| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-33000 | Parsing a maliciously crafted project file may cause a heap-based buffer overflow, which may allow a... | | |
| CVE-2021-33001 | xArrow SCADA Cross-site Scripting | M | |
| CVE-2021-33002 | Opening a maliciously crafted project file may cause an out-of-bounds write, which may allow an atta... | | |
| CVE-2021-33003 | Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in ... | | |
| CVE-2021-33004 | The affected product is vulnerable to memory corruption condition due to lack of proper validation o... | | |
| CVE-2021-33005 | mySCADA myPRO Path Traversal | S | |
| CVE-2021-33007 | A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by p... | | |
| CVE-2021-33008 | AVEVA System Platform Missing Authentication for Critical Function | S | |
| CVE-2021-33009 | mySCADA myPRO Unrestricted Upload of File with Dangerous Type | S | |
| CVE-2021-33010 | AVEVA System Platform Uncaught Exception | S | |
| CVE-2021-33011 | All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYO... | | |
| CVE-2021-33012 | Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending... | | |
| CVE-2021-33013 | mySCADA myPRO Improper Access Control | S | |
| CVE-2021-33014 | KUKA KR C4 - Use of Hard-Coded Credentials | | |
| CVE-2021-33015 | Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing p... | | |
| CVE-2021-33016 | KUKA KR C4 - Use of Hard-Coded Credentials | | |
| CVE-2021-33017 | Philips IntelliBridge EC 40 and EC 80 Hub Authentication Bypass Using an Alternate Path or Channel | | |
| CVE-2021-33018 | Philips Vue PACS Use of a Broken or Risky Cryptographic Algorithm | S | |
| CVE-2021-33019 | A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior m... | | |
| CVE-2021-33020 | Philips Vue PACS Use of a Key Past its Expiration Date | S | |
| CVE-2021-33021 | xArrow SCADA Cross-site Scripting | M | |
| CVE-2021-33022 | Philips Vue PACS Cleartext Transmission of Sensitive Information | S | |
| CVE-2021-33023 | Advantech WebAccess | S | |
| CVE-2021-33024 | Philips Vue PACS Insufficiently Protected Credentials | S | |
| CVE-2021-33025 | xArrow SCADA Path Traversal | M | |
| CVE-2021-33026 | The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may l... | S | |
| CVE-2021-33027 | Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.... | | |
| CVE-2021-33031 | In LabCup before | | |
| CVE-2021-33032 | A Remote Code Execution (RCE) vulnerability in the WebUI component of the eQ-3 HomeMatic CCU2 firmwa... | E | |
| CVE-2021-33033 | The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c bec... | E S | |
| CVE-2021-33034 | In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an... | E S | |
| CVE-2021-33035 | Buffer overflow from a crafted DBF file | S | |
| CVE-2021-33036 | Apache Hadoop Privilege escalation vulnerability | M | |
| CVE-2021-33037 | Incorrect Transfer-Encoding handling with HTTP/1.0 | S | |
| CVE-2021-33038 | An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. Whe... | E S | |
| CVE-2021-33040 | managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS.... | S | |
| CVE-2021-33041 | vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code e... | E | |
| CVE-2021-33044 | The identity authentication bypass vulnerability found in some Dahua products during the login proce... | KEV E | |
| CVE-2021-33045 | The identity authentication bypass vulnerability found in some Dahua products during the login proce... | KEV E | |
| CVE-2021-33046 | Some Dahua products have access control vulnerability in the password reset process. Attackers can e... | | |
| CVE-2021-33054 | SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML ... | | |
| CVE-2021-33055 | Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in no... | S | |
| CVE-2021-33056 | Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid... | S | |
| CVE-2021-33057 | The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., and... | E | |
| CVE-2021-33058 | Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersf... | | |
| CVE-2021-33059 | Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver ... | | |
| CVE-2021-33060 | Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated use... | | |
| CVE-2021-33061 | Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may al... | | |
| CVE-2021-33062 | Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before v... | | |
| CVE-2021-33063 | Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP driver for Windows 10 before ... | | |
| CVE-2021-33064 | Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may ... | | |
| CVE-2021-33065 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-33066 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-33067 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-33068 | Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenti... | | |
| CVE-2021-33069 | Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) O... | M | |
| CVE-2021-33070 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-33071 | Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before vers... | | |
| CVE-2021-33072 | Rejected reason: This is unused.... | R | |
| CVE-2021-33073 | Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version... | | |
| CVE-2021-33074 | Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(... | M | |
| CVE-2021-33075 | Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R)... | M | |
| CVE-2021-33076 | Improper authentication in firmware for some Intel(R) SSD DC Products may allow an unauthenticated u... | M | |
| CVE-2021-33077 | Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and ... | M | |
| CVE-2021-33078 | Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Prod... | M | |
| CVE-2021-33079 | Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged us... | M | |
| CVE-2021-33080 | Exposure of sensitive system information due to uncleared debug information in firmware for some Int... | M | |
| CVE-2021-33081 | Protection mechanism failure in firmware for some Intel(R) SSD DC Products may allow a privileged us... | M | |
| CVE-2021-33082 | Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Int... | M | |
| CVE-2021-33083 | Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(... | M | |
| CVE-2021-33084 | Rejected reason: This is unused.... | R | |
| CVE-2021-33085 | Rejected reason: This is unused.... | R | |
| CVE-2021-33086 | Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentiall... | | |
| CVE-2021-33087 | Improper authentication in the installer for the Intel(R) NUC M15 Laptop Kit Management Engine drive... | | |
| CVE-2021-33088 | Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor... | | |
| CVE-2021-33089 | Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for... | | |
| CVE-2021-33090 | Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Too... | | |
| CVE-2021-33091 | Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pac... | | |
| CVE-2021-33092 | Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter ... | | |
| CVE-2021-33093 | Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Serial IO driver... | | |
| CVE-2021-33094 | Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Ser... | | |
| CVE-2021-33095 | Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service drive... | | |
| CVE-2021-33096 | Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controller... | | |
| CVE-2021-33097 | Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privi... | | |
| CVE-2021-33098 | Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may ... | | |
| CVE-2021-33099 | Rejected reason: This is unused.... | R | |
| CVE-2021-33100 | Rejected reason: This is unused.... | R | |
