| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-3002 | Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.... | E | |
| CVE-2021-3003 | Agenzia delle Entrate Desktop Telematico 1.0.0 contacts the jws.agenziaentrate.it server over cleart... | E | |
| CVE-2021-3004 | The _deposit function in the smart contract implementation for Stable Yield Credit (yCREDIT), an Eth... | E | |
| CVE-2021-3005 | MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information (e.g., a CPF numb... | | |
| CVE-2021-3006 | The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an Ethereum... | E | |
| CVE-2021-3007 | Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerab... | E S | |
| CVE-2021-3010 | There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of Ope... | E | |
| CVE-2021-3011 | An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrol... | E | |
| CVE-2021-3012 | A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise befo... | E | |
| CVE-2021-3013 | ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the cu... | S | |
| CVE-2021-3014 | In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via t... | E | |
| CVE-2021-3017 | The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attacker... | | |
| CVE-2021-3018 | ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQ... | E | |
| CVE-2021-3019 | ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credential... | E S | |
| CVE-2021-3020 | An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the bina... | S | |
| CVE-2021-3021 | ISPConfig before 3.2.2 allows SQL injection.... | | |
| CVE-2021-3022 | An issue was discovered on LG mobile devices with Android OS 10 software. There was no write protect... | | |
| CVE-2021-3024 | HashiCorp Vault and Vault Enterprise disclosed the internal IP address of the Vault node when respon... | | |
| CVE-2021-3025 | Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST AP... | E | |
| CVE-2021-3026 | Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or com... | | |
| CVE-2021-3027 | app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is a... | S | |
| CVE-2021-3028 | git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution.... | S | |
| CVE-2021-3029 | EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via ... | | |
| CVE-2021-3031 | PAN-OS: Information exposure in Ethernet data frame construction (Etherleak) | S | |
| CVE-2021-3032 | PAN-OS: Configuration secrets for log forwarding may be logged in system logs | S | |
| CVE-2021-3033 | Prisma Cloud Compute: SAML Authentication Bypass Vulnerability in Console | S | |
| CVE-2021-3034 | Cortex XSOAR: Secrets for SAML single sign-on (SSO) integration may be logged in system logs | S | |
| CVE-2021-3035 | Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution | S | |
| CVE-2021-3036 | PAN-OS: Administrator secrets are logged in web server logs when using the PAN-OS XML API incorrectly | S | |
| CVE-2021-3037 | PAN-OS: Secrets for scheduled configuration exports are logged in system logs | S | |
| CVE-2021-3038 | GlobalProtect App: Windows VPN kernel driver denial of service (DoS) | S | |
| CVE-2021-3039 | Prisma Cloud Compute: User role authorization secret for Console leaked through log file export | S | |
| CVE-2021-3040 | Bridgecrew Checkov: Unsafe deserialization of Terraform files allows code execution | S | |
| CVE-2021-3041 | Cortex XDR Agent: Improper control of user-controlled file leads to local privilege escalation | S | |
| CVE-2021-3042 | Cortex XDR Agent: Improper Control of User-Controlled File Leads to Local Privilege Escalation | S | |
| CVE-2021-3043 | Prisma Cloud: Cross-Site Scripting (XSS) Vulnerability in Prisma Cloud Compute Web Console | S | |
| CVE-2021-3044 | Cortex XSOAR: Unauthorized Usage of the REST API | S | |
| CVE-2021-3045 | PAN-OS: OS Command Argument Injection in Web Interface | S | |
| CVE-2021-3046 | PAN-OS: Improper SAML Authentication Vulnerability in GlobalProtect Portal | S | |
| CVE-2021-3047 | PAN-OS: Weak Cryptography Used in Web Interface Authentication | S | |
| CVE-2021-3048 | PAN-OS: Invalid URLs in an External Dynamic List (EDL) can Lead to Firewall Outage | S | |
| CVE-2021-3049 | Cortex XSOAR: Improper Authorization of Incident Investigations Vulnerability | S | |
| CVE-2021-3050 | PAN-OS: OS Command Injection Vulnerability in Web Interface | S | |
| CVE-2021-3051 | Cortex XSOAR: Authentication Bypass in SAML Authentication | S | |
| CVE-2021-3052 | PAN-OS: Reflected Cross-Site Scripting (XSS) in Web Interface | S | |
| CVE-2021-3053 | PAN-OS: Exceptional Condition Denial-of-Service (DoS) | S | |
| CVE-2021-3054 | PAN-OS: Unsigned Code Execution During Plugin Installation Race Condition Vulnerability | S | |
| CVE-2021-3055 | PAN-OS: XML External Entity (XXE) Reference Vulnerability in the PAN-OS Web Interface | S | |
| CVE-2021-3056 | PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication | S | |
| CVE-2021-3057 | GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway | S | |
| CVE-2021-3058 | PAN-OS: OS Command Injection Vulnerability in Web Interface XML API | S | |
| CVE-2021-3059 | PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates | S | |
| CVE-2021-3060 | PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP) | S | |
| CVE-2021-3061 | PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI) | S | |
| CVE-2021-3062 | PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users | S | |
| CVE-2021-3063 | PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces | S | |
| CVE-2021-3064 | PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces | S | |
| CVE-2021-3090 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43553. Reason: This candidat... | R | |
| CVE-2021-3091 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3092 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3093 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3094 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3095 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43551. Reason: This candidat... | R | |
| CVE-2021-3096 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3097 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3098 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3099 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3100 | Log4j hot patch package privilege escalation | E | |
| CVE-2021-3101 | Hotdog Container Escape | E S | |
| CVE-2021-3102 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3103 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3104 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3105 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-3109 | The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnab... | | |
| CVE-2021-3110 | The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=produc... | E | |
| CVE-2021-3111 | The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data ... | E | |
| CVE-2021-3113 | Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies vi... | E | |
| CVE-2021-3114 | In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect output... | S | |
| CVE-2021-3115 | Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote ... | | |
| CVE-2021-3116 | before_upstream_connection in AuthPlugin in http/proxy/auth.py in proxy.py before 2.3.1 accepts inco... | E S | |
| CVE-2021-3118 | EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login... | E | |
| CVE-2021-3119 | Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_expor... | E S | |
| CVE-2021-3120 | An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.... | E | |
| CVE-2021-3121 | An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain i... | S | |
| CVE-2021-3122 | CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCo... | | |
| CVE-2021-3124 | Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v ... | E | |
| CVE-2021-3125 | In TP-Link TL-XDR3230 < 1.0.12, TL-XDR1850 < 1.0.9, TL-XDR1860 < 1.0.14, TL-XDR3250 < 1.0.2, TL-XDR6... | | |
| CVE-2021-3127 | NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Impo... | E | |
| CVE-2021-3128 | In ASUS RT-AX3000, ZenWiFi AX (XT8), RT-AX88U, and other ASUS routers with firmware < 3.0.0.4.386.42... | | |
| CVE-2021-3129 | Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attacker... | KEV E S | |
| CVE-2021-3130 | Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows ... | | |
| CVE-2021-3131 | The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds U... | | |
| CVE-2021-3133 | The Elementor Contact Form DB plugin before 1.6 for WordPress allows CSRF via backend admin pages.... | E S | |
| CVE-2021-3134 | Mubu 2.2.1 allows local users to gain privileges to execute commands, aka CNVD-2020-68878.... | | |
| CVE-2021-3135 | An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the ... | | |
| CVE-2021-3137 | XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.... | E | |
| CVE-2021-3138 | In Discourse 2.7.0 through beta1, a rate-limit bypass leads to a bypass of the 2FA requirement for c... | E | |
| CVE-2021-3139 | In Open-iSCSI tcmu-runner 1.3.x, 1.4.x, and 1.5.x through 1.5.2, xcopy_locate_udev in tcmur_cmd_hand... | S | |
| CVE-2021-3141 | In Unisys Stealth (core) before 6.0.025.0, the Keycloak password is stored in a recoverable format t... | | |
