| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-35000 | OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability | | |
| CVE-2021-35001 | BMC Track-It! GetData Missing Authorization Information Disclosure Vulnerability | | |
| CVE-2021-35002 | BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability | | |
| CVE-2021-35003 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP... | | |
| CVE-2021-35004 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP... | | |
| CVE-2021-35005 | This vulnerability allows local attackers to disclose sensitive information on affected installation... | | |
| CVE-2021-35027 | A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could... | S | |
| CVE-2021-35028 | A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could ... | S | |
| CVE-2021-35029 | An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall se... | | |
| CVE-2021-35030 | A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not ... | S | |
| CVE-2021-35031 | A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS... | S | |
| CVE-2021-35032 | A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an a... | S | |
| CVE-2021-35033 | A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmw... | E | |
| CVE-2021-35034 | An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware co... | | |
| CVE-2021-35035 | A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow... | | |
| CVE-2021-35036 | A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50(AB... | | |
| CVE-2021-35037 | Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro cust... | | |
| CVE-2021-35039 | kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f2... | S | |
| CVE-2021-35041 | The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing with unformatted packet and lea... | E S | |
| CVE-2021-35042 | Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by... | S | |
| CVE-2021-35043 | OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XH... | S | |
| CVE-2021-35045 | Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary... | | |
| CVE-2021-35046 | A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hij... | | |
| CVE-2021-35047 | Privileged Command Injection Vulnerability in Fidelis Network and Deception | E S | |
| CVE-2021-35048 | Unauthenticated SQL Injection Vulnerability in Fidelis Network and Deception | E S | |
| CVE-2021-35049 | Command Injection Vulnerability in Fidelis Network and Deception | E S | |
| CVE-2021-35050 | User Credentials Stored in a Recoverable Format within Fidelis Network and Deception | E S | |
| CVE-2021-35052 | A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity lev... | | |
| CVE-2021-35053 | Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attac... | | |
| CVE-2021-35054 | Minecraft before 1.17.1, when online-mode=false is configured, allows path traversal for deletion of... | | |
| CVE-2021-35055 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the ... | | |
| CVE-2021-35056 | Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for... | S | |
| CVE-2021-35059 | OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter.... | | |
| CVE-2021-35060 | /way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage... | | |
| CVE-2021-35061 | Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 al... | E | |
| CVE-2021-35062 | A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March... | E | |
| CVE-2021-35063 | Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."... | | |
| CVE-2021-35064 | KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. ... | E | |
| CVE-2021-35065 | The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service)... | E S | |
| CVE-2021-35066 | An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.132.... | | |
| CVE-2021-35067 | Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., ... | E | |
| CVE-2021-35068 | Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lea... | S | |
| CVE-2021-35069 | Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdr... | S | |
| CVE-2021-35070 | RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to ... | | |
| CVE-2021-35071 | Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX bu... | S | |
| CVE-2021-35072 | Possible buffer overflow due to improper validation of array index while processing external DIAG co... | | |
| CVE-2021-35073 | Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdrag... | | |
| CVE-2021-35074 | Possible integer overflow due to improper fragment datatype while calculating number of fragments in... | S | |
| CVE-2021-35075 | Possible null pointer dereference due to lack of WDOG structure validation during registration in Sn... | S | |
| CVE-2021-35076 | Possible null pointer dereference due to improper validation of RRC connection reconfiguration messa... | | |
| CVE-2021-35077 | Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic pro... | S | |
| CVE-2021-35078 | Possible memory leak due to improper validation of certificate chain length while parsing server cer... | | |
| CVE-2021-35079 | Improper validation of permissions for third party application accessing Telephony service API can l... | | |
| CVE-2021-35080 | Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclos... | | |