| CVE-2021-33101 | Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated... | S | |
| CVE-2021-33102 | Rejected reason: This is unused.... | R | |
| CVE-2021-33103 | Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow... | | |
| CVE-2021-33104 | Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticat... | | |
| CVE-2021-33105 | Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM) RX Vega M GL integrated grap... | | |
| CVE-2021-33106 | Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to... | | |
| CVE-2021-33107 | Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3,... | S | |
| CVE-2021-33108 | Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may a... | | |
| CVE-2021-33109 | Rejected reason: This is unused.... | R | |
| CVE-2021-33110 | Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(... | | |
| CVE-2021-33111 | Rejected reason: This is unused.... | R | |
| CVE-2021-33112 | Rejected reason: This is unused.... | R | |
| CVE-2021-33113 | Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and K... | | |
| CVE-2021-33114 | Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and K... | | |
| CVE-2021-33115 | Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticate... | | |
| CVE-2021-33116 | Rejected reason: This is unused.... | R | |
| CVE-2021-33117 | Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS ver... | | |
| CVE-2021-33118 | Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC... | | |
| CVE-2021-33119 | Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may allow an authe... | S | |
| CVE-2021-33120 | Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Ato... | M | |
| CVE-2021-33121 | Rejected reason: This is unused.... | R | |
| CVE-2021-33122 | Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a p... | | |
| CVE-2021-33123 | Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow... | | |
| CVE-2021-33124 | Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a p... | | |
| CVE-2021-33125 | Rejected reason: This is unused.... | R | |
| CVE-2021-33126 | Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers an... | S | |
| CVE-2021-33127 | Rejected reason: This is unused.... | R | |
| CVE-2021-33128 | Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1... | | |
| CVE-2021-33129 | Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021... | | |
| CVE-2021-33130 | Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2... | | |
| CVE-2021-33131 | Rejected reason: This is unused.... | R | |
| CVE-2021-33132 | Rejected reason: This is unused.... | R | |
| CVE-2021-33133 | Rejected reason: This is unused.... | R | |
| CVE-2021-33134 | Rejected reason: This is unused.... | R | |
| CVE-2021-33135 | Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenti... | | |
| CVE-2021-33136 | Rejected reason: This is unused.... | R | |
| CVE-2021-33137 | Out-of-bounds write in the Intel(R) Kernelflinger project may allow an authenticated user to potenti... | | |
| CVE-2021-33138 | Rejected reason: This is unused.... | R | |
| CVE-2021-33139 | Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetoo... | | |
| CVE-2021-33140 | Rejected reason: This is unused.... | R | |
| CVE-2021-33141 | Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 M... | | |
| CVE-2021-33142 | Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 M... | | |
| CVE-2021-33143 | Rejected reason: This is unused.... | R | |
| CVE-2021-33144 | Rejected reason: This is unused.... | R | |
| CVE-2021-33145 | Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageab... | | |
| CVE-2021-33146 | Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 M... | | |
| CVE-2021-33147 | Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an auth... | | |
| CVE-2021-33148 | Rejected reason: This is unused.... | R | |
| CVE-2021-33149 | Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potent... | | |
| CVE-2021-33150 | Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances w... | | |
| CVE-2021-33151 | Rejected reason: This is unused.... | R | |
| CVE-2021-33152 | Rejected reason: This is unused.... | R | |
| CVE-2021-33153 | Rejected reason: This is unused.... | R | |
| CVE-2021-33154 | Rejected reason: This is unused.... | R | |
| CVE-2021-33155 | Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetoo... | | |
| CVE-2021-33156 | Rejected reason: This is unused.... | R | |
| CVE-2021-33157 | Insufficient control flow management in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Contro... | | |
| CVE-2021-33158 | Improper neutralization in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Man... | | |
| CVE-2021-33159 | Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 1... | | |
| CVE-2021-33160 | Rejected reason: This is unused.... | R | |
| CVE-2021-33161 | Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 M... | | |
| CVE-2021-33162 | Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Man... | | |
| CVE-2021-33163 | Rejected reason: This is unused.... | R | |
| CVE-2021-33164 | Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may all... | S | |
| CVE-2021-33165 | Rejected reason: This is unused.... | R | |
| CVE-2021-33166 | Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may all... | | |
| CVE-2021-33167 | Rejected reason: This is unused.... | R | |
| CVE-2021-33175 | EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of exc... | S | |
| CVE-2021-33176 | VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a resul... | | |
| CVE-2021-33177 | The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injec... | | |
| CVE-2021-33178 | The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an auth... | | |
| CVE-2021-33179 | The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated refle... | | |
| CVE-2021-33180 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2021-33181 | Server-Side Request Forgery (SSRF) vulnerability in webapi component in Synology Video Station befor... | | |
| CVE-2021-33182 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF ... | | |
| CVE-2021-33183 | Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability contain... | | |
| CVE-2021-33184 | Server-Side request forgery (SSRF) vulnerability in task management component in Synology Download S... | | |
| CVE-2021-33185 | SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attacker... | | |
| CVE-2021-33186 | SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain... | | |
| CVE-2021-33190 | Bypass network access control | M | |
| CVE-2021-33191 | MiNiFi CPP arbitrary script execution is possible on the agent's host machine through the c2 protocol | | |
| CVE-2021-33192 | Display information UI XSS | M | |
| CVE-2021-33193 | Request splitting via HTTP/2 method injection and mod_proxy | E S | |
| CVE-2021-33194 | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of ser... | S | |
| CVE-2021-33195 | Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replie... | E S | |
| CVE-2021-33196 | In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's ... | E S | |
| CVE-2021-33197 | In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/ht... | E S | |
| CVE-2021-33198 | In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math... | E S | |
| CVE-2021-33199 | In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted inp... | S | |
| CVE-2021-33200 | kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arith... | S | |
| CVE-2021-33203 | Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal ... | S | |
| CVE-2021-33204 | In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code e... | S | |
| CVE-2021-33205 | Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low priv... | | |
| CVE-2021-33207 | The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP... | | |