| CVE-2021-3142 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidat... | R | |
| CVE-2021-3144 | In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used... | | |
| CVE-2021-3145 | In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric au... | E | |
| CVE-2021-3146 | The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileg... | | |
| CVE-2021-3148 | An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt AP... | | |
| CVE-2021-3149 | On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manual_ping.cgi allows OS command inj... | | |
| CVE-2021-3150 | A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server bef... | | |
| CVE-2021-3151 | i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote... | E | |
| CVE-2021-3152 | Home Assistant before 2021.1.3 does not have a protection layer that can help to prevent directory-t... | | |
| CVE-2021-3153 | HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that ... | | |
| CVE-2021-3154 | An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve c... | | |
| CVE-2021-3155 | snapd created ~/snap with too-wide permissions | S | |
| CVE-2021-3156 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, wh... | KEV E S | |
| CVE-2021-3159 | A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component o... | E | |
| CVE-2021-3160 | Deserialization of untrusted data in the login page of ASSUWEB 359.3 build 1 subcomponent of ACA ASS... | | |
| CVE-2021-3162 | Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local p... | | |
| CVE-2021-3163 | A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaS... | E | |
| CVE-2021-3164 | ChurchRota 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to hav... | E | |
| CVE-2021-3165 | SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager... | E | |
| CVE-2021-3166 | An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3_805 devices. An attacker can upload arbitrary fi... | E | |
| CVE-2021-3167 | In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in... | | |
| CVE-2021-3169 | An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connect... | | |
| CVE-2021-3172 | An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distribu... | E S | |
| CVE-2021-3176 | The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x... | | |
| CVE-2021-3177 | Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead ... | E S | |
| CVE-2021-3178 | fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory ... | S | |
| CVE-2021-3179 | GGLocker iOS application, contains an insecure data storage of the password hash value which results... | | |
| CVE-2021-3181 | rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavail... | S | |
| CVE-2021-3182 | D-Link DCS-5220 devices have a buffer overflow. NOTE: This vulnerability only affects products that ... | | |
| CVE-2021-3183 | Files.com Fat Client 3.3.6 allows authentication bypass because the client continues to have access ... | | |
| CVE-2021-3184 | MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favour... | S | |
| CVE-2021-3185 | A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsin... | S | |
| CVE-2021-3186 | A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi Settings in Tenda AC5 AC1200 ve... | E | |
| CVE-2021-3187 | An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, un... | | |
| CVE-2021-3188 | phpList 3.6.0 allows CSV injection, related to the email parameter, and /lists/admin/ exports.... | E | |
| CVE-2021-3189 | The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:... | E | |
| CVE-2021-3190 | The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters... | E S | |
| CVE-2021-3191 | Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows Remote Unauthorized Acce... | | |
| CVE-2021-3193 | Improper access and command validation in the Nagios Docker Config Wizard before 1.1.2, as used in N... | | |
| CVE-2021-3195 | bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outsi... | E | |
| CVE-2021-3196 | An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through ... | E | |
| CVE-2021-3197 | An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to ... | | |
| CVE-2021-3198 | Ivanti MobileIron Core clish Restricted Shell Escape via OS Command Injection | E | |
| CVE-2021-3199 | Directory traversal with remote code execution can occur in /upload in ONLYOFFICE Document Server be... | E | |
| CVE-2021-3200 | Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE ... | E S | |
| CVE-2021-3204 | SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read al... | E | |
| CVE-2021-3210 | components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers... | E | |
| CVE-2021-3223 | Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files.... | | |
| CVE-2021-3224 | A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the... | E | |
| CVE-2021-3229 | Denial of service in ASUSWRT ASUS RT-AX3000 firmware versions 3.0.0.4.384_10177 and earlier versions... | E | |
| CVE-2021-3236 | vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of se... | E S | |
| CVE-2021-3239 | E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remo... | E | |
| CVE-2021-3242 | DuxCMS v3.1.3 was discovered to contain a SQL injection vulnerability via the component s/tools/Send... | E | |
| CVE-2021-3243 | Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN... | E | |
| CVE-2021-3246 | A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers t... | E S | |
| CVE-2021-3252 | KACO New Energy XP100U Up to XP-JAVA 2.0 is affected by incorrect access control. Credentials will a... | E | |
| CVE-2021-3254 | Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SY... | E | |
| CVE-2021-3256 | KuaiFanCMS V5.x contains an arbitrary file read vulnerability in the html_url parameter of the chaka... | E | |
| CVE-2021-3258 | Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may le... | E S | |
| CVE-2021-3262 | TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows... | E | |
| CVE-2021-3264 | SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php.... | E | |
| CVE-2021-3267 | File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code ... | E | |
| CVE-2021-3271 | PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book In... | E | |
| CVE-2021-3272 | jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when the... | E | |
| CVE-2021-3273 | Nagios XI below 5.7 is affected by code injection in the /nagiosxi/admin/graphtemplates.php componen... | E | |
| CVE-2021-3275 | Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI... | E | |
| CVE-2021-3277 | Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper va... | | |
| CVE-2021-3278 | Local Service Search Engine Management System 1.0 has a vulnerability through authentication bypass ... | E | |
| CVE-2021-3279 | sz.chat version 4 allows injection of web scripts and HTML in the message box.... | E | |
| CVE-2021-3281 | In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extra... | S | |
| CVE-2021-3282 | HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be execu... | | |
| CVE-2021-3283 | HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes as... | | |
| CVE-2021-3285 | jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certif... | | |
| CVE-2021-3286 | SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequ... | | |
| CVE-2021-3287 | Zoho ManageEngine OpManager before 12.5.329 allows unauthenticated Remote Code Execution due to a ge... | E | |
| CVE-2021-3291 | Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input ele... | E | |
| CVE-2021-3293 | emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see ... | E | |
| CVE-2021-3294 | CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An att... | E | |
| CVE-2021-3297 | On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator acces... | E | |
| CVE-2021-3298 | Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section ... | E | |
| CVE-2021-3304 | Sagemcom F@ST 3686 v2 3.495 devices have a buffer overflow via a long sessionKey to the goform/login... | E | |
| CVE-2021-3305 | Beijing Feishu Technology Co., Ltd Feishu v3.40.3 was discovered to contain an untrusted search path... | E | |
| CVE-2021-3308 | An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest wit... | S | |
| CVE-2021-3309 | packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are... | E S | |
| CVE-2021-3310 | Western Digital My Cloud OS 5 devices before 5.10.122 mishandle Symbolic Link Following on SMB and A... | | |
| CVE-2021-3311 | An issue was discovered in October through build 471. It reactivates an old session ID (which had be... | E S | |
| CVE-2021-3312 | An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote ... | E | |
| CVE-2021-3313 | Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user full... | E | |
| CVE-2021-3314 | Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious u... | E | |
| CVE-2021-3315 | In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.... | | |
| CVE-2021-3317 | KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on th... | E | |
| CVE-2021-3318 | attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.... | E | |
