| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-32000 | clone-master-clean-up: dangerous file system operations | E S | |
| CVE-2021-32001 | K3s/RKE2 bootstrap data is encrypted with empty string if user does not supply a token | | |
| CVE-2021-32002 | SiteManager troubleshooter allows access without authentication from local network | | |
| CVE-2021-32003 | Configuration service port remains open 10 minutes after reboot even when already provisioned | | |
| CVE-2021-32004 | GateManager does not enforce strict hostname matching for WEB server | | |
| CVE-2021-32005 | SiteManager Log View XSS Issue | | |
| CVE-2021-32006 | GateManager information leak for LinkManager Users | | |
| CVE-2021-32007 | Missing security header: Referrer-Policy URL | | |
| CVE-2021-32008 | Logged-in Administrator may get unrestricted file system access | | |
| CVE-2021-32009 | Missing XSS guards on firmware page | | |
| CVE-2021-32010 | Clients may connect to a GateManager with TLS 1.0 | | |
| CVE-2021-32012 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consump... | S | |
| CVE-2021-32013 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consump... | S | |
| CVE-2021-32014 | SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumptio... | S | |
| CVE-2021-32015 | In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileg... | | |
| CVE-2021-32016 | An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the writing of... | | |
| CVE-2021-32017 | An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of... | | |
| CVE-2021-32018 | An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP API was vulnerable to arbitrary... | | |
| CVE-2021-32019 | There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection ... | | |
| CVE-2021-32020 | The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during man... | S | |
| CVE-2021-32021 | A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s)... | | |
| CVE-2021-32022 | A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version... | | |
| CVE-2021-32023 | An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows vers... | | |
| CVE-2021-32024 | A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to... | S | |
| CVE-2021-32025 | An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Softw... | S | |
| CVE-2021-32027 | A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and ... | S | |
| CVE-2021-32028 | A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-c... | S | |
| CVE-2021-32029 | A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an... | S | |
| CVE-2021-32030 | The administrator application on ASUS GT-AC2900 devices before 3.0.0.4.386.42643 and Lyra Mini befor... | KEV E | |
| CVE-2021-32032 | In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic... | E S | |
| CVE-2021-32033 | Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TO... | E | |
| CVE-2021-32036 | Denial of Service and Data Integrity vulnerability in features command | | |
| CVE-2021-32037 | User may trigger invariant when allowed to send commands directly to shards | | |
| CVE-2021-32039 | MongoDB Extension for VS Code may unexpectedly store credentials locally in clear text | | |
| CVE-2021-32040 | Large aggregation pipelines with a specific stage can crash mongod under default configuration | S | |
| CVE-2021-32050 | Some MongoDB Drivers may publish events containing authentication-related data to a command listener configured by an application | S | |
| CVE-2021-32051 | Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/Downl... | E | |
| CVE-2021-32052 | In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValida... | S | |
| CVE-2021-32053 | JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the data... | S | |
| CVE-2021-32054 | Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations, which ... | S | |
| CVE-2021-32055 | Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresy... | S | |
| CVE-2021-32056 | Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypa... | S | |
| CVE-2021-32061 | S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a | | |
| CVE-2021-32062 | MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.... | | |
| CVE-2021-32066 | An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP... | E S | |
| CVE-2021-32067 | The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view s... | | |
| CVE-2021-32068 | The AWV and MiCollab Client Service components in Mitel MiCollab before 9.3 could allow an attacker ... | | |
| CVE-2021-32069 | The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middl... | | |
| CVE-2021-32070 | The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perfor... | | |
| CVE-2021-32071 | The MiCollab Client service in Mitel MiCollab before 9.3 could allow an unauthenticated user to gain... | | |
| CVE-2021-32072 | The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get so... | | |
| CVE-2021-32073 | DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious req... | E | |
| CVE-2021-32074 | HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows attackers to obtain sensitive i... | E S | |
| CVE-2021-32075 | Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.... | | |
| CVE-2021-32076 | Access Restriction bypass vulnerability via referrer spoof - Business Logic Bypass | S | |
| CVE-2021-32077 | Primary Source Verification in VerityStream MSOW Solutions before 3.1.1 allows an anonymous internet... | E | |
| CVE-2021-32078 | An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel ... | E S | |
| CVE-2021-32089 | An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An ... | | |
| CVE-2021-32090 | The dashboard component of StackLift LocalStack 0.12.6 allows attackers to inject arbitrary shell co... | E | |
| CVE-2021-32091 | A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.... | E | |
| CVE-2021-32092 | A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security... | E | |
| CVE-2021-32093 | The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authe... | E | |
| CVE-2021-32094 | U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to upload arbitrary ... | | |
| CVE-2021-32095 | U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete arbitrary ... | | |
| CVE-2021-32096 | The ConsoleAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows a CSRF atta... | E | |
| CVE-2021-32098 | Artica Pandora FMS 742 allows unauthenticated attackers to perform Phar deserialization.... | E | |
| CVE-2021-32099 | A SQL injection vulnerability in the pandora_console component of Artica Pandora FMS 742 allows an u... | E | |
| CVE-2021-32100 | A remote file inclusion vulnerability exists in Artica Pandora FMS 742, exploitable by the lowest pr... | E | |
| CVE-2021-32101 | The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect access control system in portal/pat... | | |
| CVE-2021-32102 | A SQL injection vulnerability exists (with user privileges) in library/custom_template/ajax_code.php... | S | |
| CVE-2021-32103 | A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allo... | | |
| CVE-2021-32104 | A SQL injection vulnerability exists (with user privileges) in interface/forms/eye_mag/save.php in O... | S | |
| CVE-2021-32106 | In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page... | E | |
| CVE-2021-32122 | Certain NETGEAR devices are affected by CSRF. This affects EX3700 before 1.0.0.90, EX3800 before 1.0... | | |
| CVE-2021-32132 | The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer... | E S | |