| CVE-2021-33208 | The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allow... | | |
| CVE-2021-33209 | An issue was discovered in Fimer Aurora Vision before 2.97.10. The response to a failed login attemp... | | |
| CVE-2021-33210 | An issue was discovered in Fimer Aurora Vision before 2.97.10. An attacker can (in the WebUI) obtain... | | |
| CVE-2021-33211 | A Directory Traversal vulnerability in the Unzip feature in Elements-IT HTTP Commander 5.3.3 allows ... | E | |
| CVE-2021-33212 | A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Comm... | E | |
| CVE-2021-33213 | An SSRF vulnerability in the "Upload from URL" feature in Elements-IT HTTP Commander 5.3.3 allows re... | E | |
| CVE-2021-33214 | In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could allow malicious users to acces... | E | |
| CVE-2021-33215 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Direc... | | |
| CVE-2021-33216 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Back... | | |
| CVE-2021-33217 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application ... | | |
| CVE-2021-33218 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded... | | |
| CVE-2021-33219 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded... | | |
| CVE-2021-33220 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys ... | | |
| CVE-2021-33221 | An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenti... | E | |
| CVE-2021-33223 | An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and r... | E | |
| CVE-2021-33224 | File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbit... | | |
| CVE-2021-33226 | Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary co... | E | |
| CVE-2021-33231 | Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.1... | E | |
| CVE-2021-33235 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-34035. Reason: This candidat... | R | |
| CVE-2021-33236 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-34033. Reason: This candidat... | R | |
| CVE-2021-33237 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Consult IDs: CVE-2021-36686. Reason: This candida... | R | |
| CVE-2021-33254 | An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows at... | E S | |
| CVE-2021-33256 | A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Bui... | E | |
| CVE-2021-33259 | Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, all... | E | |
| CVE-2021-33265 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to conta... | E | |
| CVE-2021-33266 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to conta... | E | |
| CVE-2021-33267 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to conta... | E | |
| CVE-2021-33268 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to conta... | E | |
| CVE-2021-33269 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to conta... | E | |
| CVE-2021-33270 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to conta... | E | |
| CVE-2021-33271 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to conta... | E | |
| CVE-2021-33274 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to conta... | E | |
| CVE-2021-33285 | In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function... | | |
| CVE-2021-33286 | In NTFS-3G versions < 2021.8.22, when a specially crafted unicode string is supplied in an NTFS imag... | | |
| CVE-2021-33287 | In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attributes are read in the function ntf... | | |
| CVE-2021-33289 | In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section is supplied in an NTFS image a... | | |
| CVE-2021-33293 | Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function pan... | E S | |
| CVE-2021-33294 | In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allo... | E S | |
| CVE-2021-33295 | Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to exec... | E S | |
| CVE-2021-33304 | Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragme... | S | |
| CVE-2021-33315 | The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow... | S | |
| CVE-2021-33316 | The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow... | S | |
| CVE-2021-33317 | The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer deref... | S | |
| CVE-2021-33318 | An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatch... | E S | |
| CVE-2021-33320 | The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 be... | S | |
| CVE-2021-33321 | Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, al... | | |
| CVE-2021-33322 | In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18,... | S | |
| CVE-2021-33323 | The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fi... | S | |
| CVE-2021-33324 | The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and... | S | |
| CVE-2021-33325 | The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack ... | S | |
| CVE-2021-33326 | Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earli... | S | |
| CVE-2021-33327 | The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack... | S | |
| CVE-2021-33328 | Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Porta... | S | |
| CVE-2021-33330 | Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-or... | S | |
| CVE-2021-33331 | Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and L... | S | |
| CVE-2021-33332 | Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0... | S | |
| CVE-2021-33333 | The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack ... | S | |
| CVE-2021-33334 | The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fi... | S | |
| CVE-2021-33335 | Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before... | S | |
| CVE-2021-33336 | Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal ... | S | |
| CVE-2021-33337 | Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Lifer... | | |
| CVE-2021-33338 | The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and... | | |
| CVE-2021-33339 | Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.... | S | |
| CVE-2021-33346 | There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product. An a... | E | |
| CVE-2021-33347 | An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template mo... | E | |
| CVE-2021-33348 | An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" ... | E | |
| CVE-2021-33351 | Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and f... | E | |
| CVE-2021-33352 | An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacke... | E | |
| CVE-2021-33353 | Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed ... | E | |
| CVE-2021-33354 | Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary... | E | |
| CVE-2021-33356 | Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated re... | E | |
| CVE-2021-33357 | A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_n... | E | |
| CVE-2021-33358 | Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase... | E | |
| CVE-2021-33359 | A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an ar... | S | |
| CVE-2021-33360 | An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via ... | E | |
| CVE-2021-33361 | Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory vi... | E S | |
| CVE-2021-33362 | Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attack... | E S | |
| CVE-2021-33363 | Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory vi... | S | |
| CVE-2021-33364 | Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memo... | E S | |
| CVE-2021-33365 | Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read mem... | S | |
| CVE-2021-33366 | Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read... | E S | |
| CVE-2021-33367 | Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via ... | | |
