 | Heap buffer overflow in `BandedTriangularSolve` | E S | |
| CVE-2021-29613 | Incomplete validation in `tf.raw_ops.CTCLoss` | E S | |
| CVE-2021-29614 | Interpreter crash from `tf.io.decode_raw` | E S | |
| CVE-2021-29615 | Stack overflow in `ParseAttrValue` with nested tensors | E S | |
| CVE-2021-29616 | Null dereference in Grappler's `TrySimplify` | E S | |
| CVE-2021-29617 | Crash in `tf.strings.substr` due to `CHECK`-fail | E S | |
| CVE-2021-29618 | Crash in `tf.transpose` with complex inputs | E S | |
| CVE-2021-29619 | Segfault in `tf.raw_ops.SparseCountSparseOutput` | E S | |
| CVE-2021-29620 | XXE vulnerability on Launch import with externally-defined DTD file | S | |
| CVE-2021-29621 | Observable Response Discrepancy in Flask-AppBuilder | S | |
| CVE-2021-29622 | Arbitrary redirects under /new endpoint | | |
| CVE-2021-29623 | Uninitialized variable bug in Exiv2 | S | |
| CVE-2021-29624 | Lack of protection against cookie tossing attacks in fastify-csrf | S | |
| CVE-2021-29625 | XSS in doc_link | E S | |
| CVE-2021-29626 | In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-... | | |
| CVE-2021-29627 | In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELE... | | |
| CVE-2021-29628 | In FreeBSD 13.0-STABLE before n245764-876ffe28796c, 12.2-STABLE before r369857, 13.0-RELEASE before ... | E | |
| CVE-2021-29629 | In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r... | M | |
| CVE-2021-29630 | In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r... | S | |
| CVE-2021-29631 | In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r... | | |
| CVE-2021-29632 | In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before ... | M | |
| CVE-2021-29633 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-29634 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-29635 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-29636 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-29637 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-29638 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-29639 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-29640 | Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2021.... | R | |
| CVE-2021-29641 | Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upl... | E | |
| CVE-2021-29642 | GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which lea... | S | |
| CVE-2021-29643 | PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported from a... | E | |
| CVE-2021-29644 | Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 contains a remote code execution vulnerabilit... | | |
| CVE-2021-29645 | Hitachi JP1/IT Desktop Management 2 Agent 9 through 12 calls the SendMessageTimeoutW API with arbitr... | | |
| CVE-2021-29646 | An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c ... | S | |
| CVE-2021-29647 | An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows a... | S | |
| CVE-2021-29648 | An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly cons... | S | |
| CVE-2021-29649 | An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_pr... | S | |
| CVE-2021-29650 | An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers... | S | |
| CVE-2021-29651 | Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2).... | | |
| CVE-2021-29652 | Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process... | | |
| CVE-2021-29653 | HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revok... | | |
| CVE-2021-29654 | AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature... | E | |
| CVE-2021-29655 | Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus, untrusted ... | | |
| CVE-2021-29656 | Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not pro... | | |
| CVE-2021-29657 | arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KV... | E S | |
| CVE-2021-29658 | The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to execute... | S | |
| CVE-2021-29659 | ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosur... | | |
| CVE-2021-29660 | A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox th... | E | |
| CVE-2021-29661 | Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTV... | E | |
| CVE-2021-29662 | The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero chara... | E S | |
| CVE-2021-29663 | CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). ... | E | |
| CVE-2021-29665 | IBM Security Verify Access 20.07 is vulnerable to a stack based buffer overflow, caused by improper ... | | |
| CVE-2021-29666 | IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is vulnerable to cross-site scrip... | S | |
| CVE-2021-29667 | IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.2 is potentially vulnerable to CSV ... | S | |
| CVE-2021-29668 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulner... | S | |
| CVE-2021-29669 | IBM Jazz Foundation cross-site scripting | | |
| CVE-2021-29670 | IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulner... | S | |
| CVE-2021-29671 | IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mecha... | S | |
| CVE-2021-29672 | IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow,... | S | |
| CVE-2021-29673 | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows user... | S | |
| CVE-2021-29676 | IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. B... | S | |
| CVE-2021-29677 | IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site script... | S | |
| CVE-2021-29678 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 co... | | |
| CVE-2021-29679 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely du... | S | |
| CVE-2021-29681 | IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by in... | | |
