| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-37000 | Some Huawei wearables have a permission management vulnerability.... | | |
| CVE-2021-37001 | There is a Register tampering vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37002 | There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of... | | |
| CVE-2021-37003 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37004 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37005 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37006 | There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploi... | | |
| CVE-2021-37007 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37008 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37009 | There is a Configuration vulnerability in Huawei Smartphone.Successful exploitation of this vulnerab... | | |
| CVE-2021-37010 | There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartp... | | |
| CVE-2021-37011 | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of... | | |
| CVE-2021-37012 | There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this... | | |
| CVE-2021-37013 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37014 | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of... | | |
| CVE-2021-37015 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37016 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37017 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37018 | There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this... | | |
| CVE-2021-37019 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37020 | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of... | | |
| CVE-2021-37021 | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of... | | |
| CVE-2021-37022 | There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of ... | | |
| CVE-2021-37023 | There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-37024 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37025 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37026 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37027 | There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affec... | | |
| CVE-2021-37028 | There is a command injection vulnerability in the HG8045Q product. When the command-line interface i... | | |
| CVE-2021-37029 | There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this... | | |
| CVE-2021-37030 | There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this v... | | |
| CVE-2021-37031 | There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerabili... | | |
| CVE-2021-37032 | There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability m... | | |
| CVE-2021-37033 | There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vuln... | | |
| CVE-2021-37034 | There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerab... | | |
| CVE-2021-37035 | There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerabili... | | |
| CVE-2021-37036 | There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V10... | | |
| CVE-2021-37037 | There is an Invalid address access vulnerability in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-37038 | There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of th... | | |
| CVE-2021-37039 | There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-37040 | There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-37041 | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this... | | |
| CVE-2021-37042 | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this... | | |
| CVE-2021-37043 | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of... | | |
| CVE-2021-37044 | There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37045 | There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may... | | |
| CVE-2021-37046 | There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful... | | |
| CVE-2021-37047 | There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-37048 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37049 | There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of ... | | |
| CVE-2021-37050 | There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitat... | | |
| CVE-2021-37051 | There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vu... | | |
| CVE-2021-37052 | There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-37053 | There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerab... | | |
| CVE-2021-37054 | There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successfu... | | |
| CVE-2021-37055 | There is a Logic bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerabi... | | |
| CVE-2021-37056 | There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation o... | | |
| CVE-2021-37057 | There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploita... | | |
| CVE-2021-37058 | There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful ... | | |
| CVE-2021-37059 | There is a Weaknesses Introduced During Design... | | |
| CVE-2021-37060 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37061 | There is a Uncontrolled Resource Consumption vulnerability in Huawei Smartphone.Successful exploitat... | | |
| CVE-2021-37062 | There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploita... | | |
| CVE-2021-37063 | There is a Cryptographic Issues vulnerability in Huawei Smartphone.Successful exploitation of this v... | | |
| CVE-2021-37064 | There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smart... | | |
| CVE-2021-37065 | There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation... | | |
| CVE-2021-37066 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37067 | There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartp... | | |
| CVE-2021-37068 | There is a Resource Management Errors vulnerability in Huawei Smartphone.Successful exploitation of ... | | |
| CVE-2021-37069 | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-37070 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37071 | There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this ... | | |
| CVE-2021-37072 | There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploi... | | |
| CVE-2021-37073 | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-37074 | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-37075 | There is a Credentials Management Errors vulnerability in Huawei Smartphone.Successful exploitation ... | | |