| CVE-2021-3319 | DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses | E S | |
| CVE-2021-3320 | Type Confusion in 802154 ACK Frames Handling | | |
| CVE-2021-3321 | Integer Underflow in Zephyr in IEEE 802154 Fragment Reassembly Header Removal | E S | |
| CVE-2021-3322 | Unexpected Pointer Aliasing in IEEE 802154 Fragment Reassembly in Zephyr | E S | |
| CVE-2021-3323 | Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr | E S | |
| CVE-2021-3325 | Monitorix 3.13.0 allows remote attackers to bypass Basic Authentication in a default installation (i... | E S | |
| CVE-2021-3326 | The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing inval... | S | |
| CVE-2021-3327 | Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.... | E | |
| CVE-2021-3328 | An issue was discovered in Aprelium Abyss Web Server X1 2.12.1 and 2.14. A crafted HTTP request can ... | E | |
| CVE-2021-3329 | DOS: Incorrect handling of the initial HCI ACL_MTU handshake packet leads to crash of bluetooth host layer | E | |
| CVE-2021-3330 | RCE/DOS: Linked-list corruption leading to large out-of-bounds write while sorting for forged fragment list in Zephyr | E S | |
| CVE-2021-3331 | WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler enc... | S | |
| CVE-2021-3332 | WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.... | E | |
| CVE-2021-3333 | Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements ... | S | |
| CVE-2021-3336 | DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain an... | S | |
| CVE-2021-3337 | The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intende... | E | |
| CVE-2021-3339 | ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as d... | | |
| CVE-2021-3340 | A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4... | | |
| CVE-2021-3341 | A path traversal vulnerability in the DxWebEngine component of DH2i DxEnterprise and DxOdyssey for W... | M | |
| CVE-2021-3342 | EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via craf... | E S | |
| CVE-2021-3344 | A privilege escalation flaw was found in OpenShift builder. During build time, credentials outside t... | S | |
| CVE-2021-3345 | _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer over... | S | |
| CVE-2021-3346 | Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.... | | |
| CVE-2021-3347 | An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-afte... | E S | |
| CVE-2021-3348 | nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-af... | S | |
| CVE-2021-3349 | GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a p... | E | |
| CVE-2021-3350 | deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason paramete... | | |
| CVE-2021-3351 | OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add ... | E | |
| CVE-2021-3352 | The Software Development Kit in Mitel MiContact Center Business from 8.0.0.0 through 8.1.4.1 and 9.0... | | |
| CVE-2021-3355 | A stored-self XSS exists in LightCMS v1.3.4, allowing an attacker to execute HTML or JavaScript code... | E | |
| CVE-2021-3370 | DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.ph... | | |
| CVE-2021-3374 | Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application s... | E | |
| CVE-2021-3375 | ActivePresenter 6.1.6 is affected by a memory corruption vulnerability that may result in a denial o... | E | |
| CVE-2021-3376 | An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to g... | E | |
| CVE-2021-3377 | The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can b... | E S | |
| CVE-2021-3378 | FortiLogger 4.4.2.2 is affected by Arbitrary File Upload by sending a "Content-Type: image/png" head... | E | |
| CVE-2021-3380 | Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose... | E | |
| CVE-2021-3382 | Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a... | | |
| CVE-2021-3384 | A vulnerability in Stormshield Network Security could allow an attacker to trigger a protection rela... | | |
| CVE-2021-3391 | MobileIron Mobile@Work through 2021-03-22 allows attackers to distinguish among valid, disabled, and... | | |
| CVE-2021-3392 | A use-after-free flaw was found in the MegaRAID emulator of QEMU. This issue occurs while processing... | E S | |
| CVE-2021-3393 | An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.... | | |
| CVE-2021-3394 | Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.1 has... | | |
| CVE-2021-3395 | A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to u... | | |
| CVE-2021-3396 | OpenNMS Meridian 2016, 2017, 2018 before 2018.1.25, 2019 before 2019.1.16, and 2020 before 2020.1.5,... | | |
| CVE-2021-3398 | Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component.... | | |
| CVE-2021-3401 | Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another appli... | S | |
| CVE-2021-3402 | An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.... | E | |
| CVE-2021-3403 | In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a de... | E | |
| CVE-2021-3404 | In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-se... | E | |
| CVE-2021-3405 | A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlSt... | E | |
| CVE-2021-3406 | A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code inval... | | |
| CVE-2021-3407 | A flaw was found in mupdf 1.18.0. Double free of object during linearization may lead to memory corr... | | |
| CVE-2021-3408 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3409 | The patch for CVE-2020-17380/CVE-2020-25085 was found to be ineffective, thus making QEMU vulnerable... | S | |
| CVE-2021-3410 | A flaw was found in libcaca v0.99.beta19. A buffer overflow issue in caca_resize function in libcaca... | E | |
| CVE-2021-3411 | A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was fou... | E S | |
| CVE-2021-3412 | It was found that all versions of 3Scale developer portal lacked brute force protections. An attacke... | | |
| CVE-2021-3413 | A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A cr... | | |
| CVE-2021-3414 | A flaw was found in satellite. When giving granular permission related to the organization, other pe... | | |
| CVE-2021-3416 | A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in ver... | S | |
| CVE-2021-3417 | An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for ... | S | |
| CVE-2021-3418 | If certificates that signed grub are installed into db, grub can be booted directly. It will then bo... | | |
| CVE-2021-3419 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3420 | A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory al... | S | |
| CVE-2021-3421 | A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can ... | S | |
| CVE-2021-3422 | Indexer denial-of-service via malformed S2S request | | |
| CVE-2021-3423 | Privilege escalation in Bitdefender GravityZone Business Security | S | |
| CVE-2021-3424 | A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks ar... | | |
| CVE-2021-3425 | A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provid... | | |
| CVE-2021-3426 | There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convinc... | S | |
| CVE-2021-3427 | The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent fil... | E S | |
| CVE-2021-3428 | A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is... | | |
| CVE-2021-3429 | sensitive data exposure in cloud-init logs | S | |
| CVE-2021-3430 | BT: Assertion failure on repeated LL_CONNECTION_PARAM_REQ | | |
| CVE-2021-3431 | BT: Assertion failure on repeated LL_FEATURE_REQ | | |
| CVE-2021-3432 | BT: Invalid interval in CONNECT_IND leads to Division by Zero | | |
| CVE-2021-3433 | BT: Invalid channel map in CONNECT_IND results to Deadlock | | |
| CVE-2021-3434 | L2CAP: Stack based buffer overflow in le_ecred_conn_req() | | |
| CVE-2021-3435 | L2CAP: Information leakage in le_ecred_conn_req() | | |
| CVE-2021-3436 | BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known | E S | |
| CVE-2021-3437 | Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may ... | | |
| CVE-2021-3438 | A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung pro... | | |
| CVE-2021-3439 | HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware ... | S | |
| CVE-2021-3440 | HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnera... | | |
| CVE-2021-3441 | A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinte... | | |
| CVE-2021-3442 | A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowi... | | |
| CVE-2021-3443 | A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component... | E S | |
| CVE-2021-3444 | Linux kernel bpf verifier incorrect mod32 truncation | S | |
| CVE-2021-3445 | A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This fl... | M | |
| CVE-2021-3446 | A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with ... | S | |
| CVE-2021-3447 | A flaw was found in several ansible modules, where parameters containing credentials, such as secret... | | |
| CVE-2021-3448 | A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a ... | E S | |
| CVE-2021-3449 | NULL pointer deref in signature_algorithms processing | S | |
| CVE-2021-3450 | CA certificate check bypass with X509_V_FLAG_X509_STRICT | S | |
| CVE-2021-3451 | A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, t... | S | |