| CVE-2021-32134 | The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL poin... | E S | |
| CVE-2021-32135 | The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer... | E S | |
| CVE-2021-32136 | Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a ... | E S | |
| CVE-2021-32137 | Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to... | E S | |
| CVE-2021-32138 | The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer... | E S | |
| CVE-2021-32139 | The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL... | E S | |
| CVE-2021-32142 | Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges vi... | E S | |
| CVE-2021-32156 | A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs... | E | |
| CVE-2021-32157 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs featur... | E | |
| CVE-2021-32158 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download featur... | E | |
| CVE-2021-32159 | A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download... | E | |
| CVE-2021-32160 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.... | E | |
| CVE-2021-32161 | A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.... | E | |
| CVE-2021-32162 | A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager fe... | E | |
| CVE-2021-32163 | Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensit... | E S | |
| CVE-2021-32172 | Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access ... | E | |
| CVE-2021-32198 | EmTec ZOC through 8.02.4 allows remote servers to cause a denial of service (Windows GUI hang) by te... | | |
| CVE-2021-32202 | In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post descrip... | | |
| CVE-2021-32233 | SmarterTools SmarterMail before Build 7776 allows XSS.... | | |
| CVE-2021-32234 | SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution.... | | |
| CVE-2021-32238 | Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Overflow. Stack-based buffer overflo... | E | |
| CVE-2021-32243 | FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).... | E | |
| CVE-2021-32244 | Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script ... | E | |
| CVE-2021-32245 | In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG fil... | E | |
| CVE-2021-32256 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflo... | E | |
| CVE-2021-32259 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-32263 | ok-file-formats through 2021-04-29 has a heap-based buffer overflow in the ok_csv_circular_buffer_re... | E S | |
| CVE-2021-32265 | An issue was discovered in Bento4 through v1.6.0-637. A global-buffer-overflow exists in the functio... | E | |
| CVE-2021-32268 | Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attack... | E S | |
| CVE-2021-32269 | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ... | E | |
| CVE-2021-32270 | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ... | E | |
| CVE-2021-32271 | An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function Dum... | E | |
| CVE-2021-32272 | An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow exists in the function stszin... | E S | |
| CVE-2021-32273 | An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftyp... | E | |
| CVE-2021-32274 | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_q... | E | |
| CVE-2021-32275 | An issue was discovered in faust through v2.30.5. A NULL pointer dereference exists in the function ... | E | |
| CVE-2021-32276 | An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function g... | E | |
| CVE-2021-32277 | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_q... | E | |
| CVE-2021-32278 | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_pr... | E | |
| CVE-2021-32280 | An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function ... | E S | |
| CVE-2021-32281 | An issue was discovered in gravity through 0.8.1. A heap-buffer-overflow exists in the function gnod... | E | |
| CVE-2021-32282 | An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ... | E | |
| CVE-2021-32283 | An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ... | E | |
| CVE-2021-32284 | An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ... | E | |
| CVE-2021-32285 | An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ... | E | |
| CVE-2021-32286 | An issue was discovered in hcxtools through 6.1.6. A global-buffer-overflow exists in the function p... | E S | |
| CVE-2021-32287 | An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function Hevc... | E | |
| CVE-2021-32288 | An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function Hevc... | E S | |
| CVE-2021-32289 | An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the fun... | E S | |
| CVE-2021-32292 | An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A... | E | |
| CVE-2021-32294 | An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RI... | E | |
| CVE-2021-32297 | An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main l... | E S | |
| CVE-2021-32298 | An issue was discovered in libiff through 20190123. A global-buffer-overflow exists in the function ... | E | |
| CVE-2021-32299 | An issue was discovered in pbrt through 20200627. A stack-buffer-overflow exists in the function pbr... | E | |
| CVE-2021-32302 | Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sens... | E | |
| CVE-2021-32305 | WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters i... | E S | |
| CVE-2021-32399 | net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of t... | E S | |
| CVE-2021-32402 | Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to la... | E | |
| CVE-2021-32403 | Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to la... | E | |
| CVE-2021-32415 | EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a loca... | | |
| CVE-2021-32419 | An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive informa... | E S | |
| CVE-2021-32420 | dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y.... | | |
| CVE-2021-32421 | dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y.... | | |
| CVE-2021-32422 | dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the b... | | |
| CVE-2021-32424 | In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make... | | |
| CVE-2021-32426 | In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web... | E | |
| CVE-2021-32428 | SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Rea... | | |
| CVE-2021-32434 | abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at d... | E S | |
| CVE-2021-32435 | Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote att... | E S | |
| CVE-2021-32436 | An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote atta... | E S | |
| CVE-2021-32437 | The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL po... | E S | |
| CVE-2021-32438 | The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NU... | E S | |
| CVE-2021-32439 | Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a ... | E S | |
| CVE-2021-32440 | The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL ... | E S | |
| CVE-2021-32441 | SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access t... | S | |
| CVE-2021-32453 | SITEL CAP/PRX information exposure | S | |
| CVE-2021-32454 | SITEL CAP/PRX hardcoded credentials | S | |
| CVE-2021-32455 | SITEL CAP/PRX vulnerable to a denial of service attack | S | |
| CVE-2021-32456 | SITEL CAP/PRX cleartext transmission of sensitive information | S | |