| CVE-2021-37076 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37077 | There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of th... | | |
| CVE-2021-37078 | There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37079 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37080 | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37081 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37082 | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-37083 | There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of th... | | |
| CVE-2021-37084 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37085 | There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulner... | | |
| CVE-2021-37086 | There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploi... | | |
| CVE-2021-37087 | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-37088 | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-37089 | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37090 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37091 | There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful ... | | |
| CVE-2021-37092 | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vul... | | |
| CVE-2021-37093 | There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-37094 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37095 | There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation... | | |
| CVE-2021-37096 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of t... | | |
| CVE-2021-37097 | There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-37098 | Hilinksvc service exists a Data Processing Errors vulnerability .Successful exploitation of this vul... | | |
| CVE-2021-37099 | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnera... | | |
| CVE-2021-37100 | There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of thi... | | |
| CVE-2021-37101 | There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H10... | | |
| CVE-2021-37102 | There is a command injection vulnerability in CMA service module of FusionCompute product when proce... | | |
| CVE-2021-37103 | There is an improper permission management vulnerability in the Wallet apps. Successful exploitation... | | |
| CVE-2021-37104 | There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3).... | | |
| CVE-2021-37105 | There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due ... | | |
| CVE-2021-37106 | There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.... | | |
| CVE-2021-37107 | There is an improper memory access permission configuration on ACPU.Successful exploitation of this ... | | |
| CVE-2021-37109 | There is a security protection bypass vulnerability with the modem.Successful exploitation of this v... | | |
| CVE-2021-37110 | There is a Timing design defects in Smartphone.Successful exploitation of this vulnerability may aff... | | |
| CVE-2021-37111 | There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability ... | | |
| CVE-2021-37112 | Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful ex... | | |
| CVE-2021-37113 | There is a Privilege escalation vulnerability with the file system component in Smartphone.Successfu... | | |
| CVE-2021-37114 | There is an Out-of-bounds read vulnerability in Smartphone.Successful exploitation of this vulnerabi... | | |
| CVE-2021-37115 | There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Su... | | |
| CVE-2021-37116 | PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this v... | | |
| CVE-2021-37117 | There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability m... | | |
| CVE-2021-37118 | The HwNearbyMain module has a Improper Handling of Exceptional Conditions vulnerability.Successful e... | | |
| CVE-2021-37119 | There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability m... | | |
| CVE-2021-37120 | There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may... | | |
| CVE-2021-37121 | There is a Configuration defects in Smartphone.Successful exploitation of this vulnerability may ele... | | |
| CVE-2021-37122 | There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific pac... | | |
| CVE-2021-37123 | There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability ... | | |
| CVE-2021-37124 | There is a path traversal vulnerability in Huawei PC product. Because the product does not filter pa... | | |
| CVE-2021-37125 | Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Succe... | | |
| CVE-2021-37126 | Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Succe... | | |
| CVE-2021-37127 | There is a signature management vulnerability in some huawei products. An attacker can forge signatu... | | |
| CVE-2021-37128 | HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability may ... | | |
| CVE-2021-37129 | There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused b... | | |
| CVE-2021-37130 | There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that ... | S | |
| CVE-2021-37131 | There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An at... | S | |
| CVE-2021-37132 | PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful e... | | |
| CVE-2021-37133 | There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vu... | | |
| CVE-2021-37134 | Location-related APIs exists a Race Condition vulnerability.Successful exploitation of this vulnerab... | | |
| CVE-2021-37136 | The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed... | S | |
| CVE-2021-37137 | The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memo... | S | |
| CVE-2021-37144 | CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() functio... | E | |
| CVE-2021-37145 | A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) C... | | |
| CVE-2021-37146 | An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noeti... | | |
| CVE-2021-37147 | Request Smuggling - LF line ending | S | |
| CVE-2021-37148 | Request Smuggling - transfer encoding validation | S | |
| CVE-2021-37149 | Request Smuggling - multiple attacks | S | |
| CVE-2021-37150 | Protocol vs scheme mismatch | | |
| CVE-2021-37151 | CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals wheth... | | |
| CVE-2021-37152 | Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated att... | | |
| CVE-2021-37153 | ForgeRock Access Management (AM) before 7.0.2, when configured with Active Directory as the Identity... | | |
| CVE-2021-37154 | In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementation allows XML injection, pot... | | |