| CVE-2021-3452 | A potential vulnerability in the system shutdown SMI callback function in some ThinkPad models may a... | S | |
| CVE-2021-3453 | Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Bo... | S | |
| CVE-2021-3454 | Truncated L2CAP K-frame causes assertion failure | S | |
| CVE-2021-3455 | Disconnecting L2CAP channel right after invalid ATT request leads freeze | E | |
| CVE-2021-3456 | An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy al... | | |
| CVE-2021-3457 | An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-pr... | | |
| CVE-2021-3458 | The Motorola MM1000 device configuration portal can be accessed without authentication, which could ... | S | |
| CVE-2021-3459 | A privilege escalation vulnerability was reported in the MM1000 device configuration web server, whi... | S | |
| CVE-2021-3460 | The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certifica... | S | |
| CVE-2021-3461 | A flaw was found in keycloak where keycloak may fail to logout user session if the logout request co... | S | |
| CVE-2021-3462 | A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to vers... | S | |
| CVE-2021-3463 | A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to ... | S | |
| CVE-2021-3464 | A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.400.3252, tha... | S | |
| CVE-2021-3465 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3466 | A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function le... | S | |
| CVE-2021-3467 | A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component... | S | |
| CVE-2021-3468 | A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the... | | |
| CVE-2021-3469 | Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling fla... | M | |
| CVE-2021-3470 | A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 wh... | S | |
| CVE-2021-3471 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3472 | A flaw was found in xorg-x11-server in versions before 1.20.11. An integer underflow can occur in xs... | S | |
| CVE-2021-3473 | An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC confi... | S | |
| CVE-2021-3474 | There's a flaw in OpenEXR in versions before 3.0.0-beta. A crafted input file that is processed by O... | S | |
| CVE-2021-3475 | There is a flaw in OpenEXR in versions before 3.0.0-beta. An attacker who can submit a crafted file ... | S | |
| CVE-2021-3476 | A flaw was found in OpenEXR's B44 uncompression functionality in versions before 3.0.0-beta. An atta... | S | |
| CVE-2021-3477 | There's a flaw in OpenEXR's deep tile sample size calculations in versions before 3.0.0-beta. An att... | S | |
| CVE-2021-3478 | There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An atta... | S | |
| CVE-2021-3479 | There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker wh... | S | |
| CVE-2021-3480 | A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsi... | S | |
| CVE-2021-3481 | A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtba... | E | |
| CVE-2021-3482 | A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. Improper input validation of ... | S | |
| CVE-2021-3483 | A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted t... | S | |
| CVE-2021-3484 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3485 | Improper Input Validation in Bitdefender Endpoint Security Tools for Linux | E S | |
| CVE-2021-3486 | GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execu... | E | |
| CVE-2021-3487 | Rejected reason: Non Security Issue. See the binutils security policy for more details, https://sour... | R | |
| CVE-2021-3488 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3489 | Linux kernel eBPF RINGBUF map oversized allocation | S | |
| CVE-2021-3490 | Linux kernel eBPF bitwise ops ALU32 bounds tracking | E S | |
| CVE-2021-3491 | Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass | S | |
| CVE-2021-3492 | Ubuntu linux kernel shiftfs file system double free vulnerability | S | |
| CVE-2021-3493 | The overlayfs implementation in the linux kernel did not properly validate with respect to user name... | KEV E S | |
| CVE-2021-3494 | A smart proxy that provides a restful API to various sub-systems of the Foreman is affected by the f... | | |
| CVE-2021-3495 | An incorrect access control flaw was found in the kiali-operator in versions before 1.33.0 and befor... | S | |
| CVE-2021-3496 | A heap-based buffer overflow was found in jhead in version 3.06 in Get16u() in exif.c when processin... | E S | |
| CVE-2021-3497 | GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain ... | S | |
| CVE-2021-3498 | GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.... | S | |
| CVE-2021-3499 | A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress F... | | |
| CVE-2021-3500 | A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in function DJVU::DjVuDocument::g... | | |
| CVE-2021-3501 | A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KV... | S | |
| CVE-2021-3502 | A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_star... | E S | |
| CVE-2021-3503 | A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. Th... | S | |
| CVE-2021-3504 | A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bound... | S | |
| CVE-2021-3505 | A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys... | E S | |
| CVE-2021-3506 | An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linu... | S | |
| CVE-2021-3507 | A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It cou... | E | |
| CVE-2021-3508 | A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skip... | E S | |
| CVE-2021-3509 | A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-2783... | E S | |
| CVE-2021-3510 | Zephyr JSON decoder incorrectly decodes array of array | S | |
| CVE-2021-3511 | Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband route... | | |
| CVE-2021-3512 | Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and p... | | |
| CVE-2021-3513 | A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout ... | | |
| CVE-2021-3514 | When using a sync_repl client in 389-ds-base, an authenticated attacker can cause a NULL pointer der... | | |
| CVE-2021-3515 | A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacke... | S | |
| CVE-2021-3516 | There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a c... | E S | |
| CVE-2021-3517 | There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An at... | S | |
| CVE-2021-3518 | There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted fil... | S | |
| CVE-2021-3519 | A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to t... | S | |
| CVE-2021-3520 | There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may ... | S | |
| CVE-2021-3521 | There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key ... | S | |
| CVE-2021-3522 | GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.... | S | |
| CVE-2021-3523 | A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified conn... | | |
| CVE-2021-3524 | A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.2... | S | |
| CVE-2021-3525 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3526 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3527 | A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined in... | S | |
| CVE-2021-3528 | A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between ... | S | |
| CVE-2021-3529 | A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitr... | | |
| CVE-2021-3530 | A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in ... | S | |
| CVE-2021-3531 | A flaw was found in the Red Hat Ceph Storage RGW in versions before 14.2.21. When processing a GET R... | S | |
| CVE-2021-3532 | Rejected reason: This CVE is marked as INVALID and not a bug... | R | |
| CVE-2021-3533 | Rejected reason: This vulnerability does not meet the criteria for a security vulnerability... | R | |
| CVE-2021-3534 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-34981. Reason: This candidat... | R | |
| CVE-2021-3535 | Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Se... | | |
| CVE-2021-3536 | A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode... | | |
| CVE-2021-3537 | A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors wh... | S | |
| CVE-2021-3538 | A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099... | | |
| CVE-2021-3539 | EspoCRM Avatar Persistent XSS | | |
| CVE-2021-3540 | Ivanti MobileIron Core clish Restricted Shell Escape via Argument Injection | E | |
| CVE-2021-3541 | A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing... | S | |
| CVE-2021-3542 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidat... | R | |
| CVE-2021-3543 | A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclav... | | |
| CVE-2021-3544 | Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in vers... | | |
| CVE-2021-3545 | An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gp... | | |
| CVE-2021-3546 | An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) ... | | |
| CVE-2021-3547 | OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certi... | S | |
| CVE-2021-3548 | A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer d... | | |