| CVE-2021-35081 | Possible buffer overflow due to improper validation of SSID length received from beacon or probe res... | S | |
| CVE-2021-35082 | Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid ... | | |
| CVE-2021-35083 | Possible out of bound read due to improper validation of certificate chain in SSL or Internet key ex... | | |
| CVE-2021-35084 | Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon... | S | |
| CVE-2021-35085 | Possible buffer overflow due to lack of buffer length check during management frame Rx handling in S... | S | |
| CVE-2021-35086 | Possible buffer over read due to improper validation of SIB type when processing a NR system Informa... | | |
| CVE-2021-35087 | Possible null pointer access due to improper validation of system information message to be processe... | | |
| CVE-2021-35088 | Possible out of bound read due to improper validation of IE length during SSID IE parse when channel... | S | |
| CVE-2021-35089 | Possible buffer overflow due to lack of input IB amount validation while processing the user command... | | |
| CVE-2021-35090 | Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings i... | | |
| CVE-2021-35091 | Possible out of bounds read due to improper typecasting while handling page fault for global memory ... | S | |
| CVE-2021-35092 | Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary ... | S | |
| CVE-2021-35093 | Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link... | | |
| CVE-2021-35094 | Improper verification of timeout-based authentication in identity credential can lead to invalid aut... | | |
| CVE-2021-35095 | Improper serialization of message queue client registration can lead to race condition allowing mult... | S | |
| CVE-2021-35096 | Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdr... | | |
| CVE-2021-35097 | Possible authentication bypass due to improper order of signature verification and hashing in the si... | | |
| CVE-2021-35098 | Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon... | S | |
| CVE-2021-35100 | Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snap... | | |
| CVE-2021-35101 | Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor ... | | |
| CVE-2021-35102 | Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Sna... | | |
| CVE-2021-35103 | Possible out of bound write due to improper validation of number of timer values received from firmw... | S | |
| CVE-2021-35104 | Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Sna... | | |
| CVE-2021-35105 | Possible out of bounds access due to improper input validation during graphics profiling in Snapdrag... | S | |
| CVE-2021-35106 | Possible out of bound read due to improper length calculation of WMI message. in Snapdragon Auto, Sn... | S | |
| CVE-2021-35108 | Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to... | | |
| CVE-2021-35109 | Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge t... | | |
| CVE-2021-35110 | Possible buffer overflow to improper validation of hash segment of file while allocating memory in S... | | |
| CVE-2021-35111 | Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in S... | | |
| CVE-2021-35112 | A user with user level permission can access graphics protected region due to improper access contro... | S | |
| CVE-2021-35113 | Possible authentication bypass due to improper order of signature verification and hashing in the si... | | |
| CVE-2021-35114 | Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto... | | |
| CVE-2021-35115 | Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdra... | | |
| CVE-2021-35116 | APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s da... | | |
| CVE-2021-35117 | An Out of Bounds read may potentially occur while processing an IBSS beacon, in Snapdragon Auto, Sna... | S | |
| CVE-2021-35118 | An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon ... | S | |
| CVE-2021-35119 | Potential out of Bounds read in FIPS event processing due to improper validation of the length from ... | S | |
| CVE-2021-35120 | Improper handling between export and release functions on the same handle from client can lead to us... | S | |
| CVE-2021-35121 | An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free cond... | S | |
| CVE-2021-35122 | Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation... | | |
| CVE-2021-35123 | Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air... | S | |
| CVE-2021-35126 | Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, ... | | |
| CVE-2021-35129 | Memory corruption in BT controller due to improper length check while processing vendor specific com... | | |
| CVE-2021-35130 | Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snap... | S | |
| CVE-2021-35132 | Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon... | | |
| CVE-2021-35133 | Use after free in the synx driver issue while performing other functions during multiple invocation ... | S | |
| CVE-2021-35134 | Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in ... | | |
| CVE-2021-35135 | A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdrago... | | |
| CVE-2021-35193 | Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate auth... | E | |
| CVE-2021-35196 | Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.p... | E | |