| CVE-2021-32457 | Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based ... | E | |
| CVE-2021-32458 | Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based ... | | |
| CVE-2021-32459 | Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnera... | | |
| CVE-2021-32460 | The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access con... | | |
| CVE-2021-32461 | Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Integer Tru... | | |
| CVE-2021-32462 | Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below is vulnerable to an Exposed Haz... | | |
| CVE-2021-32463 | An incorrect permission assignment denial-of-service vulnerability in Trend Micro Apex One, Apex One... | S | |
| CVE-2021-32464 | An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex ... | | |
| CVE-2021-32465 | An incorrect permission preservation vulnerability in Trend Micro Apex One, Apex One as a Service an... | | |
| CVE-2021-32466 | An uncontrolled search path element privilege escalation vulnerability in Trend Micro HouseCall for ... | S | |
| CVE-2021-32467 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the ... | | |
| CVE-2021-32468 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the ... | | |
| CVE-2021-32469 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the ... | | |
| CVE-2021-32470 | Craft CMS before 3.6.13 has an XSS vulnerability.... | S | |
| CVE-2021-32471 | Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machi... | E | |
| CVE-2021-32472 | Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circ... | S | |
| CVE-2021-32473 | It was possible for a student to view their quiz grade before it had been released, using a quiz web... | S | |
| CVE-2021-32474 | An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from th... | S | |
| CVE-2021-32475 | ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored X... | S | |
| CVE-2021-32476 | A denial-of-service risk was identified in the draft files area, due to it not respecting user file ... | S | |
| CVE-2021-32477 | The last time a user accessed the mobile app is displayed on their profile page, but should be restr... | S | |
| CVE-2021-32478 | The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XS... | S | |
| CVE-2021-32481 | Cloudera Hue 4.6.0 allows XSS via the type parameter.... | | |
| CVE-2021-32482 | Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.... | | |
| CVE-2021-32483 | Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the r... | | |
| CVE-2021-32484 | In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to ... | | |
| CVE-2021-32485 | In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to ... | | |
| CVE-2021-32486 | In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to ... | | |
| CVE-2021-32487 | In modem 2G RRM, there is a possible system crash due to a heap buffer overflow. This could lead to ... | | |
| CVE-2021-32489 | An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. Th... | E | |
| CVE-2021-32490 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv... | | |
| CVE-2021-32491 | A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/... | | |
| CVE-2021-32492 | A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::... | | |
| CVE-2021-32493 | A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::... | | |
| CVE-2021-32494 | Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow a... | E S | |
| CVE-2021-32495 | Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can re... | S | |
| CVE-2021-32496 | SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vul... | | |
| CVE-2021-32497 | SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and prov... | S | |
| CVE-2021-32498 | SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and u... | S | |
| CVE-2021-32499 | SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass... | S | |
| CVE-2021-32500 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-32501 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32502 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32503 | Unauthenticated users can access sensitive web URLs through GET request, which should be restricted ... | | |
| CVE-2021-32504 | Unauthenticated users can access sensitive web URLs through GET request, which should be restricted ... | | |
| CVE-2021-32505 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32506 | QSAN Storage Manager - Absolute Path Traversal via GetImage function | S | |
| CVE-2021-32507 | QSAN Storage Manager - Absolute Path Traversal via FileDownload function | S | |
| CVE-2021-32508 | QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function | S | |
| CVE-2021-32509 | QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileviewDoc function | S | |
| CVE-2021-32510 | QSAN Storage Manager - Exposure of Information Through Directory Listing Following via Antivirus function | S | |
| CVE-2021-32511 | QSAN Storage Manager - Exposure of Information Through Directory Listing Following via ViewBroserList function | S | |
| CVE-2021-32512 | QSAN Storage Manager - Command Injection Following via QuickInstall function | S | |
| CVE-2021-32513 | QSAN Storage Manager - Command Injection Following via QsanTorture function | S | |
| CVE-2021-32514 | QSAN Storage Manager - Improper Access Control Following via FirwareUpgrade function | S | |
| CVE-2021-32515 | QSAN Storage Manager - Exposure of Information Through Directory Listing | S | |
| CVE-2021-32516 | QSAN Storage Manager - Path Traversal | S | |
| CVE-2021-32517 | QSAN Storage Manager - Improper Access Control | S | |
| CVE-2021-32518 | QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following | S | |
| CVE-2021-32519 | QSAN Storage Manager, XEVO, SANOS - Use of Password Hash With Insufficient Computational Effort | S | |
| CVE-2021-32520 | QSAN Storage Manager - Use of Hard-coded Cryptographic Key | S | |
| CVE-2021-32521 | QSAN Storage Manager, XEVO, SANOS - Use of Hard-coded Password | S | |
| CVE-2021-32522 | QSAN Storage Manager, XEVO, SANOS - Improper Restriction of Excessive Authentication Attempts | S | |
| CVE-2021-32523 | QSAN Storage Manager - Improper Authorization | S | |
| CVE-2021-32524 | QSAN Storage Manager - Command Injection-3 | S | |
| CVE-2021-32525 | QSAN Storage Manager - Use of Hard-coded Password-2 | S | |
| CVE-2021-32526 | QSAN Storage Manager - Incorrect Permission Assignment for Critical Resource | S | |
| CVE-2021-32527 | QSAN Storage Manager - Path Traversal-2 | S | |
| CVE-2021-32528 | QSAN Storage Manager - Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2021-32529 | QSAN XEVO, SANOS - Command Injection -1 | S | |
| CVE-2021-32530 | QSAN XEVO - Command Injection Following via Array function | S | |
| CVE-2021-32531 | QSAN XEVO - Command Injection Following via Init function | S | |
| CVE-2021-32532 | QSAN XEVO - Path Traversal | S | |
| CVE-2021-32533 | QSAN SANOS - Command Injection | S | |
| CVE-2021-32534 | QSAN SANOS - Command Injection | S | |
| CVE-2021-32535 | QSAN SANOS - Use of Hard-coded Credentials | S | |
| CVE-2021-32536 | MCU Technologies MCUsystem - Reflected XSS | S | |
| CVE-2021-32537 | Realtek High definition audio Windows driver crashed | E S | |
| CVE-2021-32538 | ARTWARE CMS - Unrestricted Upload of File | S | |
| CVE-2021-32539 | Hundred Plus 101EIP - Stored XSS-1 | S | |
| CVE-2021-32540 | Hundred Plus 101EIP - Stored XSS-2 | S | |
| CVE-2021-32541 | SysJust CTS Web - Broken Access Control | S | |
| CVE-2021-32542 | SysJust CTS Web - Reflected XSS | S | |