| CVE-2021-3549 | An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use ... | S | |
| CVE-2021-3550 | A DLL search path vulnerability was reported in Lenovo PCManager, prior to version 3.0.500.5102, tha... | S | |
| CVE-2021-3551 | A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admi... | S | |
| CVE-2021-3552 | Insufficient validation on regular expression in EPPUpdateService config file (VA-9825) | M | |
| CVE-2021-3553 | Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825) | S | |
| CVE-2021-3554 | Improper Access Control vulnerability in the patchesUpdate API | M | |
| CVE-2021-3555 | A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows ... | E S | |
| CVE-2021-3556 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3557 | A flaw was found in argocd. Any unprivileged user is able to deploy argocd in their namespace and wi... | | |
| CVE-2021-3558 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3559 | A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. It onl... | S | |
| CVE-2021-3560 | It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, e... | KEV E S | |
| CVE-2021-3561 | An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bounds check in read_objects() coul... | E S | |
| CVE-2021-3563 | A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are ve... | E | |
| CVE-2021-3564 | A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was fou... | E | |
| CVE-2021-3565 | A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed A... | S | |
| CVE-2021-3566 | Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. By... | S | |
| CVE-2021-3567 | A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this fl... | | |
| CVE-2021-3569 | A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypti... | S | |
| CVE-2021-3570 | A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwardin... | S | |
| CVE-2021-3571 | A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-e... | S | |
| CVE-2021-3572 | A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote ... | S | |
| CVE-2021-3573 | A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in t... | E S | |
| CVE-2021-3574 | A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert c... | E S | |
| CVE-2021-3575 | A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompre... | E | |
| CVE-2021-3576 | Privilege escalation via SeImpersonatePrivilege | S | |
| CVE-2021-3577 | An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binaton... | S | |
| CVE-2021-3578 | A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malici... | S | |
| CVE-2021-3579 | Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe | S | |
| CVE-2021-3580 | A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. ... | S | |
| CVE-2021-3581 | Buffer Access with Incorrect Length Value in zephyr | S | |
| CVE-2021-3582 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. The issue occurs wh... | E | |
| CVE-2021-3583 | A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This iss... | | |
| CVE-2021-3584 | A server side remote code execution vulnerability was found in Foreman project. A authenticated atta... | S | |
| CVE-2021-3585 | A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs du... | E S | |
| CVE-2021-3586 | A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not p... | | |
| CVE-2021-3587 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38208. Reason: This candidat... | R | |
| CVE-2021-3588 | memory contents disclosure in cli_feat_read_cb | E S | |
| CVE-2021-3589 | An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissio... | S | |
| CVE-2021-3590 | A flaw was found in Foreman project. A credential leak was identified which will expose Azure Comput... | | |
| CVE-2021-3591 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3592 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Th... | S | |
| CVE-2021-3593 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Th... | S | |
| CVE-2021-3594 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Th... | S | |
| CVE-2021-3595 | An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. Th... | S | |
| CVE-2021-3596 | A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGIm... | E | |
| CVE-2021-3597 | A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circu... | | |
| CVE-2021-3598 | There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An at... | E S | |
| CVE-2021-3599 | A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad ... | S | |
| CVE-2021-3600 | It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds inf... | S | |
| CVE-2021-3601 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3602 | An information disclosure flaw was found in Buildah, when building containers using chroot isolation... | S | |
| CVE-2021-3603 | Inclusion of Functionality from Untrusted Control Sphere in PHPMailer/PHPMailer | S | |
| CVE-2021-3604 | Primion-Digitek Secure 8 SQL injection vulnerability | E S | |
| CVE-2021-3605 | There's a flaw in OpenEXR's rleUncompress functionality in versions prior to 3.0.5. An attacker who ... | S | |
| CVE-2021-3606 | OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable librar... | | |
| CVE-2021-3607 | An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in vers... | S | |
| CVE-2021-3608 | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to... | S | |
| CVE-2021-3609 | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can... | E S | |
| CVE-2021-3610 | A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 i... | S | |
| CVE-2021-3611 | A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicio... | E M | |
| CVE-2021-3612 | An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in ver... | S | |
| CVE-2021-3613 | OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries ... | | |
| CVE-2021-3614 | A vulnerability was reported on some Lenovo Notebook systems that could allow an attacker with physi... | S | |
| CVE-2021-3615 | A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution ... | S | |
| CVE-2021-3616 | A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized... | S | |
| CVE-2021-3617 | A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow command injecti... | S | |
| CVE-2021-3618 | ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementin... | S | |
| CVE-2021-3619 | Rapid7 Velociraptor Notebooks Authenticated Persistent XSS | S | |
| CVE-2021-3620 | A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as ... | S | |
| CVE-2021-3621 | A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the... | S | |
| CVE-2021-3622 | A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Win... | E S | |
| CVE-2021-3623 | A flaw was found in libtpms. The flaw can be triggered by specially-crafted TPM 2 command packets co... | S | |
| CVE-2021-3624 | There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously c... | E | |
| CVE-2021-3625 | Buffer overflow in Zephyr USB DFU DNLOAD | E | |
| CVE-2021-3626 | Windows version of Multipass unauthenticated localhost tcp control socket can perform mounts | S | |
| CVE-2021-3627 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3628 | OpenKM Document Management Community vulnerable to Cross Site Scripting | S | |
| CVE-2021-3629 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser ove... | | |
| CVE-2021-3630 | An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.c... | S | |
| CVE-2021-3631 | A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. T... | E S | |
| CVE-2021-3632 | A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or ... | S | |
| CVE-2021-3633 | A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.11... | E S | |
| CVE-2021-3634 | A flaw has been found in libssh in versions prior to 0.9.6. The SSH protocol keeps track of two shar... | S | |
| CVE-2021-3635 | A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user w... | | |
| CVE-2021-3636 | It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Ser... | E S | |
| CVE-2021-3637 | A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticatio... | | |
| CVE-2021-3638 | An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occ... | E S | |
| CVE-2021-3639 | A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue coul... | S | |
| CVE-2021-3640 | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in ... | E S | |
| CVE-2021-3641 | Improper Link Resolution Before File Access in Bitdefender GravityZone (VA-9921) | S | |
| CVE-2021-3642 | A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and pr... | | |
| CVE-2021-3643 | A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-o... | | |
| CVE-2021-3644 | A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single a... | S | |
| CVE-2021-3645 | Prototype Pollution in viking04/merge | E S | |
| CVE-2021-3646 | Cross-site Scripting (XSS) - Reflected in btcpayserver/btcpayserver | E S | |
| CVE-2021-3647 | Open Redirect in medialize/URI.js | E S | |
| CVE-2021-3648 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-3530. Reason: This candidate... | R | |
| CVE-2021-3649 | Inefficient Regular Expression Complexity in chatwoot/chatwoot | E S | |
| CVE-2021-3651 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3652 | A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally ... | S | |