| CVE-2021-33371 | A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management Syste... | E | |
| CVE-2021-33387 | Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a... | E | |
| CVE-2021-33388 | dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y... | | |
| CVE-2021-33390 | dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnera... | | |
| CVE-2021-33391 | An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of t... | E S | |
| CVE-2021-33393 | lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by ... | E S | |
| CVE-2021-33394 | Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after... | E S | |
| CVE-2021-33396 | Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the p... | E | |
| CVE-2021-33403 | An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an... | E | |
| CVE-2021-33408 | Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attacker... | | |
| CVE-2021-33420 | A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to ru... | E S | |
| CVE-2021-33425 | A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT Lu... | S | |
| CVE-2021-33430 | A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ct... | E | |
| CVE-2021-33436 | NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due t... | | |
| CVE-2021-33437 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33438 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33439 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33440 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33441 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33442 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33443 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33444 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33445 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33446 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33447 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E S | |
| CVE-2021-33448 | An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There... | E S | |
| CVE-2021-33449 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). Ther... | E | |
| CVE-2021-33450 | An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/... | E | |
| CVE-2021-33451 | An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c.... | E | |
| CVE-2021-33452 | An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/... | E | |
| CVE-2021-33453 | An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream... | E | |
| CVE-2021-33454 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_... | E S | |
| CVE-2021-33455 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive()... | E | |
| CVE-2021-33456 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modu... | E | |
| CVE-2021-33457 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_pa... | E | |
| CVE-2021-33458 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in m... | E | |
| CVE-2021-33459 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_di... | E | |
| CVE-2021-33460 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition()... | E | |
| CVE-2021-33461 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in... | E | |
| CVE-2021-33462 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post... | E | |
| CVE-2021-33463 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__cop... | E | |
| CVE-2021-33464 | An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in mod... | E | |
| CVE-2021-33465 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro(... | E | |
| CVE-2021-33466 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro(... | E | |
| CVE-2021-33467 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/... | E | |
| CVE-2021-33468 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/prepr... | E | |
| CVE-2021-33469 | COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin nam... | E | |
| CVE-2021-33470 | COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel.... | E | |
| CVE-2021-33473 | An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write ... | S | |
| CVE-2021-33477 | rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code executi... | E S | |
| CVE-2021-33478 | The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticate... | | |
| CVE-2021-33479 | A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_... | E | |
| CVE-2021-33480 | An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction()... | E | |
| CVE-2021-33481 | A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_d... | E | |
| CVE-2021-33483 | An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting f... | E | |
| CVE-2021-33484 | An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can downl... | E | |
| CVE-2021-33485 | CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.... | | |
| CVE-2021-33486 | All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version ... | | |
| CVE-2021-33488 | chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Ch... | E | |
| CVE-2021-33489 | OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.... | E | |
| CVE-2021-33490 | OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.... | E | |
| CVE-2021-33491 | OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, becau... | E | |
| CVE-2021-33492 | OX App Suite 7.10.5 allows XSS via an OX Chat room name.... | E | |
| CVE-2021-33493 | The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a ... | E | |
| CVE-2021-33494 | OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.... | E | |
| CVE-2021-33495 | OX App Suite 7.10.5 allows XSS via an OX Chat system message.... | E | |
| CVE-2021-33496 | Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view.... | S | |
| CVE-2021-33497 | Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for deleting files.... | S | |
| CVE-2021-33498 | Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (... | | |
| CVE-2021-33499 | Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (... | | |
| CVE-2021-33500 | PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) b... | E | |
| CVE-2021-33501 | Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore://... | E | |
| CVE-2021-33502 | The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReD... | | |
| CVE-2021-33503 | An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ charact... | S | |
| CVE-2021-33504 | Couchbase Server before 7.1.0 has Incorrect Access Control.... | | |
| CVE-2021-33505 | A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program... | S | |
| CVE-2021-33506 | jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is se... | S | |
| CVE-2021-33507 | Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone ... | | |
| CVE-2021-33508 | Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership ... | | |
| CVE-2021-33509 | Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arg... | | |
| CVE-2021-33510 | Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical U... | | |
| CVE-2021-33511 | Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas... | | |
| CVE-2021-33512 | Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML documen... | | |
| CVE-2021-33513 | Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool.... | | |
| CVE-2021-33514 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker via the vul... | E | |
| CVE-2021-33515 | The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensi... | | |
| CVE-2021-33516 | An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebind... | S | |
| CVE-2021-33523 | MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin consol... | | |
| CVE-2021-33525 | EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via she... | E | |
| CVE-2021-33526 | Privilege escalation in mbDIALUP <= 3.9R0.0 | S | |