| CVE-2021-32543 | SysJust CTS Web - Broken Authentication | S | |
| CVE-2021-32544 | Intelligent global technology Ltd, igt+ - DOM-based Cross-Site Scripting | S | |
| CVE-2021-32545 | Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.... | | |
| CVE-2021-32546 | Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to e... | | |
| CVE-2021-32547 | apport read_file() function could follow maliciously constructed symbolic links | | |
| CVE-2021-32548 | apport read_file() function could follow maliciously constructed symbolic links | | |
| CVE-2021-32549 | apport read_file() function could follow maliciously constructed symbolic links | | |
| CVE-2021-32550 | apport read_file() function could follow maliciously constructed symbolic links | | |
| CVE-2021-32551 | apport read_file() function could follow maliciously constructed symbolic links | | |
| CVE-2021-32552 | apport read_file() function could follow maliciously constructed symbolic links | | |
| CVE-2021-32553 | apport read_file() function could follow maliciously constructed symbolic links | | |
| CVE-2021-32554 | apport read_file() function could follow maliciously constructed symbolic links | | |
| CVE-2021-32555 | apport read_file() function could follow maliciously constructed symbolic links | | |
| CVE-2021-32556 | apport get_modified_conffiles() function command injection | | |
| CVE-2021-32557 | apport process_report() arbitrary file write | E | |
| CVE-2021-32558 | An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17... | E S | |
| CVE-2021-32559 | An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE... | S | |
| CVE-2021-32560 | The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to ... | E | |
| CVE-2021-32561 | OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.... | E | |
| CVE-2021-32563 | An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular... | S | |
| CVE-2021-32565 | HTTP Request Smuggling, content length with invalid charters | | |
| CVE-2021-32566 | Specific sequence of HTTP/2 frames can cause ATS to crash | | |
| CVE-2021-32567 | Reading HTTP/2 frames too many times | | |
| CVE-2021-32568 | Deserialization of Untrusted Data in zmister2016/mrdoc | E S | |
| CVE-2021-32569 | In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX ... | | |
| CVE-2021-32570 | In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorizati... | | |
| CVE-2021-32571 | In OSS-RC systems of the release 18B and older during data migration procedures certain files contai... | | |
| CVE-2021-32572 | Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at... | E | |
| CVE-2021-32573 | The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user i... | E | |
| CVE-2021-32574 | HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not v... | | |
| CVE-2021-32575 | HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing ... | S | |
| CVE-2021-32576 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to impr... | | |
| CVE-2021-32577 | Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to inse... | | |
| CVE-2021-32578 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to impr... | | |
| CVE-2021-32579 | Acronis True Image prior to 2021 Update 4 for Windows and Acronis True Image prior to 2021 Update 5 ... | | |
| CVE-2021-32580 | Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to DLL ... | | |
| CVE-2021-32581 | Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for... | | |
| CVE-2021-32582 | An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability e... | | |
| CVE-2021-32584 | An improper access control (CWE-284) vulnerability in FortiWLC version 8.6.0, version 8.5.3 and belo... | S | |
| CVE-2021-32585 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN be... | | |
| CVE-2021-32586 | An improper input validation vulnerability in the web server CGI facilities of FortiMail before 7.0.... | | |
| CVE-2021-32587 | An improper access control vulnerability in FortiManager and FortiAnalyzer GUI interface 7.0.0, 6.4.... | | |
| CVE-2021-32588 | A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal versions 5.2.5 and below, 5.3... | | |
| CVE-2021-32589 | A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, ver... | S | |
| CVE-2021-32590 | Multiple improper neutralization of special elements used in an SQL command vulnerabilities in Forti... | | |
| CVE-2021-32591 | A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS cre... | S | |
| CVE-2021-32592 | An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and F... | | |
| CVE-2021-32593 | A use of a broken or risky cryptographic algorithm vulnerability [CWE-327] in the Dynamic Tunnel Pro... | S | |
| CVE-2021-32594 | An unrestricted file upload vulnerability in the web interface of FortiPortal 6.0.0 through 6.0.4, 5... | | |
| CVE-2021-32595 | Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal befor... | | |
| CVE-2021-32596 | A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of For... | | |
| CVE-2021-32597 | Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and Fo... | | |
| CVE-2021-32598 | An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerabili... | | |
| CVE-2021-32600 | An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.... | | |
| CVE-2021-32601 | Rejected reason: Not used... | R | |
| CVE-2021-32602 | An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal... | | |
| CVE-2021-32603 | A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7... | | |
| CVE-2021-32604 | Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail... | E | |
| CVE-2021-32605 | zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them ... | E | |
| CVE-2021-32606 | In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escala... | S | |
| CVE-2021-32607 | An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/PrivateMessages/View.... | E S | |
| CVE-2021-32608 | An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1.1. Views/Boards/Partials/_Foru... | E S | |
| CVE-2021-32609 | XSS vulnerability on Explore page | | |
| CVE-2021-32610 | In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a diff... | S | |
| CVE-2021-32611 | A NULL pointer dereference vulnerability exists in eXcall_api.c in Antisip eXosip2 through 5.2.0 whe... | S | |
| CVE-2021-32612 | The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android does all communication with the... | E | |
| CVE-2021-32613 | In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file wh... | E S | |
| CVE-2021-32614 | A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read b... | | |
| CVE-2021-32615 | Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Injection.... | E S | |
| CVE-2021-32616 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in 1CDN | S | |
| CVE-2021-32617 | Denial of service in Exiv2 | S | |
| CVE-2021-32618 | Open Redirect Vulnerability | | |
| CVE-2021-32619 | Static imports inside dynamically imported modules do not adhere to permission checks | | |
| CVE-2021-32620 | Users registered with email verification can self re-activate their disabled accounts | S | |
| CVE-2021-32621 | Script injection without script or programming rights through Gadget titles | E S | |
| CVE-2021-32622 | File upload local preview can run embedded scripts after user interaction | S | |
| CVE-2021-32623 | Opencast vulnerable to billion laughs attack (XML bomb) | E S | |
| CVE-2021-32624 | Private Field data leak | | |
| CVE-2021-32625 | Redis vulnerability in STRALGO LCS on 32-bit systems | | |