| CVE-2021-3653 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs whe... | E S | |
| CVE-2021-3654 | A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noV... | E S | |
| CVE-2021-3655 | A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validatio... | S | |
| CVE-2021-3656 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs whe... | S | |
| CVE-2021-3657 | A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large (>... | | |
| CVE-2021-3658 | bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down,... | S | |
| CVE-2021-3659 | A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking su... | S | |
| CVE-2021-3660 | Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to rend... | S | |
| CVE-2021-3661 | A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware... | | |
| CVE-2021-3662 | Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (X... | | |
| CVE-2021-3663 | Improper Restriction of Excessive Authentication Attempts in firefly-iii/firefly-iii | E S | |
| CVE-2021-3664 | Open Redirect in unshiftio/url-parse | E S | |
| CVE-2021-3666 | Prototype Pollution in fiznool/body-parser-xml | E S | |
| CVE-2021-3667 | An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occur... | S | |
| CVE-2021-3669 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large... | | |
| CVE-2021-3670 | MaxQueryDuration not honoured in Samba AD DC LDAP... | S | |
| CVE-2021-3671 | A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-... | S | |
| CVE-2021-3672 | A flaw was found in c-ares library, where a missing input validation check of host names returned by... | E S | |
| CVE-2021-3673 | A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a craf... | E S | |
| CVE-2021-3674 | A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section dat... | E S | |
| CVE-2021-3675 | synaTEE.signed.dll Out-Of-Bounds Heap Write | S | |
| CVE-2021-3676 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3677 | A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. I... | | |
| CVE-2021-3678 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc | S | |
| CVE-2021-3679 | A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc... | S | |
| CVE-2021-3680 | Missing Cryptographic Step in star7th/showdoc | E S | |
| CVE-2021-3681 | A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in th... | | |
| CVE-2021-3682 | A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It o... | S | |
| CVE-2021-3683 | Cross-Site Request Forgery (CSRF) in star7th/showdoc | E S | |
| CVE-2021-3684 | A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, i... | S | |
| CVE-2021-3688 | A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not prope... | | |
| CVE-2021-3689 | Use of Predictable Algorithm in Random Number Generator in yiisoft/yii2 | E S | |
| CVE-2021-3690 | A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memor... | E S | |
| CVE-2021-3691 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3692 | Use of Predictable Algorithm in Random Number Generator in yiisoft/yii2 | E S | |
| CVE-2021-3693 | Cross-site Scripting (XSS) - DOM in ledgersmb/ledgersmb | S | |
| CVE-2021-3694 | Cross-site Scripting (XSS) - Reflected in ledgersmb/ledgersmb | S | |
| CVE-2021-3695 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker... | | |
| CVE-2021-3696 | A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This ... | | |
| CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlle... | | |
| CVE-2021-3698 | A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verificat... | | |
| CVE-2021-3700 | A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirpars... | S | |
| CVE-2021-3701 | A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 ... | S | |
| CVE-2021-3702 | A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation ... | S | |
| CVE-2021-3703 | It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentio... | | |
| CVE-2021-3704 | Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that ma... | | |
| CVE-2021-3705 | Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that ma... | | |
| CVE-2021-3706 | Sensitive Cookie Without 'HttpOnly' Flag in pi-hole/adminlte | E S | |
| CVE-2021-3707 | D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized config... | | |
| CVE-2021-3708 | D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injectio... | | |
| CVE-2021-3709 | Apport file permission bypass through emacs byte compilation errors | E | |
| CVE-2021-3710 | Apport info disclosure via path traversal bug in read_file | E | |
| CVE-2021-3711 | SM2 Decryption Buffer Overflow | S | |
| CVE-2021-3712 | Read buffer overruns processing ASN.1 strings | S | |
| CVE-2021-3713 | An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) device emulation of QEMU in ver... | S | |
| CVE-2021-3714 | A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that m... | | |
| CVE-2021-3715 | A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networki... | S | |
| CVE-2021-3716 | A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encrypti... | S | |
| CVE-2021-3717 | A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron... | | |
| CVE-2021-3718 | A denial of service vulnerability was reported in some ThinkPad models that could cause a system to ... | S | |
| CVE-2021-3719 | A potential vulnerability in the SMI callback function that saves and restore boot script tables use... | S | |
| CVE-2021-3720 | An information disclosure vulnerability was reported in the Time Weather system widget on Legion Pho... | S | |
| CVE-2021-3721 | A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 tha... | S | |
| CVE-2021-3722 | A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that... | S | |
| CVE-2021-3723 | A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy I... | M | |
| CVE-2021-3724 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3725 | OS Command Injection in ohmyzsh/ohmyzsh | S | |
| CVE-2021-3726 | OS Command Injection in ohmyzsh/ohmyzsh | S | |
| CVE-2021-3727 | OS Command Injection in ohmyzsh/ohmyzsh | S | |
| CVE-2021-3728 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii | E S | |
| CVE-2021-3729 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii | S | |
| CVE-2021-3730 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii | S | |
| CVE-2021-3731 | Improper Restriction of Rendered UI Layers or Frames in ledgersmb/ledgersmb | | |
| CVE-2021-3732 | A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS file... | S | |
| CVE-2021-3733 | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP... | E S | |
| CVE-2021-3734 | Improper Restriction of Rendered UI Layers or Frames in yourls/yourls | E S | |
| CVE-2021-3735 | A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahc... | | |
| CVE-2021-3736 | A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfi... | S | |
| CVE-2021-3737 | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python ma... | E S | |
| CVE-2021-3738 | In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connect... | S | |
| CVE-2021-3739 | A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in t... | E S | |
| CVE-2021-3740 | Session Fixation in chatwoot/chatwoot | | |
| CVE-2021-3741 | Stored Cross-site Scripting (XSS) in chatwoot/chatwoot | | |
| CVE-2021-3742 | Server-Side Request Forgery (SSRF) in chatwoot/chatwoot | | |
| CVE-2021-3743 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux k... | E S | |
| CVE-2021-3744 | A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/cr... | E S | |
| CVE-2021-3745 | Unrestricted Upload of File with Dangerous Type in flatcore/flatcore-cms | E S | |
| CVE-2021-3746 | A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. ... | S | |
| CVE-2021-3747 | MacOS version of Multipass incorrect owner for application directory | S | |
| CVE-2021-3748 | A use-after-free vulnerability was found in the virtio-net device of QEMU. It could occur when the d... | S | |
| CVE-2021-3749 | Inefficient Regular Expression Complexity in axios/axios | E S | |
| CVE-2021-3750 | A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify ... | E | |
| CVE-2021-3751 | Out-of-bounds Write in bfabiszewski/libmobi | E S | |
| CVE-2021-3752 | A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls conn... | E S | |
| CVE-2021-3753 | A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which ma... | E S | |
| CVE-2021-3754 | A flaw was found in keycloak where an attacker is able to register himself with the username same as... | | |
| CVE-2021-3755 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3756 | Heap-based Buffer Overflow in hoene/libmysofa | E S | |
| CVE-2021-3757 | Prototype Pollution in immerjs/immer | E S | |
| CVE-2021-3758 | Server-Side Request Forgery (SSRF) in bookstackapp/bookstack | E S | |
| CVE-2021-3759 | A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsy... | | |
| CVE-2021-3760 | A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a ... | | |
| CVE-2021-3761 | OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values | S | |
| CVE-2021-3762 | A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can expl... | E S | |
| CVE-2021-3763 | A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user ... | | |