| CVE-2021-33527 | OS Command Injection in mbDIALUP <= 3.9R0.0 | S | |
| CVE-2021-33528 | WEIDMUELLER: WLAN devices affected by privilege escalation vulnerability | S | |
| CVE-2021-33529 | WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability | S | |
| CVE-2021-33530 | WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability | S | |
| CVE-2021-33531 | WEIDMUELLER: WLAN devices affected by Hard-coded Credentials vulnerability | S | |
| CVE-2021-33532 | WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability | S | |
| CVE-2021-33533 | WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability | S | |
| CVE-2021-33534 | WEIDMUELLER: WLAN devices affected by OS Command Injection vulnerability | S | |
| CVE-2021-33535 | WEIDMUELLER: WLAN devices affected by exploitable format string vulnerability | S | |
| CVE-2021-33536 | WEIDMUELLER: WLAN devices affected by Denial-of-Service vulnerability | S | |
| CVE-2021-33537 | WEIDMUELLER: WLAN devices affected by Remote Code Execution (RCE) vulnerability | S | |
| CVE-2021-33538 | WEIDMUELLER: WLAN devices affected by improper access control vulnerability | S | |
| CVE-2021-33539 | WEIDMUELLER: WLAN devices affected by authentication bypass vulnerability | S | |
| CVE-2021-33540 | Phoenix Contact: Undocumented FTP acces in certain AXL F BK and IL BK devices | S | |
| CVE-2021-33541 | Phoenix Contact: ILC1x Industrial controllers affected by Denial-of-Service vulnerability | S | |
| CVE-2021-33542 | Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability | S | |
| CVE-2021-33543 | UDP Technology/Geutebrück camera devices: Authentication Bypass | E | |
| CVE-2021-33544 | UDP Technology/Geutebrück camera devices: command injection leading to RCE | E | |
| CVE-2021-33545 | UDP Technology/Geutebrück camera devices: Buffer overflow in counter parameter leading to RCE | E | |
| CVE-2021-33546 | UDP Technology/Geutebrück camera devices: Buffer overflow in name parameter leading to RCE | E | |
| CVE-2021-33547 | UDP Technology/Geutebrück camera devices: Buffer overflow in profile parameter leading to RCE | E | |
| CVE-2021-33548 | UDP Technology/Geutebrück camera devices: Command injection in preserve parameter leading to RCE | E | |
| CVE-2021-33549 | UDP Technology/Geutebrück camera devices: Buffer overflow in action parameter leading to RCE | E | |
| CVE-2021-33550 | UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE | E | |
| CVE-2021-33551 | UDP Technology/Geutebrück camera devices: Command injection in environment.lang parameter leading to RCE | E | |
| CVE-2021-33552 | UDP Technology/Geutebrück camera devices: Command injection in date parameter leading to RCE | E | |
| CVE-2021-33553 | UDP Technology/Geutebrück camera devices: Command injection in command parameter leading to RCE | E | |
| CVE-2021-33554 | UDP Technology/Geutebrück camera devices: Command injection in appfile.filename parameter leading to RCE | E | |
| CVE-2021-33555 | A vulnerability may allow remote attackers to read arbitrary files on the server of the WirelessHART-Gateway | S | |
| CVE-2021-33557 | An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescape... | E | |
| CVE-2021-33558 | Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving... | E | |
| CVE-2021-33560 | Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponen... | S | |
| CVE-2021-33561 | A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers ... | E S | |
| CVE-2021-33562 | A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attacke... | E S | |
| CVE-2021-33563 | Koel before 5.1.4 lacks login throttling, lacks a password strength policy, and shows whether a fail... | E | |
| CVE-2021-33564 | An argument injection vulnerability in the Dragonfly gem before 1.4.0 for Ruby allows remote attacke... | E S | |
| CVE-2021-33570 | Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL datab... | E | |
| CVE-2021-33571 | In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_ad... | S | |
| CVE-2021-33572 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2021-33574 | The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free.... | E | |
| CVE-2021-33575 | The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute arbitrary code because of the... | | |
| CVE-2021-33576 | An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a fi... | E | |
| CVE-2021-33577 | An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to... | E | |
| CVE-2021-33578 | Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input f... | | |
| CVE-2021-33580 | regex injection leading to DoS | M | |
| CVE-2021-33581 | MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with ... | | |
| CVE-2021-33582 | Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon... | S | |
| CVE-2021-33583 | REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the... | | |
| CVE-2021-33586 | InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access... | S | |
| CVE-2021-33587 | The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Line... | S | |
| CVE-2021-33589 | Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting ... | E | |
| CVE-2021-33590 | GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_from_mac in dbus/gattlib.c.... | E | |
| CVE-2021-33591 | An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker t... | | |
| CVE-2021-33592 | NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgr... | | |
| CVE-2021-33593 | Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker... | | |
| CVE-2021-33594 | F-Secure Safe browser for Android vulnerable to Address Bar Spoofing | S | |
| CVE-2021-33595 | F-Secure Safe browser for iOS vulnerable to Address Bar Spoofing | S | |
| CVE-2021-33596 | Fake Apple login prompt in F-Secure SAFE browser for iOS | S | |
| CVE-2021-33597 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2021-33598 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2021-33599 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2021-33600 | Denial of Service Vulnerability in Web Interface of F-Secure Internet Gatekeeper | S | |
| CVE-2021-33601 | Arbitrary Code Execution in Web Interface of F-Secure Internet Gatekeeper | S | |
| CVE-2021-33602 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2021-33603 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2021-33604 | Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19 | S | |
| CVE-2021-33605 | Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20 | S | |
| CVE-2021-33609 | Denial of service in DataCommunicator class in Vaadin 8 | S | |
| CVE-2021-33611 | Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14 | E S | |
| CVE-2021-33615 | RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type.... | | |
| CVE-2021-33616 | RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.... | M | |
| CVE-2021-33617 | Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/AjaxResponse.jsp?RequestType=G... | E | |
| CVE-2021-33618 | Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in ... | E | |
| CVE-2021-33620 | Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting... | S | |
| CVE-2021-33621 | The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response... | E | |
| CVE-2021-33622 | Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Fun... | | |
| CVE-2021-33623 | The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regu... | S | |
| CVE-2021-33624 | In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., bec... | E S | |
| CVE-2021-33625 | An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting HddPassword. Software SMI servi... | | |
| CVE-2021-33626 | A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that do... | | |
| CVE-2021-33627 | An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.09.11, 5.1 before 05.17.11, 5.2 bef... | | |