| CVE-2021-32626 | Lua scripts can overflow the heap-based Lua stack in Redis | S | |
| CVE-2021-32627 | Integer overflow issue with Streams in Redis | S | |
| CVE-2021-32628 | Vulnerability in handling large ziplists | S | |
| CVE-2021-32629 | Memory access due to code generation flaw in Cranelift module | E S | |
| CVE-2021-32630 | Various | E | |
| CVE-2021-32631 | JSON Web Tokens not properly verified | S | |
| CVE-2021-32632 | CSRF allowing modification of commands, modules, banphrases through hidden iFrames | E S | |
| CVE-2021-32633 | Remote Code Execution via traversal in TAL expressions | E S | |
| CVE-2021-32634 | Deserialization of Untrusted Data in Emissary | S | |
| CVE-2021-32635 | Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint | | |
| CVE-2021-32637 | Authentication bypassed with malformed request URI | E S | |
| CVE-2021-32638 | CodeQL runner: Command-line options that make GitHub access tokens visible to other processes are now deprecated | E S | |
| CVE-2021-32639 | Server-Side Request Forgery (SSRF) in emissary:emissary | E | |
| CVE-2021-32640 | ReDoS in Sec-Websocket-Protocol header | E S | |
| CVE-2021-32641 | Reflected XSS when using flashMessages | E S | |
| CVE-2021-32642 | Missing input validation in dynamic discovery example scripts. | | |
| CVE-2021-32643 | StaticFile.fromUrl can leak presence of a directory | S | |
| CVE-2021-32644 | Cross-site Scripting in Random.php | S | |
| CVE-2021-32645 | Open Redirect in tenancy | S | |
| CVE-2021-32646 | Escalation of permissions in roomer | S | |
| CVE-2021-32647 | Post-authentication Remote Code Execution (RCE) in emissary:emissary | E S | |
| CVE-2021-32648 | Account Takeover in Octobercms | KEV S | |
| CVE-2021-32649 | Authenticated file write leads to remote code execution in october/system | S | |
| CVE-2021-32650 | Arbitrary code execution in october/system | E S | |
| CVE-2021-32651 | LDAP injection via OneDev may leak some LDAP directory information | E S | |
| CVE-2021-32652 | Missing permission check on email metadata retrieval | E | |
| CVE-2021-32653 | Default settings leak federated cloud ID to lookup server of all users | | |
| CVE-2021-32654 | Attacker can obtain write access to any federated share/public link | | |
| CVE-2021-32655 | Files Drop public link can be added as federated share | | |
| CVE-2021-32656 | Trusted servers exchange can be triggered by attacker | | |
| CVE-2021-32657 | Malicious user could break user administration page | | |
| CVE-2021-32658 | Sensitive data may not be removed from storage on account removal | E S | |
| CVE-2021-32659 | Automatic room upgrade handling can be used maliciously to bridge a room non-consentually | S | |
| CVE-2021-32660 | TechDocs content sanitization bypass | S | |
| CVE-2021-32661 | TechDocs object element script injection | S | |
| CVE-2021-32662 | TechDocs mkdocs.yml path traversal | S | |
| CVE-2021-32663 | Unauthorized setup leads to SSRF in Combodo/iTop | S | |
| CVE-2021-32664 | Reflected XSS in Combodo/iTop | S | |
| CVE-2021-32665 | Verified groups not reliable | S | |
| CVE-2021-32666 | Asset DoS vulnerability | S | |
| CVE-2021-32667 | Cross-Site Scripting in Page Preview | | |
| CVE-2021-32668 | Cross-Site Scripting in Query Generator & Query View | | |
| CVE-2021-32669 | Cross-Site Scripting in Backend Grid View | | |
| CVE-2021-32670 | Reflected cross-site scripting issue in Datasette | S | |
| CVE-2021-32671 | XSS vulnerability with translator | S | |
| CVE-2021-32672 | Vulnerability in Lua Debugger in Redis | S | |
| CVE-2021-32673 | Remote Command Execution in reg-keygen-git-hash-plugin | S | |
| CVE-2021-32674 | Remote Code Execution via traversal in TAL expressions | S | |
| CVE-2021-32675 | DoS vulnerability in Redis | S | |
| CVE-2021-32676 | Session Fixation in Nextcloud Talk | | |
| CVE-2021-32677 | Cross-Site Request Forgery (CSRF) in FastAPI | S | |
| CVE-2021-32678 | Ratelimit not applied on OCS API responses | S | |
| CVE-2021-32679 | Filenames not escaped by default in controllers using DownloadResponse | S | |
| CVE-2021-32680 | Audit log is not properly logging unsetting of share expiration date | S | |
| CVE-2021-32681 | Improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocks | E M | |
| CVE-2021-32682 | Multiple vulnerabilities leading to RCE | E S | |
| CVE-2021-32683 | XSS through createObjectURL | E S | |
| CVE-2021-32684 | Missing Handler in @scandipwa/magento-scripts | S | |
| CVE-2021-32685 | Improper Verification of Cryptographic Signature in tenvoy | S | |
| CVE-2021-32686 | Denial of Service in PJSIP | S | |
| CVE-2021-32687 | Integer overflow issue with intsets in Redis | S | |
| CVE-2021-32688 | Application specific tokens can change their own scope | S | |
| CVE-2021-32689 | Nextcloud Talk not properly disassociating users from chats after account deletion | S | |
| CVE-2021-32690 | Repository credentials passed to alternate domain | | |
| CVE-2021-32691 | Auto-merging Person Records Compromised | S | |
| CVE-2021-32692 | Activity Watch vulnerable to command execution on macOS via printAppTitle.scpt | S | |
| CVE-2021-32693 | Authentication granted with multiple firewalls | S | |
| CVE-2021-32694 | Malicious Android application can crash the Nextcloud Android Client | E S | |
| CVE-2021-32695 | Malicious Android app could access Shared Preferences of the Nextcloud Android client | E S | |
| CVE-2021-32696 | Passing in a non-string 'html' argument can lead to unsanitized output | S | |
| CVE-2021-32697 | Form validation can be skipped | S | |
| CVE-2021-32698 | Blind Server-Side Request Forgery (SSRF) in eLabFTW | S | |
| CVE-2021-32699 | Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings | S | |
| CVE-2021-32700 | Supply chain attack via MiTM against users | S | |
| CVE-2021-32701 | Possible bypass of token claim validation when OAuth2 Introspection caching is enabled | S | |
| CVE-2021-32702 | Reflected XSS from the callback handler's error query parameter | S | |
| CVE-2021-32703 | Lack of ratelimit on shareinfo endpoint | S | |
| CVE-2021-32704 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in dhis2-core | | |
| CVE-2021-32705 | Lack of ratelimit on public DAV endpoint | S | |
| CVE-2021-32706 | (Authenticated) Remote Code Execution Possible in Web Interface 5.5 | E | |
| CVE-2021-32707 | Bypass of image blocking in Nextcloud Mail | E S | |
| CVE-2021-32708 | Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem | S | |
| CVE-2021-32709 | Creation of order credits was not validated by acl in admin orders | | |
| CVE-2021-32710 | Potential Session Hijacking in Shopware | S | |
| CVE-2021-32711 | Leak of information via Store-API | S | |
| CVE-2021-32712 | Information leakage in Error Handler | S | |
| CVE-2021-32713 | Authenticated Stored XSS | S | |
| CVE-2021-32714 | Integer Overflow in Chunked Transfer-Encoding | E | |
| CVE-2021-32715 | Lenient Parsing of Content-Length Header When Prefixed with Plus Sign | E S | |
| CVE-2021-32716 | Internal hidden fields are visible on to many associations in admin api | S | |
| CVE-2021-32717 | Private files publicly accessible with Cloud Storage providers | S | |
| CVE-2021-32718 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ management UI | E S | |
| CVE-2021-32719 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in RabbitMQ federation management plugin | E S | |