| CVE-2021-3764 | A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an att... | S | |
| CVE-2021-3765 | Inefficient Regular Expression Complexity in validatorjs/validator.js | E S | |
| CVE-2021-3766 | Prototype Pollution in vincit/objection.js | E S | |
| CVE-2021-3767 | Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack | E S | |
| CVE-2021-3768 | Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack | E S | |
| CVE-2021-3769 | OS Command Injection in ohmyzsh/ohmyzsh | S | |
| CVE-2021-3770 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-3771 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3772 | A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP asso... | S | |
| CVE-2021-3773 | A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint in... | S | |
| CVE-2021-3774 | Meross MSS550X Missing Encryption of Sensitive Data | S | |
| CVE-2021-3775 | Cross-Site Request Forgery (CSRF) in star7th/showdoc | E S | |
| CVE-2021-3776 | Cross-Site Request Forgery (CSRF) in star7th/showdoc | E S | |
| CVE-2021-3777 | Inefficient Regular Expression Complexity in daaku/nodejs-tmpl | E S | |
| CVE-2021-3778 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-3779 | Ruby-MySQL Gem Client File Read | E S | |
| CVE-2021-3780 | Cross-site Scripting (XSS) - Stored in chocobozzz/peertube | E S | |
| CVE-2021-3781 | A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript inter... | S | |
| CVE-2021-3782 | An internal reference count is held on the buffer pool, incremented every time a new buffer is creat... | E S | |
| CVE-2021-3783 | Cross-site Scripting (XSS) - Reflected in yourls/yourls | S | |
| CVE-2021-3784 | Garuda Linux Improper Authorization | S | |
| CVE-2021-3785 | Cross-site Scripting (XSS) - Stored in yourls/yourls | E S | |
| CVE-2021-3786 | A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Not... | S | |
| CVE-2021-3787 | A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an at... | S | |
| CVE-2021-3788 | An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could ... | S | |
| CVE-2021-3789 | An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Camera... | S | |
| CVE-2021-3790 | A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Came... | S | |
| CVE-2021-3791 | An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Camera... | S | |
| CVE-2021-3792 | Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble serv... | S | |
| CVE-2021-3793 | An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Camer... | S | |
| CVE-2021-3794 | Inefficient Regular Expression Complexity in vuelidate/vuelidate | E S | |
| CVE-2021-3795 | Inefficient Regular Expression Complexity in sindresorhus/semver-regex | E S | |
| CVE-2021-3796 | Use After Free in vim/vim | E S | |
| CVE-2021-3797 | Use of Wrong Operator in String Comparison in hestiacp/hestiacp | E S | |
| CVE-2021-3798 | A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid w... | S | |
| CVE-2021-3799 | Improper Restriction of Rendered UI Layers or Frames in getgrav/grav-plugin-admin | E S | |
| CVE-2021-3800 | A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content... | E S | |
| CVE-2021-3801 | Inefficient Regular Expression Complexity in prismjs/prism | E S | |
| CVE-2021-3802 | A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image fi... | E S | |
| CVE-2021-3803 | Inefficient Regular Expression Complexity in fb55/nth-check | E S | |
| CVE-2021-3804 | Inefficient Regular Expression Complexity in nervjs/taro | E S | |
| CVE-2021-3805 | Prototype Pollution in mariocasciaro/object-path | E S | |
| CVE-2021-3806 | Path Traversal in Pardus Software Center | E S | |
| CVE-2021-3807 | Inefficient Regular Expression Complexity in chalk/ansi-regex | E S | |
| CVE-2021-3808 | Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP P... | | |
| CVE-2021-3809 | Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP P... | | |
| CVE-2021-3810 | Inefficient Regular Expression Complexity in cdr/code-server | E S | |
| CVE-2021-3811 | Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte | E S | |
| CVE-2021-3812 | Cross-site Scripting (XSS) - Reflected in pi-hole/adminlte | E S | |
| CVE-2021-3813 | Improper Privilege Management in chatwoot/chatwoot | E S | |
| CVE-2021-3814 | It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token,... | | |
| CVE-2021-3815 | Prototype Pollution in fabiocaccamo/utils.js | E S | |
| CVE-2021-3816 | Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in... | | |
| CVE-2021-3817 | SQL Injection in wbce/wbce_cms | E S | |
| CVE-2021-3818 | Reliance on Cookies without Validation and Integrity Checking in getgrav/grav | E S | |
| CVE-2021-3819 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii | E S | |
| CVE-2021-3820 | Inefficient Regular Expression Complexity in pksunkara/inflect | E S | |
| CVE-2021-3821 | A potential security vulnerability has been identified for certain HP multifunction printers (MFPs).... | | |
| CVE-2021-3822 | Inefficient Regular Expression Complexity in josdejong/jsoneditor | E S | |
| CVE-2021-3823 | Path traversal vulnerability in Bitdefender GravitZone Update Server in relay mode | S | |
| CVE-2021-3824 | OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or H... | | |
| CVE-2021-3825 | Missing Authorization Checks in LiderAhenk | E S | |
| CVE-2021-3826 | Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers... | S | |
| CVE-2021-3827 | A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows t... | S | |
| CVE-2021-3828 | Inefficient Regular Expression Complexity in nltk/nltk | E S | |
| CVE-2021-3829 | Open Redirect in openwhyd/openwhyd | E S | |
| CVE-2021-3830 | Cross-site Scripting (XSS) - Stored in btcpayserver/btcpayserver | E S | |
| CVE-2021-3831 | Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5 | E S | |
| CVE-2021-3832 | Integria IMS Remote Code Execution | S | |
| CVE-2021-3833 | Integria IMS incorrect authorization | S | |
| CVE-2021-3834 | Integria IMS vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2021-3835 | Buffer overflow in usb device class | E | |
| CVE-2021-3836 | Improper Restriction of XML External Entity Reference in dbeaver/dbeaver | E S | |
| CVE-2021-3837 | Improper Authorization in openwhyd/openwhyd | E S | |
| CVE-2021-3838 | PHAR Deserialization in dompdf/dompdf | E S | |
| CVE-2021-3839 | A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not valida... | S | |
| CVE-2021-3840 | A dependency confusion vulnerability was reported in the Antilles open-source software prior to vers... | S | |
| CVE-2021-3841 | Stored Cross-site Scripting (XSS) in sylius/sylius | S | |
| CVE-2021-3842 | Inefficient Regular Expression Complexity in nltk/nltk | E S | |
| CVE-2021-3843 | A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an ... | S | |
| CVE-2021-3844 | Rapid7 InsightVM Insufficient Session Expiration | | |
| CVE-2021-3845 | External Control of File Name or Path in netristv/ws-scrcpy | E S | |
| CVE-2021-3846 | Unrestricted Upload of File with Dangerous Type in firefly-iii/firefly-iii | E S | |
| CVE-2021-3847 | An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kerne... | | |
| CVE-2021-3848 | An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One a... | S | |
| CVE-2021-3849 | An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power C... | S | |
| CVE-2021-3850 | Authentication Bypass by Primary Weakness in adodb/adodb | E S | |
| CVE-2021-3851 | Open Redirect in firefly-iii/firefly-iii | E S | |
| CVE-2021-3852 | Authorization Bypass Through User-Controlled Key in weseek/growi | E S | |
| CVE-2021-3853 | Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq | E S | |
| CVE-2021-3854 | SQLi in Glox Technology's Useroam Hotspot | S | |
| CVE-2021-3855 | Command Injection in Liman Central Management System | S | |
| CVE-2021-3856 | ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a re... | S | |
| CVE-2021-3857 | Cross-site Scripting (XSS) - Stored in chaskiq/chaskiq | E S | |
| CVE-2021-3858 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it | E S | |
| CVE-2021-3859 | A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made... | S | |
| CVE-2021-3860 | JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection... | S | |
| CVE-2021-3861 | The RNDIS USB device class includes a buffer overflow vulnerability | E | |
| CVE-2021-3862 | Cross-site Scripting (XSS) - Reflected in icecoder/icecoder | E S | |
| CVE-2021-3863 | Cross-site Scripting (XSS) - Generic in snipe/snipe-it | E S | |
| CVE-2021-3864 | A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries execute... | E S | |
| CVE-2021-3866 | Cross-site Scripting (XSS) - Stored in zulip/zulip | E S | |
| CVE-2021-3867 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3868 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3869 | Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp | E S | |
| CVE-2021-3870 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3871 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3872 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-3873 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3874 | Path Traversal in bookstackapp/bookstack | E S | |