| CVE-2021-29682 | IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information wh... | | |
| CVE-2021-29683 | IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by... | | |
| CVE-2021-29686 | IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform... | | |
| CVE-2021-29687 | IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a differ... | | |
| CVE-2021-29688 | IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information wh... | S | |
| CVE-2021-29691 | IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptogra... | S | |
| CVE-2021-29692 | IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, c... | S | |
| CVE-2021-29693 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privilege... | S | |
| CVE-2021-29694 | IBM Spectrum Protect Plus 10.1.0 through 10.1.7 uses weaker than expected cryptographic algorithms t... | S | |
| CVE-2021-29695 | IBM Host firmware for LC-class Systems could allow a remote attacker to traverse directories on the ... | | |
| CVE-2021-29696 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could all... | | |
| CVE-2021-29697 | IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could all... | | |
| CVE-2021-29699 | IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary file... | S | |
| CVE-2021-29700 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated at... | S | |
| CVE-2021-29701 | IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6... | | |
| CVE-2021-29702 | Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a d... | S | |
| CVE-2021-29703 | Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service a... | S | |
| CVE-2021-29704 | IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to... | | |
| CVE-2021-29706 | IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility... | S | |
| CVE-2021-29707 | IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate... | | |
| CVE-2021-29708 | IBM Spectrum Scale 5.1.0.1 could allow a local with access to the GUI pod container to obtain sensit... | | |
| CVE-2021-29711 | IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, ... | S | |
| CVE-2021-29712 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all... | S | |
| CVE-2021-29713 | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows user... | S | |
| CVE-2021-29714 | IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improp... | | |
| CVE-2021-29715 | IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information ... | S | |
| CVE-2021-29716 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that ... | S | |
| CVE-2021-29719 | IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a we... | S | |
| CVE-2021-29722 | IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic... | S | |
| CVE-2021-29723 | IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic... | S | |
| CVE-2021-29725 | IBM Secure External Authentication Server 2.4.3.2, 6.0.1, 6.0.2 and IBM Secure Proxy 3.4.3.2, 6.0.1,... | S | |
| CVE-2021-29726 | IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properl... | S | |
| CVE-2021-29727 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel... | S | |
| CVE-2021-29728 | IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such a... | S | |
| CVE-2021-29730 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send ... | S | |
| CVE-2021-29735 | IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. ... | | |
| CVE-2021-29736 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote user to gain elevated p... | S | |
| CVE-2021-29737 | IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has imp... | S | |
| CVE-2021-29738 | IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-... | S | |
| CVE-2021-29739 | IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when ... | | |
| CVE-2021-29740 | IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected... | | |
| CVE-2021-29741 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ks... | S | |
| CVE-2021-29742 | IBM Security Verify Access Docker 10.0.0 could allow a user to impersonate another user on the syste... | S | |
| CVE-2021-29743 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulne... | S | |
| CVE-2021-29744 | IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerabilit... | S | |
| CVE-2021-29745 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel use... | S | |
| CVE-2021-29747 | IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive info... | | |
| CVE-2021-29749 | IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-s... | S | |
| CVE-2021-29750 | IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an a... | S | |
| CVE-2021-29751 | IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 c... | S | |
| CVE-2021-29752 | IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage cred... | | |
| CVE-2021-29753 | IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 trans... | | |
| CVE-2021-29754 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a privilege escalation vuln... | | |
| CVE-2021-29755 | IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host... | S | |
| CVE-2021-29756 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My ... | S | |
| CVE-2021-29757 | IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could all... | S | |
| CVE-2021-29758 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated us... | S | |
| CVE-2021-29759 | IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user ... | S | |
| CVE-2021-29760 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated us... | S | |
| CVE-2021-29761 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated us... | S | |