| CVE-2021-33629 | isula-build before 0.9.5-6 can cause a program crash, when building container images, some functions... | | |
| CVE-2021-33630 | NULL-ptr-deref in network sched | | |
| CVE-2021-33631 | Kernel crash in EXT4 filesystem | S | |
| CVE-2021-33632 | TOCTOU Race Condition problem in iSulad | | |
| CVE-2021-33633 | Command Injection in aops-ceres | | |
| CVE-2021-33634 | Malicious image running containers may cause DoS attacks | S | |
| CVE-2021-33635 | Pull malicious images may cause process to be hijacked | S | |
| CVE-2021-33636 | Load malicious images may cause process to be hijacked | S | |
| CVE-2021-33637 | Export container in a malicious directory may cause process to be hijacked | S | |
| CVE-2021-33638 | Run copy with container in a malicious directory may cause container escaping | S | |
| CVE-2021-33639 | REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only me... | | |
| CVE-2021-33640 | After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called... | | |
| CVE-2021-33641 | When processing files, malloc stores the data of the current line. When processing comments, malloc ... | | |
| CVE-2021-33642 | When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.... | | |
| CVE-2021-33643 | An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger... | | |
| CVE-2021-33644 | An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger... | | |
| CVE-2021-33645 | The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which... | | |
| CVE-2021-33646 | The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which... | | |
| CVE-2021-33647 | When performing the inference shape operation of the Tile operator, if the input data type is not in... | S | |
| CVE-2021-33648 | When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup,... | S | |
| CVE-2021-33649 | When performing the inference shape operation of the Transpose operator, if the value in the perm el... | S | |
| CVE-2021-33650 | When performing the inference shape operation of the SparseToDense operator, if the number of inputs... | S | |
| CVE-2021-33651 | When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_mul... | S | |
| CVE-2021-33652 | When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_s... | S | |
| CVE-2021-33653 | When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of ... | S | |
| CVE-2021-33654 | When performing the initialization operation of the Split operator, if a dimension in the input shap... | S | |
| CVE-2021-33655 | When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out o... | S | |
| CVE-2021-33656 | When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.... | S | |
| CVE-2021-33657 | There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.... | S | |
| CVE-2021-33658 | atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url i... | | |
| CVE-2021-33659 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received fr... | | |
| CVE-2021-33660 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FLI file received fr... | | |
| CVE-2021-33661 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received fr... | | |
| CVE-2021-33662 | Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive ... | | |
| CVE-2021-33663 | SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.2... | | |
| CVE-2021-33664 | SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 7... | | |
| CVE-2021-33665 | SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC... | | |
| CVE-2021-33666 | When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffin... | | |
| CVE-2021-33667 | Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, ... | | |
| CVE-2021-33668 | Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthentic... | | |
| CVE-2021-33669 | Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker t... | S | |
| CVE-2021-33670 | SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31,... | S | |
| CVE-2021-33671 | SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7... | | |
| CVE-2021-33672 | Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an att... | | |
| CVE-2021-33673 | Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-control... | | |
| CVE-2021-33674 | Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-contro... | | |
| CVE-2021-33675 | Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-contro... | | |
| CVE-2021-33676 | A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by... | | |
| CVE-2021-33677 | SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expo... | | |
| CVE-2021-33678 | A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710... | E | |
| CVE-2021-33679 | The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the ap... | | |
| CVE-2021-33680 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received fr... | | |
| CVE-2021-33681 | SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received fr... | | |
| CVE-2021-33682 | SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cros... | | |
| CVE-2021-33683 | SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.2... | | |
| CVE-2021-33684 | SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC... | | |
| CVE-2021-33685 | SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to ... | | |
| CVE-2021-33686 | Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get ac... | | |
| CVE-2021-33687 | SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sen... | S | |
| CVE-2021-33688 | SAP Business One allows an attacker with business privileges to execute crafted database queries, ex... | | |
| CVE-2021-33689 | When user with insufficient privileges tries to access any application in SAP NetWeaver Administrato... | | |
| CVE-2021-33690 | Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development ... | S | |
| CVE-2021-33691 | NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled ... | S | |
| CVE-2021-33692 | SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can b... | S | |
| CVE-2021-33693 | SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration ... | S | |
| CVE-2021-33694 | SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an... | S | |
| CVE-2021-33695 | Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without s... | S | |
| CVE-2021-33696 | SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not s... | S | |
| CVE-2021-33697 | Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 42... | S | |
| CVE-2021-33698 | SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files... | S | |
| CVE-2021-33699 | Task Hijacking is a vulnerability that affects the applications running on Android devices due to a ... | | |
| CVE-2021-33700 | SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under ... | S | |
| CVE-2021-33701 | DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, ... | E | |
| CVE-2021-33702 | Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40... | | |
| CVE-2021-33703 | Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not s... | | |
| CVE-2021-33704 | The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke ce... | S | |
| CVE-2021-33705 | The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Edit... | S | |
| CVE-2021-33706 | Due to improper input validation in InfraBox, logs can be modified by an authenticated user.... | | |
| CVE-2021-33707 | SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites a... | M | |
| CVE-2021-33708 | Due to insufficient input validation in Kyma, authenticated users can pass a Header of their choice ... | | |
| CVE-2021-33709 | A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamc... | | |
| CVE-2021-33710 | A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamc... | | |