| CVE-2021-35197 | In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots hav... | E | |
| CVE-2021-35198 | NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Pac... | | |
| CVE-2021-35199 | NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadF... | | |
| CVE-2021-35200 | NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scrip... | | |
| CVE-2021-35201 | NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks.... | | |
| CVE-2021-35202 | NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in ... | | |
| CVE-2021-35203 | NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryS... | | |
| CVE-2021-35204 | NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the supp... | | |
| CVE-2021-35205 | NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.... | | |
| CVE-2021-35206 | Gitpod before 0.6.0 allows unvalidated redirects.... | E S | |
| CVE-2021-35207 | An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.... | | |
| CVE-2021-35208 | An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration... | E M | |
| CVE-2021-35209 | An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8... | E | |
| CVE-2021-35210 | Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is... | | |
| CVE-2021-35211 | Serv-U Remote Memory Escape Vulnerability | KEV S | |
| CVE-2021-35212 | Blind SQL injection Vulnerability | S | |
| CVE-2021-35213 | Orion User setting Improper Access Control Privilege Escalation Vulnerability | S | |
| CVE-2021-35214 | Session Management Vulnerability | S | |
| CVE-2021-35215 | ActionPluginBaseView Deserialization of Untrusted Data RCE | S | |
| CVE-2021-35216 | Deserialization of Untrusted Data in Resource Controls Remote Code Execution | S | |
| CVE-2021-35217 | Insecure Deserialization of untrusted data causing Remote code execution vulnerability. | S | |
| CVE-2021-35218 | Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability | S | |
| CVE-2021-35219 | ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability | S | |
| CVE-2021-35220 | EmailWebPage Command Injection RCE | S | |
| CVE-2021-35221 | ImportAlert Improper Access Control Tampering Vulnerability | S | |
| CVE-2021-35222 | Resource.aspx Reflected Cross-Site Scripting Vulnerability | S | |
| CVE-2021-35223 | Execute Command Function Allows Remote Code Execution (RCE)Vulnerability | S | |
| CVE-2021-35225 | Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5 | S | |
| CVE-2021-35226 | Hashed Credential Exposure Vulnerability | S | |
| CVE-2021-35227 | Insecure Web Configuration for RabbitMQ Management Plugin in SolarWinds ARM | S | |
| CVE-2021-35228 | Reflected cross site scripting affecting SolarWinds: DPA 2021.3.7388 | S | |
| CVE-2021-35229 | Cross-Site Scripting Vulnerability using SQL Query | S | |
| CVE-2021-35230 | Unquoted Path Vulnerability (SMB Login) in Kiwi CatTools | S | |
| CVE-2021-35231 | Unquoted Path (SMB Login) Vulnerability | S | |
| CVE-2021-35232 | Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries | S | |
| CVE-2021-35233 | HTTP TRACK & TRACE Methods Enabled | S | |
| CVE-2021-35234 | Exposed Dangerous Functions - Privileged Escalation | S | |
| CVE-2021-35235 | ASP.NET Debug Feature Enabled | S | |
| CVE-2021-35236 | Missing Secure Flag From SSL Cookie | S | |
| CVE-2021-35237 | Clickjacking Vulnerability | S | |
| CVE-2021-35238 | Stored XSS through URL POST parameter in CreateExternalWebsite Vulnerability | S | |
| CVE-2021-35239 | Stored XSS in Maps text box hyperlink Vulnerability | S | |
| CVE-2021-35240 | Stored XSS via Help Server settings | S | |
| CVE-2021-35242 | A valid CSRF token is present in response to an invalid request | S | |
| CVE-2021-35243 | HTTP PUT & DELETE Methods Enabled | S | |
| CVE-2021-35244 | Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6 | S | |
| CVE-2021-35245 | Broken Access Control Vulnerability for SolarWinds Serv-U | S | |
| CVE-2021-35246 | Unprotected Transport of Credentials (HSTS) Vulnerability | S | |
| CVE-2021-35247 | Improper Input Validation Vulnerability in Serv-U | KEV | |
| CVE-2021-35248 | Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users | S | |
| CVE-2021-35249 | Domain Admin Broken Access Control | S | |
| CVE-2021-35250 | Directory Transversal Vulnerability in Serv-U 15.3 | S | |
| CVE-2021-35251 | Sensitive Data Disclosure Vulnerability | S | |
| CVE-2021-35252 | Common Key Vulnerability in Serv-U FTP Server | S | |
| CVE-2021-35254 | Authenticated Remote Code Execution in WebHelpDesk 12.7.8 | S | |
| CVE-2021-35261 | File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b0... | E | |
| CVE-2021-35265 | A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* a... | E S | |
| CVE-2021-35266 | In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode pathname is supplied in an NTFS... | | |
| CVE-2021-35267 | NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when correcting differences in the M... | | |
| CVE-2021-35268 | In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_... | | |
| CVE-2021-35269 | NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute from the MFT is setup in the f... | | |
| CVE-2021-35283 | SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute ar... | E | |
| CVE-2021-35284 | SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1.... | E | |