| CVE-2021-3875 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-3876 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3877 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3878 | Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp | E S | |
| CVE-2021-3879 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it | E S | |
| CVE-2021-3880 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3881 | Out-of-bounds Read in bfabiszewski/libmobi | E S | |
| CVE-2021-3882 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ledgersmb/ledgersmb | E S | |
| CVE-2021-3883 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3884 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3885 | Rejected reason: This is unused.... | R | |
| CVE-2021-3886 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3887 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3888 | Use of Out-of-range Pointer Offset in bfabiszewski/libmobi | E S | |
| CVE-2021-3889 | Use of Out-of-range Pointer Offset in bfabiszewski/libmobi | E S | |
| CVE-2021-3892 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-18198. Reason: This candidat... | R | |
| CVE-2021-3893 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3894 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3896 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidat... | R | |
| CVE-2021-3897 | An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power... | S | |
| CVE-2021-3898 | Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do ... | S | |
| CVE-2021-3899 | There is a race condition in the 'replaced executable' detection that, with the correct local config... | | |
| CVE-2021-3900 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii | E S | |
| CVE-2021-3901 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii | E S | |
| CVE-2021-3902 | Improper Restriction of XML External Entity Reference in dompdf/dompdf | E S | |
| CVE-2021-3903 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-3904 | Cross-site Scripting (XSS) - Stored in getgrav/grav | E S | |
| CVE-2021-3905 | A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attac... | E S | |
| CVE-2021-3906 | Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack | E S | |
| CVE-2021-3907 | Arbitrary filepath traversal via URI injection | S | |
| CVE-2021-3908 | Infinite certificate chain depth results in OctoRPKI running forever | S | |
| CVE-2021-3909 | Infinite open connection causes OctoRPKI to hang forever | S | |
| CVE-2021-3910 | NUL character in ROA causes OctoRPKI to crash | S | |
| CVE-2021-3911 | Misconfigured IP address field in ROA leads to OctoRPKI crash | S | |
| CVE-2021-3912 | OctoRPKI crashes when processing GZIP bomb returned via malicious repository | S | |
| CVE-2021-3913 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-3914 | It was found that the smallrye health metrics UI component did not properly sanitize some user input... | | |
| CVE-2021-3915 | Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack | E S | |
| CVE-2021-3916 | Path Traversal in bookstackapp/bookstack | E S | |
| CVE-2021-3917 | A flaw was found in the coreos-installer, where it writes the Ignition config to the target system w... | S | |
| CVE-2021-3918 | Prototype Pollution in kriszyp/json-schema | E S | |
| CVE-2021-3919 | A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center w... | | |
| CVE-2021-3920 | Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin | E S | |
| CVE-2021-3921 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii | E S | |
| CVE-2021-3922 | A race condition vulnerability was reported in IMController, a software component of Lenovo System I... | S | |
| CVE-2021-3923 | A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a pr... | S | |
| CVE-2021-3924 | Path Traversal in getgrav/grav | E S | |
| CVE-2021-3927 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-3928 | Use of Uninitialized Variable in vim/vim | E S | |
| CVE-2021-3929 | A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is... | E S | |
| CVE-2021-3930 | An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing ... | S | |
| CVE-2021-3931 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it | E S | |
| CVE-2021-3932 | Cross-Site Request Forgery (CSRF) in area17/twill | E S | |
| CVE-2021-3933 | An integer overflow could occur when OpenEXR processes a crafted file on systems where size_t < 64 b... | | |
| CVE-2021-3934 | OS Command Injection in ohmyzsh/ohmyzsh | S | |
| CVE-2021-3935 | When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject a... | | |
| CVE-2021-3937 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3938 | Cross-site Scripting (XSS) - Generic in snipe/snipe-it | E S | |
| CVE-2021-3939 | Free of static data in accountsservice | | |
| CVE-2021-3940 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-3941 | In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (... | S | |
| CVE-2021-3942 | Certain HP Print products and Digital Sending products may be vulnerable to potential remote code ex... | | |
| CVE-2021-3943 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier uns... | S | |
| CVE-2021-3944 | Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack | E S | |
| CVE-2021-3945 | Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk | E S | |
| CVE-2021-3947 | A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslis... | S | |
| CVE-2021-3948 | An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect ... | S | |
| CVE-2021-3950 | Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk | E S | |
| CVE-2021-3956 | A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Le... | S | |
| CVE-2021-3957 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 | E S | |
| CVE-2021-3958 | SQL Injection Vulnerability in Ipack SCADA Software | E | |
| CVE-2021-3959 | Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145) | S | |
| CVE-2021-3960 | Privilege Escalation via the GravityZone productManager UpdateServer.KitsManager API (VA-10146) | S | |
| CVE-2021-3961 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it | E S | |
| CVE-2021-3962 | A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to ... | S | |
| CVE-2021-3963 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 | E S | |
| CVE-2021-3964 | Authorization Bypass Through User-Controlled Key in elgg/elgg | E S | |
| CVE-2021-3965 | Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing... | | |
| CVE-2021-3966 | Usb bluetooth device ACL read cb buffer overflow | | |
| CVE-2021-3967 | Improper Access Control in zulip/zulip | E S | |
| CVE-2021-3968 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-3969 | A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software componen... | S | |
| CVE-2021-3970 | A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenov... | S | |
| CVE-2021-3971 | A potential vulnerability by a driver used during older manufacturing processes on some consumer Len... | S | |
| CVE-2021-3972 | A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Note... | S | |
| CVE-2021-3973 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-3974 | Use After Free in vim/vim | E S | |
| CVE-2021-3975 | A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandl... | S | |
| CVE-2021-3976 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 | E S | |
| CVE-2021-3977 | Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja | E S | |
| CVE-2021-3978 | Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki | | |
| CVE-2021-3979 | A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key l... | S | |
| CVE-2021-3980 | Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg | E S | |
| CVE-2021-3981 | A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the... | S | |
| CVE-2021-3982 | Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issu... | S | |
| CVE-2021-3983 | Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2 | E S | |
| CVE-2021-3984 | Heap-based Buffer Overflow in vim/vim | E S | |
| CVE-2021-3985 | Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2 | E S | |
| CVE-2021-3986 | Information Disclosure in janeczku/calibre-web | E S | |
| CVE-2021-3987 | Improper Access Control in janeczku/calibre-web | E S | |
| CVE-2021-3988 | Cross-site Scripting (XSS) in janeczku/calibre-web | E S | |
| CVE-2021-3989 | Open Redirect in star7th/showdoc | E S | |
| CVE-2021-3990 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc | E S | |
| CVE-2021-3991 | Improper Authorization in dolibarr/dolibarr | S | |
| CVE-2021-3992 | Improper Access Control in kevinpapst/kimai2 | E S | |
| CVE-2021-3993 | Cross-Site Request Forgery (CSRF) in star7th/showdoc | E S | |
| CVE-2021-3994 | Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk | E S | |
| CVE-2021-3995 | A logic error was found in the libmount library of util-linux in the function that allows an unprivi... | E S | |
| CVE-2021-3996 | A logic error was found in the libmount library of util-linux in the function that allows an unprivi... | E S | |
| CVE-2021-3997 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of s... | E S | |
| CVE-2021-3998 | A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potent... | S | |
| CVE-2021-3999 | A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memor... | E |