| CVE-2021-32720 | List of order ids, number, items total and token value exposed for unauthorized uses via new API | M | |
| CVE-2021-32721 | URL Redirection to Untrusted Site ('Open Redirect') in github.com/AndrewBurian/powermux | | |
| CVE-2021-32722 | Uncontrolled Resource Consumption in GlobalNewFiles | S | |
| CVE-2021-32723 | Regular Expression Denial of Service (ReDoS) in Prism | S | |
| CVE-2021-32724 | check-spelling workflow vulnerable to GITHUB_TOKEN leakage via symlink attack | S | |
| CVE-2021-32725 | Default share permissions not respected for federated reshares | S | |
| CVE-2021-32726 | Webauthn tokens not removed after user has been deleted | | |
| CVE-2021-32727 | End-to-end encryption device setup did not verify public key | | |
| CVE-2021-32728 | End-to-end encryption device setup did not verify public key | E S | |
| CVE-2021-32729 | A user without PR can reset user authentication failures information | | |
| CVE-2021-32730 | No CSRF protection on the password change form | E S | |
| CVE-2021-32731 | The reset password form reveal users email address | S | |
| CVE-2021-32732 | Cross-Site Request Forgery in xwiki-platform | E S | |
| CVE-2021-32733 | XSS in Nextcloud Text application | S | |
| CVE-2021-32734 | File path disclosure of shared files in Nextcloud Text application | S | |
| CVE-2021-32735 | Cross-site scripting (XSS) from field and configuration text displayed in the Panel | S | |
| CVE-2021-32736 | Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in think-helper | | |
| CVE-2021-32737 | XSS Injection in Media Collection Title was possible | | |
| CVE-2021-32738 | Utils.readChallengeTx does not verify the server account signature | | |
| CVE-2021-32739 | Results of queries for ApiListener objects include the ticket salt which allows in turn to steal (more privileged) identities | E | |
| CVE-2021-32740 | Regular Expression Denial of Service in Addressable templates | S | |
| CVE-2021-32741 | Lack of ratelimit on public share link mount endpoint | S | |
| CVE-2021-32742 | Untrusted data fed into `Data.init(base32Encoded:)` can result in exposing server memory and/or crash | | |
| CVE-2021-32743 | Passwords used to access external services inadvertently exposed through API | E | |
| CVE-2021-32744 | Unauthenticated attacker could gain access to currently open files | | |
| CVE-2021-32745 | Reflected Cross-Site-Scripting vulnerability | | |
| CVE-2021-32746 | Possible path traversal by use of the `doc` module | E | |
| CVE-2021-32747 | Custom variable protection and blacklists can be circumvented | E | |
| CVE-2021-32748 | WOPI API not protected by credentials/IP check | | |
| CVE-2021-32749 | Possible RCE vulnerability in mailing action using mailutils (mail-whois) | E S | |
| CVE-2021-32750 | De-anonymization via message | E | |
| CVE-2021-32751 | Arbitrary code execution via specially crafted environment variables | E | |
| CVE-2021-32752 | Files or Directories Accessible to External Parties in ether/logs | | |
| CVE-2021-32753 | Weak password in API gateway in EdgeX Foundry Edinburgh, Fuji, Geneva, and Hanoi releases allows remote attackers to obtain authentication token via dictionary-based password attack when OAuth2 authentication method is enabled. | | |
| CVE-2021-32754 | Improper Restriction of XML External Entity Reference in de.tud.sse | | |
| CVE-2021-32755 | Certificate pinning is not enforced on the web socket connection | | |
| CVE-2021-32756 | Arbitrary eval through MiqExpression | | |
| CVE-2021-32758 | Layout XML Arbitrary Code Fix | | |
| CVE-2021-32759 | Data Flow Sanitation Issue Fix | S | |
| CVE-2021-32760 | Archive package allows chmod of file outside of unpack target directory | | |
| CVE-2021-32761 | Integer overflow issues with *BIT commands on 32-bit systems | | |
| CVE-2021-32762 | Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms | S | |
| CVE-2021-32763 | Regular Expression Denial of Service in OpenProject forum messages | S | |
| CVE-2021-32764 | YouTube Onebox susceptible to XSS | | |
| CVE-2021-32765 | Integer Overflow to Buffer Overflow in Hiredis | S | |
| CVE-2021-32766 | Nextcloud Text app can disclose existence of folders in "File Drop" link share | S | |
| CVE-2021-32767 | Information Disclosure in User Authentication | | |
| CVE-2021-32768 | Cross-Site Scripting via Rich-Text Content | | |
| CVE-2021-32769 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in micronaut-core | E S | |
| CVE-2021-32770 | Basic-auth app bundle credential exposure in gatsby-source-wordpress | E | |
| CVE-2021-32771 | Buffer overflow in contiki-ng | S | |
| CVE-2021-32772 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in helper_entries | | |
| CVE-2021-32773 | Confused deputy attack in sandbox module resolution | S | |
| CVE-2021-32774 | Cross-Site Request Forgery (CSRF) in DataDump | S | |
| CVE-2021-32775 | Any user can see any fields (including mailbox password) with GroupBy Dashlet | | |
| CVE-2021-32776 | No CSRF form token cleanup on Windows servers | | |
| CVE-2021-32777 | Incorrect concatenation of multiple value request headers in ext-authz extension | | |
| CVE-2021-32778 | Excessive CPU utilization when closing HTTP/2 streams | | |
| CVE-2021-32779 | Incorrectly handling of URI '#fragment' element as part of the path element | | |
| CVE-2021-32780 | Incorrect handling of H/2 GOAWAY followed by SETTINGS frames | | |
| CVE-2021-32781 | Continued processing of requests after locally generated response | | |
| CVE-2021-32782 | Cross-Site Scripting in Nextcloud Circles | S | |
| CVE-2021-32783 | Authorization bypass in Contour | S | |
| CVE-2021-32785 | Format string bug in the Redis cache implementation | S | |
| CVE-2021-32786 | Open Redirect in oidc_validate_redirect_url() | E S | |
| CVE-2021-32787 | Low risk information disclosure in Sourcegraph | S | |
| CVE-2021-32788 | Post creator of a whisper post can be revealed to non-staff users in Discourse | S | |
| CVE-2021-32789 | Arbitrary SQL (SQL injection) possible via the Store API component. | S | |
| CVE-2021-32790 | Blind SQL Injection possible via Authenticated Web-hook Search API Endpoint | S | |
| CVE-2021-32791 | Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc | S | |
| CVE-2021-32792 | XSS vulnerability when using OIDCPreservePost On in mod_auth_openidc | S | |
| CVE-2021-32793 | Stored XSS Vulnerability in the Pi-hole Webinterface | E | |
| CVE-2021-32794 | Accidental removal of IPCPassword (< 5.1.2.4) | E S | |
| CVE-2021-32795 | Denial of Service via Steam chat in ArchiSteamFarm | E S | |
| CVE-2021-32796 | Misinterpretation of malicious XML input in xmldom | S | |
| CVE-2021-32797 | JupyterLab: XSS due to lack of sanitization of the action attribute of an html | E | |
| CVE-2021-32798 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook | E | |
| CVE-2021-32800 | Bypass of Two Factor Authentication in Nextcloud server | S | |
| CVE-2021-32801 | Exceptions may have logged Encryption-at-Rest key content in Nextcloud server | | |
| CVE-2021-32802 | Preview generation used third-party library not suited for user-generated content in Nextcloud server | M | |
| CVE-2021-32803 | Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning | S | |
| CVE-2021-32804 | Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization | S | |
| CVE-2021-32805 | URL Redirection to Untrusted Site ('Open Redirect') in Flask-AppBuilder | S | |
| CVE-2021-32806 | URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal | S | |