| CVE-2021-35290 | File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via r... | | |
| CVE-2021-35296 | An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass ... | E | |
| CVE-2021-35297 | Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafte... | | |
| CVE-2021-35298 | Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary ... | | |
| CVE-2021-35299 | Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive informatio... | | |
| CVE-2021-35300 | Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers... | S | |
| CVE-2021-35301 | Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive inf... | | |
| CVE-2021-35302 | Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to o... | | |
| CVE-2021-35303 | Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary ... | | |
| CVE-2021-35306 | An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the funct... | E | |
| CVE-2021-35307 | An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer dereference exists in the AP4_D... | E | |
| CVE-2021-35309 | An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain esc... | | |
| CVE-2021-35312 | A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's executabl... | E | |
| CVE-2021-35313 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-35323 | Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.... | E | |
| CVE-2021-35324 | A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Firmware V4.1.5cu.470_B20200911 a... | E | |
| CVE-2021-35325 | A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200... | E | |
| CVE-2021-35326 | A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows attackers to do... | E | |
| CVE-2021-35327 | A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start th... | E | |
| CVE-2021-35331 | In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted ... | E S | |
| CVE-2021-35336 | Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A vulnerability ... | E | |
| CVE-2021-35337 | Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Refer... | E | |
| CVE-2021-35342 | The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in No... | | |
| CVE-2021-35343 | Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php in SeedDMS v5.1.x<5.1.23 and ... | | |
| CVE-2021-35344 | tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamRea... | E S | |
| CVE-2021-35346 | tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit:... | E S | |
| CVE-2021-35358 | A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows ... | E | |
| CVE-2021-35360 | A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 al... | E | |
| CVE-2021-35361 | A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows ... | E | |
| CVE-2021-35368 | OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is af... | E | |
| CVE-2021-35369 | Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed in v.5.4 allows attackers to o... | E S | |
| CVE-2021-35370 | An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete ... | E | |
| CVE-2021-35377 | Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers exe... | | |
| CVE-2021-35380 | A Directory Traversal vulnerability exists in Solari di Udine TermTalk Server (TTServer) 3.24.0.2, w... | E | |
| CVE-2021-35387 | Hospital Management System v 4.0 is vulnerable to SQL Injection via file:hospital/hms/admin/view-pat... | E | |
| CVE-2021-35388 | Hospital Management System v 4.0 is vulnerable to Cross Site Scripting (XSS) via /hospital/hms/admin... | E | |
| CVE-2021-35391 | Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers ... | E | |
| CVE-2021-35392 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implement... | E S | |
| CVE-2021-35393 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implement... | E S | |
| CVE-2021-35394 | Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is... | KEV E S | |
| CVE-2021-35395 | Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management int... | KEV E S | |
| CVE-2021-35397 | A path traversal vulnerability in the static router for Drogon from 1.0.0-beta14 to 1.6.0 could allo... | E | |
| CVE-2021-35413 | A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x al... | E S | |
| CVE-2021-35414 | Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiari... | E S | |
| CVE-2021-35415 | A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts ... | E S | |
| CVE-2021-35437 | SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAc... | E | |
| CVE-2021-35438 | phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calc... | E S | |
| CVE-2021-35440 | Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and us... | S | |
| CVE-2021-35448 | Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Ad... | E | |
| CVE-2021-35449 | The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 drive... | E | |
| CVE-2021-35450 | A Server Side Template Injection in the Entando Admin Console 6.3.9 and before allows a user with pr... | | |
| CVE-2021-35451 | In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrar... | E | |
| CVE-2021-35452 | An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.... | E | |
| CVE-2021-35456 | Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload... | | |
| CVE-2021-35458 | Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php (aka p=products) via... | E | |