| CVE-2021-29763 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific ... | | |
| CVE-2021-29764 | IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. Th... | S | |
| CVE-2021-29765 | IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if th... | | |
| CVE-2021-29766 | IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote atta... | S | |
| CVE-2021-29767 | IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain se... | S | |
| CVE-2021-29768 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive inf... | S | |
| CVE-2021-29769 | IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) does not set the secure a... | S | |
| CVE-2021-29770 | IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow an authentica... | S | |
| CVE-2021-29771 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all... | S | |
| CVE-2021-29772 | IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsani... | S | |
| CVE-2021-29773 | IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive ... | S | |
| CVE-2021-29774 | IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under ... | S | |
| CVE-2021-29775 | IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and ... | S | |
| CVE-2021-29776 | IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information ... | S | |
| CVE-2021-29777 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, u... | S | |
| CVE-2021-29779 | IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the serve... | S | |
| CVE-2021-29780 | IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions... | | |
| CVE-2021-29781 | IBM Partner Engagement Manager 2.0 could allow a remote attacker to execute arbitrary code on the sy... | S | |
| CVE-2021-29784 | IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information... | S | |
| CVE-2021-29785 | IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused b... | S | |
| CVE-2021-29786 | IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenti... | S | |
| CVE-2021-29788 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-sit... | | |
| CVE-2021-29790 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-sit... | | |
| CVE-2021-29792 | IBM Event Streams 10.0, 10.1, 10.2, and 10.3 could allow a user the CA private key to create their o... | | |
| CVE-2021-29794 | IBM Tivoli Netcool/Impact 7.1.0.20 and 7.1.0.21 uses an insecure SSH server configuration which enab... | S | |
| CVE-2021-29795 | IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially... | S | |
| CVE-2021-29798 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection.... | S | |
| CVE-2021-29799 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) could allow an authenticat... | | |
| CVE-2021-29800 | IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored ... | S | |
| CVE-2021-29801 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in... | S | |
| CVE-2021-29802 | IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level r... | | |
| CVE-2021-29803 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerabilit... | S | |
| CVE-2021-29804 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerabilit... | S | |
| CVE-2021-29805 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerabilit... | S | |
| CVE-2021-29806 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cro... | S | |
| CVE-2021-29807 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cro... | S | |
| CVE-2021-29808 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cro... | S | |
| CVE-2021-29809 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cro... | S | |
| CVE-2021-29810 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored ... | S | |
| CVE-2021-29811 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in ... | S | |
| CVE-2021-29812 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored ... | S | |
| CVE-2021-29813 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored ... | S | |
| CVE-2021-29814 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored ... | S | |
| CVE-2021-29815 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored ... | S | |
| CVE-2021-29816 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-s... | S | |
| CVE-2021-29817 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site... | S | |
| CVE-2021-29818 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site... | S | |
| CVE-2021-29819 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site... | S | |
| CVE-2021-29820 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site... | S | |
| CVE-2021-29821 | IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site... | S | |
| CVE-2021-29822 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allow... | S | |
| CVE-2021-29823 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which co... | S | |
| CVE-2021-29824 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower... | S | |
| CVE-2021-29825 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive informati... | | |
| CVE-2021-29827 | IBM InfoSphere Information Server clickjacking | | |
| CVE-2021-29831 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML ... | S | |
| CVE-2021-29832 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored ... | S | |
| CVE-2021-29833 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored ... | S | |
| CVE-2021-29834 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1... | S | |
| CVE-2021-29835 | IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. T... | S | |
| CVE-2021-29836 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site sc... | S | |
| CVE-2021-29837 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site req... | S | |
| CVE-2021-29838 | IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, ca... | S | |