| CVE-2021-33711 | A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamc... | | |
| CVE-2021-33712 | A vulnerability has been identified in Mendix SAML Module (All versions < V2.1.2). The configuration... | | |
| CVE-2021-33713 | A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing special... | | |
| CVE-2021-33714 | A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing special... | | |
| CVE-2021-33715 | A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing special... | | |
| CVE-2021-33716 | A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.... | S | |
| CVE-2021-33717 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.1), Teamcenter Visualization (A... | S | |
| CVE-2021-33718 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.22),... | | |
| CVE-2021-33719 | A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.... | S | |
| CVE-2021-33720 | A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.... | S | |
| CVE-2021-33721 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application... | S | |
| CVE-2021-33722 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected sy... | S | |
| CVE-2021-33723 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticate... | S | |
| CVE-2021-33724 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected sy... | S | |
| CVE-2021-33725 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected sy... | S | |
| CVE-2021-33726 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected sy... | S | |
| CVE-2021-33727 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticate... | S | |
| CVE-2021-33728 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected sy... | S | |
| CVE-2021-33729 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticate... | S | |
| CVE-2021-33730 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au... | S | |
| CVE-2021-33731 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au... | S | |
| CVE-2021-33732 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au... | S | |
| CVE-2021-33733 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au... | S | |
| CVE-2021-33734 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au... | S | |
| CVE-2021-33735 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au... | S | |
| CVE-2021-33736 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged au... | S | |
| CVE-2021-33737 | A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMA... | S | |
| CVE-2021-33738 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.2), Teamcenter Visualization (A... | | |
| CVE-2021-33739 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-33740 | Windows Media Remote Code Execution Vulnerability | S | |
| CVE-2021-33741 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | S | |
| CVE-2021-33742 | Windows MSHTML Platform Remote Code Execution Vulnerability | KEV S | |
| CVE-2021-33743 | Windows Projected File System Elevation of Privilege Vulnerability | S | |
| CVE-2021-33744 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability | S | |
| CVE-2021-33745 | Windows DNS Server Denial of Service Vulnerability | S | |
| CVE-2021-33746 | Windows DNS Server Remote Code Execution Vulnerability | S | |
| CVE-2021-33749 | Windows DNS Snap-in Remote Code Execution Vulnerability | S | |
| CVE-2021-33750 | Windows DNS Snap-in Remote Code Execution Vulnerability | S | |
| CVE-2021-33751 | Storage Spaces Controller Elevation of Privilege Vulnerability | S | |
| CVE-2021-33752 | Windows DNS Snap-in Remote Code Execution Vulnerability | S | |
| CVE-2021-33753 | Microsoft Bing Search Spoofing Vulnerability | S | |
| CVE-2021-33754 | Windows DNS Server Remote Code Execution Vulnerability | S | |
| CVE-2021-33755 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2021-33756 | Windows DNS Snap-in Remote Code Execution Vulnerability | S | |
| CVE-2021-33757 | Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | S | |
| CVE-2021-33758 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2021-33759 | Windows Desktop Bridge Elevation of Privilege Vulnerability | S | |
| CVE-2021-33760 | Media Foundation Information Disclosure Vulnerability | S | |
| CVE-2021-33761 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | S | |
| CVE-2021-33762 | Azure CycleCloud Elevation of Privilege Vulnerability | S | |
| CVE-2021-33763 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | S | |
| CVE-2021-33764 | Windows Key Distribution Center Information Disclosure Vulnerability | S | |
| CVE-2021-33765 | Windows Installer Spoofing Vulnerability | S | |
| CVE-2021-33766 | Microsoft Exchange Server Information Disclosure Vulnerability | KEV S | |
| CVE-2021-33767 | Open Enclave SDK Elevation of Privilege Vulnerability | S | |
| CVE-2021-33768 | Microsoft Exchange Server Elevation of Privilege Vulnerability | S | |
| CVE-2021-33771 | Windows Kernel Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-33772 | Windows TCP/IP Driver Denial of Service Vulnerability | S | |
| CVE-2021-33773 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | S | |
| CVE-2021-33774 | Windows Event Tracing Elevation of Privilege Vulnerability | S | |
| CVE-2021-33775 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-33776 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-33777 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-33778 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-33779 | Windows AD FS Security Feature Bypass Vulnerability | S | |
| CVE-2021-33780 | Windows DNS Server Remote Code Execution Vulnerability | S | |
| CVE-2021-33781 | Azure AD Security Feature Bypass Vulnerability | S | |
| CVE-2021-33782 | Windows Authenticode Spoofing Vulnerability | S | |
| CVE-2021-33783 | Windows SMB Information Disclosure Vulnerability | S | |
| CVE-2021-33784 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-33785 | Windows AF_UNIX Socket Provider Denial of Service Vulnerability | S | |
| CVE-2021-33786 | Windows LSA Security Feature Bypass Vulnerability | S | |
| CVE-2021-33788 | Windows LSA Denial of Service Vulnerability | S | |
| CVE-2021-33790 | The RebornCore library before 4.7.3 allows remote code execution because it deserializes untrusted d... | | |
| CVE-2021-33791 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ... | R | |
| CVE-2021-33792 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /S... | | |
| CVE-2021-33793 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cros... | S | |
| CVE-2021-33794 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow information disclosure or an applicati... | S | |
| CVE-2021-33795 | Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorrect PDF document signatures be... | | |
| CVE-2021-33796 | In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause d... | S | |
| CVE-2021-33797 | Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens ... | S | |
| CVE-2021-33798 | A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attacke... | E S | |
| CVE-2021-33800 | In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory travers... | | |
| CVE-2021-33805 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10906. Reason: This candidat... | R | |
| CVE-2021-33806 | The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deseria... | S | |
| CVE-2021-33807 | Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/weba... | E | |
| CVE-2021-33813 | An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a... | E S | |
| CVE-2021-33815 | dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-bounds array access because dc_cou... | S | |
| CVE-2021-33816 | The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incompl... | E | |
| CVE-2021-33818 | An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use sl... | E | |