| CVE-2021-35463 | Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allow... | | |
| CVE-2021-35464 | ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession para... | KEV E | |
| CVE-2021-35465 | Certain Arm products before 2021-08-23 do not properly consider the effect of exceptions on a VLLDM ... | | |
| CVE-2021-35469 | The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privileg... | | |
| CVE-2021-35472 | An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to authori... | E S | |
| CVE-2021-35473 | An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the O... | | |
| CVE-2021-35474 | Dynamic stack buffer overflow in cachekey plugin | | |
| CVE-2021-35475 | SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XS... | | |
| CVE-2021-35477 | In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information fro... | S | |
| CVE-2021-35478 | Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and ... | E | |
| CVE-2021-35479 | Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history a... | E | |
| CVE-2021-35482 | An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4.70. An attacker in the local n... | | |
| CVE-2021-35487 | Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blin... | E | |
| CVE-2021-35488 | Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the ho... | E | |
| CVE-2021-35489 | Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend... | E | |
| CVE-2021-35490 | Thruk before 2.44 allows XSS for a quick command.... | | |
| CVE-2021-35491 | A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows ... | E | |
| CVE-2021-35492 | Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust fil... | E | |
| CVE-2021-35493 | TIBCO WebFOCUS Cross Site Scripting vulnerabilities | S | |
| CVE-2021-35494 | TIBCO JasperReports unauthorized access to temporary object | S | |
| CVE-2021-35495 | TIBCO JasperReports FTP Password exposed | S | |
| CVE-2021-35496 | TIBCO JasperReports XML Eternal Entity (XXE) vulnerability | S | |
| CVE-2021-35497 | TIBCO FTL unvalidated SAN in client certificates | S | |
| CVE-2021-35498 | TIBCO EBX Insecure Login Mechanism | S | |
| CVE-2021-35499 | TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities | S | |
| CVE-2021-35500 | TIBCO Data Virtualization Arbitrary File Download vulnerability | S | |
| CVE-2021-35501 | PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When... | E | |
| CVE-2021-35502 | app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp in MISP 2.4.144 does not sanit... | S | |
| CVE-2021-35503 | Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled whe... | E | |
| CVE-2021-35504 | Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value f... | E | |
| CVE-2021-35505 | Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value f... | E | |
| CVE-2021-35506 | Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use o... | E | |
| CVE-2021-35508 | NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with ... | E | |
| CVE-2021-35512 | An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200.... | E | |
| CVE-2021-35513 | Mermaid before 8.11.0 allows XSS when the antiscript feature is used.... | S | |
| CVE-2021-35514 | Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a ... | | |
| CVE-2021-35515 | Apache Commons Compress 1.6 to 1.20 denial of service vulnerability | S | |
| CVE-2021-35516 | Apache Commons Compress 1.6 to 1.20 denial of service vulnerability | S | |
| CVE-2021-35517 | Apache Commons Compress 1.1 to 1.20 denial of service vulnerability | S | |
| CVE-2021-35520 | A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices be... | S | |
| CVE-2021-35521 | A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices bef... | S | |
| CVE-2021-35522 | A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices be... | S | |
| CVE-2021-35523 | Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe configuration handling that enable... | E | |
| CVE-2021-35525 | PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data... | S | |
| CVE-2021-35526 | Storage of Sensitive Information Vulnerability in Hitachi ABB Power Grids System Data Manager – SDM600 Product | S | |
| CVE-2021-35527 | Password Autocomplete Vulnerability in Hitachi ABB Power Grids eSOMS Application | S | |
| CVE-2021-35528 | Authentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB) | S | |
| CVE-2021-35529 | Password in Memory Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB) | S | |
| CVE-2021-35530 | User authentication bypass in TXpert Hub CoreTec 4 | S | |
| CVE-2021-35531 | Remote Code Execution in TXpert Hub CoreTec 4 | S | |
| CVE-2021-35532 | Firmware upload verification bypass in TXpert Hub CoreTec 4 | M | |
| CVE-2021-35533 | Specially Crafted IEC 60870-5-104 Packet Vulnerability in RTU500 series | S | |
| CVE-2021-35534 | Insufficient Security Control Vulnerability | S | |
| CVE-2021-35535 | Insufficient Security Control Vulnerability | S | |
| CVE-2021-35536 | Vulnerability in the Oracle Deal Management product of Oracle E-Business Suite (component: Miscellan... | | |
| CVE-2021-35537 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio... | | |
| CVE-2021-35538 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The su... | | |
| CVE-2021-35539 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported... | | |