| CVE-2021-37155 | wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number i... | S | |
| CVE-2021-37156 | Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentica... | | |
| CVE-2021-37157 | An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm... | E S | |
| CVE-2021-37158 | An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attack... | E | |
| CVE-2021-37159 | hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_net... | S | |
| CVE-2021-37160 | A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel ... | | |
| CVE-2021-37161 | A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healt... | | |
| CVE-2021-37162 | A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel oper... | | |
| CVE-2021-37163 | An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus oper... | | |
| CVE-2021-37164 | A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel oper... | | |
| CVE-2021-37165 | A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel oper... | | |
| CVE-2021-37166 | A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslo... | | |
| CVE-2021-37167 | An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Pane... | | |
| CVE-2021-37172 | A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). ... | S | |
| CVE-2021-37173 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX ... | S | |
| CVE-2021-37174 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX ... | S | |
| CVE-2021-37175 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX ... | S | |
| CVE-2021-37176 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | S | |
| CVE-2021-37177 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The s... | S | |
| CVE-2021-37178 | A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). An XML external... | | |
| CVE-2021-37179 | A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dl... | S | |
| CVE-2021-37180 | A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dl... | S | |
| CVE-2021-37181 | A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All vers... | S | |
| CVE-2021-37182 | A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L... | S | |
| CVE-2021-37183 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The a... | S | |
| CVE-2021-37184 | A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthen... | S | |
| CVE-2021-37185 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.... | S | |
| CVE-2021-37186 | A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versi... | S | |
| CVE-2021-37187 | An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may ... | | |
| CVE-2021-37188 | An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may ... | | |
| CVE-2021-37189 | An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secu... | | |
| CVE-2021-37190 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The a... | S | |
| CVE-2021-37191 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An un... | S | |
| CVE-2021-37192 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The a... | S | |
| CVE-2021-37193 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An un... | S | |
| CVE-2021-37194 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C... | S | |
| CVE-2021-37195 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C... | S | |
| CVE-2021-37196 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C... | S | |
| CVE-2021-37197 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C... | S | |
| CVE-2021-37198 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C... | S | |
| CVE-2021-37199 | A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions <... | | |
| CVE-2021-37200 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access ... | S | |
| CVE-2021-37201 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of aff... | S | |
| CVE-2021-37202 | A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All... | S | |
| CVE-2021-37203 | A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All... | S | |
| CVE-2021-37204 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA... | S | |
| CVE-2021-37205 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions >= V2.9.2 < V2.... | S | |
| CVE-2021-37206 | A vulnerability has been identified in SIPROTEC 5 relays with CPU variants CP050 (All versions < V8.... | S | |
| CVE-2021-37207 | A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected applicat... | S | |
| CVE-2021-37208 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i... | S | |
| CVE-2021-37209 | A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.8), RUGGEDCOM i801 (All v... | | |
| CVE-2021-37211 | Larvata Digital Technology Co. Ltd. FLYGO - Stored XSS | S | |
| CVE-2021-37212 | Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-1 | S | |
| CVE-2021-37213 | Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-2 | S | |
| CVE-2021-37214 | Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-3 | S | |
| CVE-2021-37215 | Larvata Digital Technology Co. Ltd. FLYGO - Use of Incorrectly-Resolved Name or Reference-4 | S | |
| CVE-2021-37216 | QSAN Storage Manager - Reflected Cross-Site Scripting | S | |
| CVE-2021-37218 | HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificat... | | |
| CVE-2021-37219 | HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid c... | | |
| CVE-2021-37220 | MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly... | E | |
| CVE-2021-37221 | A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via... | | |
| CVE-2021-37222 | Parsers in the open source project RCDCAP before 1.0.5 allow remote attackers to execute arbitrary c... | S | |
| CVE-2021-37223 | Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Forgery (SSRF) vulnerability in ... | | |
| CVE-2021-37231 | A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/... | E S | |
| CVE-2021-37232 | A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64()... | E S | |
| CVE-2021-37234 | Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f81... | E | |
| CVE-2021-37253 | M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests ... | E | |
| CVE-2021-37254 | In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could u... | | |
| CVE-2021-37262 | JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.... | S | |
| CVE-2021-37267 | Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploite... | | |
| CVE-2021-37270 | There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0.... | | |