| CVE-2021-32807 | Remote Code Execution via unsafe classes in otherwise permitted modules | S | |
| CVE-2021-32808 | Cross-site scripting in ckeditor via abuse of undo functionality | S | |
| CVE-2021-32809 | Arbitrary HTML injection vulnerability in ckeditor | S | |
| CVE-2021-32810 | Data race in crossbeam-deque | | |
| CVE-2021-32811 | Remote Code Execution via Script (Python) objects under Python 3 | S | |
| CVE-2021-32812 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') and Improper Encoding or Escaping of Output in frontend/server/server.js | S | |
| CVE-2021-32813 | Drop Headers via Malicious Connection Header | S | |
| CVE-2021-32814 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Skytable | S | |
| CVE-2021-32815 | Denial of service due to assertion failure in crwimage_int.cpp | S | |
| CVE-2021-32816 | Regular expression Denial of Service in ProtonMail | E S | |
| CVE-2021-32817 | File disclosure in express-hbs | E S | |
| CVE-2021-32818 | Remote code execution and Reflected cross site scripting in haml-coffee | E | |
| CVE-2021-32819 | Remote code execution in squirrelly | E | |
| CVE-2021-32820 | File disclosure in Express Handlebars | E S | |
| CVE-2021-32821 | Regular expression Denial of Service in MooTools | E | |
| CVE-2021-32822 | File disclosure in hbs | E | |
| CVE-2021-32823 | Potential Denial-of-Service in bindata | E S | |
| CVE-2021-32824 | Regular expression Denial of Service in MooTools | E | |
| CVE-2021-32825 | ZipSlip vulnerability in bblfshd | E S | |
| CVE-2021-32826 | Remote code execution in Proxyee-Down | E | |
| CVE-2021-32827 | Arbitrary code execution in MockServer | E S | |
| CVE-2021-32828 | Regular expression Denial of Service in MooTools | E | |
| CVE-2021-32829 | Post-authentication Remote Code Execution (RCE) in ZStack REST API | E | |
| CVE-2021-32830 | The @diez/generation npm package is a client for Diez. The locateFont method of @diez/generation has... | E | |
| CVE-2021-32831 | Code injection in total.js | E S | |
| CVE-2021-32832 | ReDOS in Rocket.Chat | E S | |
| CVE-2021-32833 | Unauthenticated file read in Emby Server | E | |
| CVE-2021-32834 | Arbitrary Groovy script evaluation in Eclipse Keti | E | |
| CVE-2021-32835 | Groovy Sandbox escape in Eclipse Keti | E | |
| CVE-2021-32836 | Pre-auth unsafe deserialization in ZStack | E | |
| CVE-2021-32837 | mechanize vulnerable to ReDoS | E S | |
| CVE-2021-32838 | Regular Expression Denial of Service in flask-restx | S | |
| CVE-2021-32839 | Regular Expression Denial of Service in sqlparse | S | |
| CVE-2021-32840 | Path Traversal in SharpZipLib | E S | |
| CVE-2021-32841 | Path Traversal in SharpZipLib | E S | |
| CVE-2021-32842 | Path Traversal in SharpZipLib | E | |
| CVE-2021-32843 | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.2021010... | S | |
| CVE-2021-32844 | HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.2021010... | S | |
| CVE-2021-32845 | Moby HyperKit uninitialized memory use vtrnd pci_vtrnd_notify | S | |
| CVE-2021-32846 | Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx | S | |
| CVE-2021-32847 | Moby HyperKit uninitialized memory use in virtio-sock pci_vtsock_proc_tx | E S | |
| CVE-2021-32848 | Octobox ReDoS vulnerability | E S | |
| CVE-2021-32849 | Arbitrary command execution in Gerapy | E | |
| CVE-2021-32850 | jQuery MiniColors vulnerable to Cross-site Scripting | E S | |
| CVE-2021-32851 | jQuery MiniColors vulnerable to Cross-site Scripting | E S | |
| CVE-2021-32852 | countly-server vulnerable to Cross-site Scripting | E | |
| CVE-2021-32853 | Erxes vulnerable to Cross-site Scripting | E | |
| CVE-2021-32854 | textAngular text editor vulnerable to Cross-site Scripting | E | |
| CVE-2021-32855 | vditor vulnerable to Cross-site Scripting | E S | |
| CVE-2021-32856 | Microweber vulnerable to Cross-site Scripting | E S | |
| CVE-2021-32857 | Cockpit vulnerable to Cross-site Scripting | E S | |
| CVE-2021-32858 | esdoc-publish-html-plugin vulnerable to Cross-site Scripting | E S | |
| CVE-2021-32859 | Baremetrics date range picker vulnerable to Cross-site Scripting | E S | |
| CVE-2021-32860 | iziModal vulnerable to Cross-site Scripting | E S | |
| CVE-2021-32861 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-32856. Reason: This candidat... | R | |
| CVE-2021-32862 | nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths | E | |
| CVE-2021-32863 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32864 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32865 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32866 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32867 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32868 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32869 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32870 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32871 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32872 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32873 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32874 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32875 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32876 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32877 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32878 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32879 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32880 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32881 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32882 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32883 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32884 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32885 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32886 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32887 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32888 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32889 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32890 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32891 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32892 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32893 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32894 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32895 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32896 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32897 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32898 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32899 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32900 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32901 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32902 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32903 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32904 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32905 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32906 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32907 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32908 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32909 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32910 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32911 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32912 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32913 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32914 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32915 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-32917 | An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by defaul... | M | |