| CVE-2021-35540 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The su... | | |
| CVE-2021-35541 | Vulnerability in the PeopleSoft Enterprise SCM product of Oracle PeopleSoft (component: Supplier Por... | | |
| CVE-2021-35542 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The su... | | |
| CVE-2021-35543 | Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSof... | | |
| CVE-2021-35545 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The su... | | |
| CVE-2021-35546 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supporte... | | |
| CVE-2021-35549 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported ve... | | |
| CVE-2021-35550 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35551 | Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are... | S | |
| CVE-2021-35552 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Diagnost... | S | |
| CVE-2021-35553 | Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (componen... | S | |
| CVE-2021-35554 | Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes).... | S | |
| CVE-2021-35556 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35557 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff... | S | |
| CVE-2021-35558 | Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are aff... | S | |
| CVE-2021-35559 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35560 | Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported versio... | S | |
| CVE-2021-35561 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35562 | Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work... | S | |
| CVE-2021-35563 | Vulnerability in the Oracle Shipping Execution product of Oracle E-Business Suite (component: Workfl... | S | |
| CVE-2021-35564 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35565 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35566 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diag... | S | |
| CVE-2021-35567 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35568 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich... | S | |
| CVE-2021-35569 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diag... | S | |
| CVE-2021-35570 | Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Admi... | S | |
| CVE-2021-35571 | Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (comp... | S | |
| CVE-2021-35572 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Ou... | S | |
| CVE-2021-35573 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Ou... | S | |
| CVE-2021-35574 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Ou... | S | |
| CVE-2021-35575 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | S | |
| CVE-2021-35576 | Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database S... | E S | |
| CVE-2021-35577 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | S | |
| CVE-2021-35578 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35580 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View... | S | |
| CVE-2021-35581 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View... | S | |
| CVE-2021-35582 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View... | S | |
| CVE-2021-35583 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported ve... | S | |
| CVE-2021-35584 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ndbcluster/plugin DD... | S | |
| CVE-2021-35585 | Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Us... | S | |
| CVE-2021-35586 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35587 | Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO A... | KEV | |
| CVE-2021-35588 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35589 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device drivers). The suppo... | S | |
| CVE-2021-35590 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported ... | S | |
| CVE-2021-35591 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio... | S | |
| CVE-2021-35592 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported ... | S | |
| CVE-2021-35593 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported ... | S | |
| CVE-2021-35594 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported ... | S | |
| CVE-2021-35595 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Busi... | S | |
| CVE-2021-35596 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Suppo... | S | |
| CVE-2021-35597 | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions tha... | S | |
| CVE-2021-35598 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported ... | S | |
| CVE-2021-35599 | Vulnerability in the Zero Downtime DB Migration to Cloud component of Oracle Database Server. The su... | S | |
| CVE-2021-35601 | Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack product of Oracle PeopleSoft (comp... | S | |
| CVE-2021-35602 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported ve... | S | |
| CVE-2021-35603 | Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component... | S | |
| CVE-2021-35604 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions th... | S | |
| CVE-2021-35606 | Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (compone... | S | |
| CVE-2021-35607 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versio... | S | |