| CVE-2021-29841 | IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability al... | | |
| CVE-2021-29842 | IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 21.0.0.9 could allo... | S | |
| CVE-2021-29843 | IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an ... | | |
| CVE-2021-29844 | IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an... | S | |
| CVE-2021-29845 | IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions... | S | |
| CVE-2021-29846 | IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information... | S | |
| CVE-2021-29847 | BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an ... | | |
| CVE-2021-29849 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users t... | S | |
| CVE-2021-29851 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stac... | S | |
| CVE-2021-29852 | IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to... | S | |
| CVE-2021-29853 | IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not v... | S | |
| CVE-2021-29854 | IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by im... | | |
| CVE-2021-29855 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scr... | S | |
| CVE-2021-29856 | IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service ... | S | |
| CVE-2021-29859 | IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through ... | | |
| CVE-2021-29860 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in... | | |
| CVE-2021-29861 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in... | | |
| CVE-2021-29862 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in... | S | |
| CVE-2021-29863 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an a... | S | |
| CVE-2021-29864 | IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attack... | | |
| CVE-2021-29865 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack t... | S | |
| CVE-2021-29867 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebo... | S | |
| CVE-2021-29868 | IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to in... | S | |
| CVE-2021-29872 | IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable ... | S | |
| CVE-2021-29873 | IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause... | S | |
| CVE-2021-29875 | IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due t... | S | |
| CVE-2021-29878 | IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. T... | S | |
| CVE-2021-29880 | IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable ... | S | |
| CVE-2021-29883 | IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the... | S | |
| CVE-2021-29888 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow... | S | |
| CVE-2021-29891 | IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certif... | | |
| CVE-2021-29892 | IBM Cognos Controller information disclosure | | |
| CVE-2021-29894 | IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected c... | S | |
| CVE-2021-29899 | IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to c... | S | |
| CVE-2021-29903 | IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection.... | S | |
| CVE-2021-29904 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credential... | S | |
| CVE-2021-29905 | IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-s... | S | |
| CVE-2021-29906 | IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensit... | | |
| CVE-2021-29907 | IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could ... | S | |
| CVE-2021-29908 | The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a speciall... | | |
| CVE-2021-29912 | IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability ... | S | |
| CVE-2021-29913 | IBM Security Verify Privilege improper input validation | S | |
| CVE-2021-29921 | In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an... | E S | |
| CVE-2021-29922 | library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero chara... | E S | |
| CVE-2021-29923 | Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP addre... | E S | |
| CVE-2021-29929 | An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occ... | E | |
| CVE-2021-29930 | An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized m... | E | |
| CVE-2021-29931 | An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometim... | | |
| CVE-2021-29932 | An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers... | | |
| CVE-2021-29933 | An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be droppe... | E | |
| CVE-2021-29934 | An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can rea... | E | |
| CVE-2021-29935 | An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-aft... | E | |
| CVE-2021-29936 | An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninit... | E | |
| CVE-2021-29937 | An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of unini... | E | |
| CVE-2021-29938 | An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occu... | E | |
| CVE-2021-29939 | An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bou... | E | |
| CVE-2021-29940 | An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in... | E | |
| CVE-2021-29941 | An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-b... | E | |
| CVE-2021-29942 | An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return unin... | E | |
| CVE-2021-29943 | Apache Solr Unprivileged users may be able to perform unauthorized read/write to collections | | |
| CVE-2021-29944 | Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Se... | | |
| CVE-2021-29945 | The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read an... | | |