| CVE-2021-32918 | An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthe... | M | |
| CVE-2021-32919 | An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option ... | M | |
| CVE-2021-32920 | Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation reque... | M | |
| CVE-2021-32921 | An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comp... | M | |
| CVE-2021-32923 | HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic ... | | |
| CVE-2021-32924 | Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a ... | E | |
| CVE-2021-32925 | admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load externa... | E S | |
| CVE-2021-32926 | When an authenticated password change request takes place, this vulnerability could allow the attack... | | |
| CVE-2021-32927 | Uffizio GPS Tracker Cross-site Scripting | M | |
| CVE-2021-32928 | The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named ... | | |
| CVE-2021-32929 | Uffizio GPS Tracker Cross-site Request Forgery | M | |
| CVE-2021-32930 | The affected product’s configuration is vulnerable due to missing authentication, which may allow an... | | |
| CVE-2021-32931 | An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited ... | | |
| CVE-2021-32932 | The affected product is vulnerable to a SQL injection, which may allow an unauthorized attacker to d... | | |
| CVE-2021-32933 | MDT AutoSave Command Injection | S | |
| CVE-2021-32934 | ThroughTek P2P SDK - Cleartext Transmission of Sensitive Information | | |
| CVE-2021-32935 | Cognex In-Sight OPC Server - Deserialization of Untrusted Data | | |
| CVE-2021-32936 | An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All ve... | S | |
| CVE-2021-32937 | MDT AutoSave Generation of Error Message Containing Sensitive Information | S | |
| CVE-2021-32938 | Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing o... | S | |
| CVE-2021-32939 | FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to an out-of-bounds write while... | | |
| CVE-2021-32940 | An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All ver... | S | |
| CVE-2021-32941 | Annke Network Video Recorder - Stack-based Buffer Overflow | | |
| CVE-2021-32942 | The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prio... | S | |
| CVE-2021-32943 | The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to ... | | |
| CVE-2021-32944 | A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions pr... | S | |
| CVE-2021-32945 | MDT AutoSave Inadequate Encryption Strength | S | |
| CVE-2021-32946 | An improper check for unusual or exceptional conditions issue exists within the parsing DGN files fr... | S | |
| CVE-2021-32947 | FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable to a stack-based buffer overflo... | | |
| CVE-2021-32948 | An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versi... | S | |
| CVE-2021-32949 | MDT AutoSave Relative Path Traversal | S | |
| CVE-2021-32950 | An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions... | S | |
| CVE-2021-32951 | Advantech WebAccess/NMS Improper Authentication | S | |
| CVE-2021-32952 | An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2... | S | |
| CVE-2021-32953 | MDT AutoSave SQL Injection | S | |
| CVE-2021-32954 | Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may... | | |
| CVE-2021-32955 | Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may all... | | |
| CVE-2021-32956 | Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an ... | | |
| CVE-2021-32957 | MDT AutoSave Uncontrolled Search Path Element | S | |
| CVE-2021-32958 | Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel | | |
| CVE-2021-32959 | AVEVA SuiteLink Server Buffer Overflow | S | |
| CVE-2021-32960 | Rockwell Automation FactoryTalk Services Platform Protection Mechanism Failure | S | |
| CVE-2021-32961 | MDT AutoSave Unrestricted Upload of File with Dangerous Type | S | |
| CVE-2021-32962 | Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel | | |
| CVE-2021-32963 | AVEVA SuiteLink Server Null Pointer Dereference | S | |
| CVE-2021-32964 | Claroty Secure Remote Access Site - Authentication Bypass Using an Alternate Path or Channel | | |
| CVE-2021-32965 | Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write | | |
| CVE-2021-32966 | Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information | M | |
| CVE-2021-32967 | Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrati... | | |
| CVE-2021-32968 | Moxa NPort IAW5000A-I/O Series Serial Device Server Classic Buffer Overflow | S | |
| CVE-2021-32969 | Delta Electronics DIAScreen - Type Confusion, Out-of-bounds Write | | |
| CVE-2021-32970 | Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation | S | |
| CVE-2021-32971 | AVEVA SuiteLink Server Null Pointer Dereference | S | |
| CVE-2021-32972 | Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file spec... | | |
| CVE-2021-32974 | Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation | S | |
| CVE-2021-32975 | Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing p... | | |
| CVE-2021-32976 | Moxa NPort IAW5000A-I/O Series Serial Device Server Stack-based Buffer Overflow | S | |
| CVE-2021-32977 | AVEVA System Platform Improper Verification of Cryptographic Signature | S | |
| CVE-2021-32978 | Automation Direct CLICK PLC CPU Modules Plaintext Storage of a Password | S | |
| CVE-2021-32979 | AVEVA SuiteLink Server Null Pointer Dereference | S | |
| CVE-2021-32980 | Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel | S | |
| CVE-2021-32981 | AVEVA System Platform Path Traversal | S | |
| CVE-2021-32982 | Automation Direct CLICK PLC CPU Modules Cleartext Transmission of Sensitive Information | S | |
| CVE-2021-32983 | A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta El... | | |
| CVE-2021-32984 | Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel | S | |
| CVE-2021-32985 | AVEVA System Platform Origin Validation Error | S | |
| CVE-2021-32986 | Automation Direct CLICK PLC CPU Modules Authentication Bypass Using an Alternate Path or Channel | S | |
| CVE-2021-32987 | AVEVA SuiteLink Server Null Pointer Dereference | S | |
| CVE-2021-32988 | FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds write, whic... | | |
| CVE-2021-32989 | LCDS LAquis SCADA - Cross-site Scripting | | |
| CVE-2021-32990 | FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which... | | |
| CVE-2021-32991 | Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, wh... | | |
| CVE-2021-32992 | FATEK Automation WinProladder Versions 3.30 and prior do not properly restrict operations within the... | | |
| CVE-2021-32993 | Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials | | |
| CVE-2021-32994 | Softing OPC-UA C++ SDK Improper Restriction of Operations within the Bounds of a Memory Buffer | S | |
| CVE-2021-32995 | Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing p... | | |
| CVE-2021-32996 | The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which caus... | | |
| CVE-2021-32997 | Baker Hughes Bently Nevada 3500 - Use of Password Hash with Insufficient Computational Effort | | |
| CVE-2021-32998 | The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may a... | | |
| CVE-2021-32999 | AVEVA SuiteLink Server Improper Handling of Exceptional Conditions | S |