| CVE-2021-35608 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plug... | S | |
| CVE-2021-35609 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR)... | S | |
| CVE-2021-35610 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | S | |
| CVE-2021-35611 | Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Offline Tem... | S | |
| CVE-2021-35612 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | S | |
| CVE-2021-35613 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported ... | S | |
| CVE-2021-35616 | Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: UI ... | S | |
| CVE-2021-35617 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherenc... | S | |
| CVE-2021-35618 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported ... | | |
| CVE-2021-35619 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affect... | | |
| CVE-2021-35620 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). S... | | |
| CVE-2021-35621 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported ... | | |
| CVE-2021-35622 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).... | | |
| CVE-2021-35623 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supp... | | |
| CVE-2021-35624 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).... | | |
| CVE-2021-35625 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).... | | |
| CVE-2021-35626 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35627 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35628 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35629 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35630 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported ve... | | |
| CVE-2021-35631 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versio... | | |
| CVE-2021-35632 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supp... | | |
| CVE-2021-35633 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported ve... | | |
| CVE-2021-35634 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35635 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35636 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35637 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported version... | | |
| CVE-2021-35638 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35639 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Sup... | | |
| CVE-2021-35640 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versio... | | |
| CVE-2021-35641 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35642 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35643 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35644 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35645 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35646 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35647 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported ... | | |
| CVE-2021-35648 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versio... | | |
| CVE-2021-35649 | Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Serve... | S | |
| CVE-2021-35650 | Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Clien... | S | |
| CVE-2021-35651 | Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Conso... | S | |
| CVE-2021-35652 | Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Conso... | S | |
| CVE-2021-35653 | Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Conso... | S | |
| CVE-2021-35654 | Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Conso... | S | |
| CVE-2021-35655 | Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Conso... | S | |
| CVE-2021-35656 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Ou... | S | |
| CVE-2021-35657 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Ou... | S | |
| CVE-2021-35658 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Ou... | S | |
| CVE-2021-35659 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Ou... | S | |
| CVE-2021-35660 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Ou... | S | |
| CVE-2021-35661 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Ou... | S | |
| CVE-2021-35662 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Ou... | S | |
| CVE-2021-35665 | Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Repository)... | S | |
| CVE-2021-35666 | Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module)... | S | |
| CVE-2021-35683 | Vulnerability in the Oracle Essbase Administration Services product of Oracle Essbase (component: EA... | | |
| CVE-2021-35684 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2021-35685 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because i... | R | |
| CVE-2021-35686 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora... | | |
| CVE-2021-35687 | Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Ora... | | |
| CVE-2021-35689 | A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition. This hi... | | |
| CVE-2021-35936 | No Authentication on Logging Server | M | |
| CVE-2021-35937 | A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to by... | E S | |
| CVE-2021-35938 | A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credenti... | E S | |
| CVE-2021-35939 | It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only imp... | E S | |