| CVE-2021-29946 | Ports that were written as an integer overflow above the bounds of a 16-bit integer could have bypas... | | |
| CVE-2021-29947 | Mozilla developers and community members reported memory safety bugs present in Firefox 87. Some of ... | | |
| CVE-2021-29948 | Signatures are written to disk before and read during verification, which might be subject to a race... | E S | |
| CVE-2021-29949 | When loading the shared library that provides the OTR protocol implementation, Thunderbird will init... | | |
| CVE-2021-29950 | Thunderbird unprotects a secret OpenPGP key prior to using it for a decryption, signing or key impor... | E | |
| CVE-2021-29951 | The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain net... | | |
| CVE-2021-29952 | When Web Render components were destructed, a race condition could have caused undefined behavior, a... | | |
| CVE-2021-29953 | A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled ... | | |
| CVE-2021-29954 | Proxy functionality built into Hubs Cloud’s Reticulum software allowed access to internal URLs, incl... | E | |
| CVE-2021-29955 | A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker... | | |
| CVE-2021-29956 | OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were s... | E S | |
| CVE-2021-29957 | If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contai... | E S | |
| CVE-2021-29958 | When a download was initiated, the client did not check whether it was in normal or private browsing... | | |
| CVE-2021-29959 | When a user has already allowed a website to access microphone and camera, disabling camera sharing ... | | |
| CVE-2021-29960 | Firefox used to cache the last filename used for printing a file. When generating a filename for pri... | | |
| CVE-2021-29961 | When styling and rendering an oversized ` | | |
| CVE-2021-29962 | Firefox for Android would become unstable and hard-to-recover when a website opened too many popups.... | | |
| CVE-2021-29963 | Address bar search suggestions in private browsing mode were re-using session data from normal mode.... | | |
| CVE-2021-29964 | A locally-installed hostile program could send `WM_COPYDATA` messages that Firefox would process inc... | | |
| CVE-2021-29965 | A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in... | | |
| CVE-2021-29966 | Mozilla developers reported memory safety bugs present in Firefox 88. Some of these bugs showed evid... | | |
| CVE-2021-29967 | Mozilla developers reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of ... | | |
| CVE-2021-29968 | When drawing text onto a canvas with WebRender disabled, an out of bounds read could occur. *This bu... | | |
| CVE-2021-29969 | If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP ... | | |
| CVE-2021-29970 | A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially expl... | E | |
| CVE-2021-29971 | If a user had granted a permission to a webpage and saved that grant, any webpage running on the sam... | | |
| CVE-2021-29972 | A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Up... | E | |
| CVE-2021-29973 | Password autofill was enabled without user interaction on insecure websites on Firefox for Android. ... | | |
| CVE-2021-29974 | When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a ... | | |
| CVE-2021-29975 | Through a series of DOM manipulations, a message, over which the attacker had control of the text bu... | E | |
| CVE-2021-29976 | Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbir... | | |
| CVE-2021-29977 | Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evid... | | |
| CVE-2021-29978 | Multiple low security issues were discovered and fixed in a security audit of Mozilla VPN 2.x branch... | E S | |
| CVE-2021-29979 | Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow java... | | |
| CVE-2021-29980 | Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corr... | E | |
| CVE-2021-29981 | An issue present in lowering/register allocation could have led to obscure but deterministic registe... | | |
| CVE-2021-29982 | Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, re... | E | |
| CVE-2021-29983 | Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interaction... | | |
| CVE-2021-29984 | Instruction reordering resulted in a sequence of instructions that would cause an object to be incor... | E | |
| CVE-2021-29985 | A use-after-free vulnerability in media channels could have led to memory corruption and a potential... | E | |
| CVE-2021-29986 | A suspected race condition when calling getaddrinfo led to memory corruption and a potentially explo... | E | |
| CVE-2021-29987 | After requesting multiple permissions, and closing the first permission panel, subsequent permission... | | |
| CVE-2021-29988 | Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of b... | E | |
| CVE-2021-29989 | Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of ... | | |
| CVE-2021-29990 | Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of ... | | |
| CVE-2021-29991 | Firefox incorrectly accepted a newline in a HTTP/3 header, interpretting it as two separate headers.... | | |
| CVE-2021-29993 | Firefox for Android allowed navigations through the `intent://` protocol, which could be used to cau... | | |
| CVE-2021-29994 | Cloudera Hue 4.6.0 allows XSS.... | | |
| CVE-2021-29995 | A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote ... | E | |
| CVE-2021-29996 | Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Cod... | E | |
| CVE-2021-29997 | An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to... | | |
| CVE-2021-29998 | An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp ... | | |
| CVE-2021-29999 | An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhc... | |