| CVE-2021-33820 | An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a... | E | |
| CVE-2021-33822 | An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttpte... | E | |
| CVE-2021-33823 | An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attacker could send a huge ... | E | |
| CVE-2021-33824 | An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttpt... | E | |
| CVE-2021-33827 | The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administ... | | |
| CVE-2021-33828 | The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which... | | |
| CVE-2021-33829 | A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4... | S | |
| CVE-2021-33831 | api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has In... | | |
| CVE-2021-33833 | ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress i... | E | |
| CVE-2021-33834 | An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x2... | | |
| CVE-2021-33838 | Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19... | E | |
| CVE-2021-33839 | Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19... | E | |
| CVE-2021-33840 | The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of... | | |
| CVE-2021-33841 | Circutor SGE-PLC1000 OS command Injection | S | |
| CVE-2021-33842 | Circutor SGE-PLC1000 improper authentication | S | |
| CVE-2021-33843 | Fresenius Kabi Agilia Connect Infusion System files or directories accessible to external parties | S | |
| CVE-2021-33844 | A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wa... | E | |
| CVE-2021-33845 | Username enumeration through lockout message in REST API | | |
| CVE-2021-33846 | Fresenius Kabi Agilia Connect Infusion System use of a broken or risky cryptographic algorithm | S | |
| CVE-2021-33847 | Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Blue... | S | |
| CVE-2021-33848 | Fresenius Kabi Agilia Connect Infusion System cross site scripting | S | |
| CVE-2021-33849 | A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser... | E M | |
| CVE-2021-33850 | There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload exec... | E | |
| CVE-2021-33851 | A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser... | E M | |
| CVE-2021-33852 | A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser... | E | |
| CVE-2021-33853 | A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser... | E | |
| CVE-2021-33879 | Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious a... | E | |
| CVE-2021-33880 | The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on serve... | S | |
| CVE-2021-33881 | On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a ... | E M | |
| CVE-2021-33882 | A Missing Authentication for Critical Function vulnerability in B. Braun SpaceCom2 prior to 012U0000... | | |
| CVE-2021-33883 | A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U0... | E | |
| CVE-2021-33884 | An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U... | E | |
| CVE-2021-33885 | An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U0... | E | |
| CVE-2021-33886 | An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a r... | E | |
| CVE-2021-33887 | Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an... | E | |
| CVE-2021-33889 | OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overflow because of an inconsistency... | S | |
| CVE-2021-33894 | In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x be... | S | |
| CVE-2021-33895 | ETINET BACKBOX E4.09 and H4.09 mismanages password access control. When a user uses the User ID of t... | | |
| CVE-2021-33896 | Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files)... | S | |
| CVE-2021-33897 | A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assist... | | |
| CVE-2021-33898 | In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize() in app/Ninja/Repositories/Ac... | S | |
| CVE-2021-33900 | StartTLS and SASL confidentiality protection bypass | M | |
| CVE-2021-33903 | In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, changing the password of the ... | | |
| CVE-2021-33904 | In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerab... | E | |
| CVE-2021-33907 | The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the... | | |
| CVE-2021-33909 | fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq b... | E S | |
| CVE-2021-33910 | basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with a... | E S | |
| CVE-2021-33911 | Zoho ManageEngine ADManager Plus before 7110 allows remote code execution.... | | |
| CVE-2021-33912 | libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers t... | E | |
| CVE-2021-33913 | libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute ... | E | |
| CVE-2021-33923 | Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local at... | | |
| CVE-2021-33924 | Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Acce... | | |
| CVE-2021-33925 | SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda10272... | E | |
| CVE-2021-33926 | An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1... | E | |
| CVE-2021-33928 | Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 al... | E | |
| CVE-2021-33929 | Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7... | E | |
| CVE-2021-33930 | Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv bef... | E | |
| CVE-2021-33938 | Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7... | E | |
| CVE-2021-33945 | RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN, SP 325SNw, SP 325SFNw, SP 33... | E | |
| CVE-2021-33948 | SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary ... | E | |
| CVE-2021-33949 | An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter a... | E | |
| CVE-2021-33950 | An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTe... | S | |
| CVE-2021-33959 | Plex media server 1.21 and before is vulnerable to ddos reflection attack via plex service.... | E | |
| CVE-2021-33961 | A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name para... | E | |
| CVE-2021-33962 | China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS command injection vulnerability in t... | | |
| CVE-2021-33963 | China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone rece... | | |
| CVE-2021-33964 | China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRRuleFilter/set_firewall_l... | | |
| CVE-2021-33965 | China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /api/ZRMesh/set_ZRMesh which rec... | | |
| CVE-2021-33966 | Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute... | E | |
| CVE-2021-33970 | Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate privelege... | E | |
| CVE-2021-33971 | Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Total Security (... | E | |
| CVE-2021-33972 | Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 allows attacker to escalate pri... | E | |
| CVE-2021-33973 | Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v12.1.0.1005, v13.1.0.1001 allow... | E | |
| CVE-2021-33974 | Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Chrome (https://... | E | |
| CVE-2021-33975 | Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 and v10.8.0.1213 allows attac... | E | |
| CVE-2021-33981 | An insecure, direct object vulnerability in hunting/fishing license retrieval function of the "Fish ... | | |
| CVE-2021-33982 | An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.... | | |
| CVE-2021-33983 | Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary... | E S | |
| CVE-2021-33988 | Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which c... | E | |
| CVE-2021-33990 | Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder=/ requests when frmfolders.ht... | E |