| CVE-2021-35940 | Regression of CVE-2017-12613 | S | |
| CVE-2021-35941 | Western Digital WD My Book Live (2.x and later) and WD My Book Live Duo (all versions) have an admin... | E | |
| CVE-2021-35942 | The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memor... | | |
| CVE-2021-35943 | Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed user... | | |
| CVE-2021-35944 | Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted ne... | | |
| CVE-2021-35945 | Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted n... | | |
| CVE-2021-35946 | A receiver of a federated share with access to the database with ownCloud version before 10.8 could ... | | |
| CVE-2021-35947 | The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to... | | |
| CVE-2021-35948 | Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an a... | | |
| CVE-2021-35949 | The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permi... | | |
| CVE-2021-35951 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Unauthenticated Remote attacker t... | | |
| CVE-2021-35952 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to change the time... | | |
| CVE-2021-35953 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remote attacker to cause a Denial ... | | |
| CVE-2021-35954 | fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physically proximate attackers to du... | | |
| CVE-2021-35955 | Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.1... | | |
| CVE-2021-35956 | Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-2021062... | E | |
| CVE-2021-35957 | Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense... | | |
| CVE-2021-35958 | TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf... | | |
| CVE-2021-35959 | In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contribu... | | |
| CVE-2021-35961 | TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Use of Hard-coded Credentials | S | |
| CVE-2021-35962 | TAIWAN SECOM CO., LTD., Door Access Control and Personnel Attendance Management system - Path Traversal | S | |
| CVE-2021-35963 | Learningdigital.com, Inc. Orca HCM - Unrestricted Upload of File with Dangerous Type | S | |
| CVE-2021-35964 | Learningdigital.com, Inc. Orca HCM - Broken Authentication | S | |
| CVE-2021-35965 | Learningdigital.com, Inc. Orca HCM - Hard-code password | S | |
| CVE-2021-35966 | Learningdigital.com, Inc. Orca HCM - URL Redirection to Untrusted Site ('Open Redirect') | S | |
| CVE-2021-35967 | Learningdigital.com, Inc. Orca HCM - Path Traversal-1 | S | |
| CVE-2021-35968 | Learningdigital.com, Inc. Orca HCM - Path Traversal-2 | S | |
| CVE-2021-35969 | Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-s... | | |
| CVE-2021-35970 | Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensiti... | E S | |
| CVE-2021-35971 | Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 before 11.0.0.837 P20210507 mish... | | |
| CVE-2021-35973 | NETGEAR WAC104 devices before 1.0.4.15 are affected by an authentication bypass vulnerability in /us... | E | |
| CVE-2021-35975 | Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) i... | E | |
| CVE-2021-35976 | The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to ... | E | |
| CVE-2021-35977 | An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in ... | | |
| CVE-2021-35978 | An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ZING protocol allows arbitrar... | | |
| CVE-2021-35979 | An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to ma... | | |
| CVE-2021-35980 | Adobe Acrobat Reader SpellDictionaryExport Path Traversal Remote Code Execution Vulnerability | | |
| CVE-2021-35981 | Adobe Acrobat Reader DC launchURL Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2021-35982 | Adobe Reader DC Windows Installer Uncontrolled Search Path element could lead to Arbitrary Code Execution | | |
| CVE-2021-35983 | Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2021-35984 | Adobe Acrobat Pro DC PDFLibTool Null Pointer Dereference Bug | | |
| CVE-2021-35985 | Adobe Acrobat Pro DC PDFLibTool Null Pointer Dereference Bug | | |
| CVE-2021-35986 | Adobe Acrobat Pro DC getAnnot Type Confusion Information Disclosure Vulnerability | | |
| CVE-2021-35987 | Adobe Acrobat Pro DC PDFLibTool Out-of-Bound Read | | |
| CVE-2021-35988 | Adobe Acrobat Pro DC Out-of-Bounds Read Bug | | |
| CVE-2021-35989 | Adobe Bridge PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-35990 | Adobe Bridge JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-35991 | Adobe Bridge MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability | | |
| CVE-2021-35992 | Adobe Bridge PostScript Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-35993 | Adobe After Effects PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2021-35994 | Adobe After Effects JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | S | |
| CVE-2021-35995 | Adobe After Effects MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability | S | |
| CVE-2021-35996 | Adobe After Effects Memory Corruption Could Lead To Arbitrary Code Execution | S | |
| CVE-2021-35997 | Adobe Premiere Pro Memory Corruption Remote Code Execution Vulnerability | S | |
| CVE-2021-35999 | Adobe Prelude Memory Corruption Remote Code Execution Vulnerability | S |