| CVE-2021-37271 | Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an at... | E | |
| CVE-2021-37273 | A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU... | | |
| CVE-2021-37274 | Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vul... | | |
| CVE-2021-37289 | Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers... | E | |
| CVE-2021-37291 | An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0... | E | |
| CVE-2021-37292 | An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.... | E | |
| CVE-2021-37293 | A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEM... | E | |
| CVE-2021-37298 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-37304 | An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain es... | | |
| CVE-2021-37305 | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escala... | | |
| CVE-2021-37306 | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escala... | | |
| CVE-2021-37311 | Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via craf... | E S | |
| CVE-2021-37315 | Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version befo... | E M | |
| CVE-2021-37316 | SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.38... | E | |
| CVE-2021-37317 | Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.... | E M | |
| CVE-2021-37322 | GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-d... | E | |
| CVE-2021-37326 | NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.... | | |
| CVE-2021-37330 | Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar uplo... | E | |
| CVE-2021-37331 | Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verificati... | E | |
| CVE-2021-37333 | Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sa... | E | |
| CVE-2021-37334 | Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw th... | S | |
| CVE-2021-37343 | A path traversal vulnerability exists in Nagios XI below version 5.8.5 AutoDiscovery component and c... | E | |
| CVE-2021-37344 | Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote code execution through improper... | | |
| CVE-2021-37345 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is bei... | | |
| CVE-2021-37346 | Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remote code execution through Impr... | | |
| CVE-2021-37347 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because getprofile.sh doe... | | |
| CVE-2021-37348 | Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation of ... | | |
| CVE-2021-37349 | Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because cleaner.php does ... | | |
| CVE-2021-37350 | Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications To... | | |
| CVE-2021-37351 | Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated user... | | |
| CVE-2021-37352 | An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing.... | | |
| CVE-2021-37353 | Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due to improper sanitation in tab... | | |
| CVE-2021-37354 | Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer overflow in the function sub_322... | E | |
| CVE-2021-37358 | SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers to execute arbitrary code via t... | E | |
| CVE-2021-37363 | An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to... | E | |
| CVE-2021-37364 | OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group... | | |
| CVE-2021-37365 | CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel.... | | |
| CVE-2021-37366 | CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin... | | |
| CVE-2021-37367 | CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin pane... | | |
| CVE-2021-37371 | Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerabi... | | |
| CVE-2021-37372 | Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low priv... | | |
| CVE-2021-37373 | Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier ... | E | |
| CVE-2021-37374 | Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attacke... | E | |
| CVE-2021-37375 | Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and ea... | E | |
| CVE-2021-37376 | Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x... | E | |
| CVE-2021-37377 | Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows r... | E | |
| CVE-2021-37378 | Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and ear... | E | |
| CVE-2021-37379 | Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attac... | E | |
| CVE-2021-37381 | Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access other users' private informat... | E | |
| CVE-2021-37384 | RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability ... | | |
| CVE-2021-37386 | Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to cont... | | |
| CVE-2021-37388 | A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr parameter in ping_response.cgi POST r... | E | |
| CVE-2021-37389 | Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the p... | E S | |
| CVE-2021-37390 | A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social net... | E S | |
| CVE-2021-37391 | A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g... | E S | |
| CVE-2021-37392 | In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on... | E | |
| CVE-2021-37393 | In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on... | E | |
| CVE-2021-37394 | In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to ac... | E | |
| CVE-2021-37400 | An attacker may obtain the user credentials from the communication between the PLC and the software.... | | |
| CVE-2021-37401 | An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files sav... | | |
| CVE-2021-37402 | OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is m... | | |
| CVE-2021-37403 | OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-... | | |
| CVE-2021-37404 | Heap buffer overflow in libhdfs native library | | |
| CVE-2021-37405 | Rejected reason: This is unused.... | R | |
| CVE-2021-37409 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allo... | S | |
| CVE-2021-37412 | The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.... | | |
| CVE-2021-37413 | GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A re... | E | |
| CVE-2021-37414 | Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without ... | | |
| CVE-2021-37415 | Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a... | KEV | |
| CVE-2021-37416 | Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the lo... | | |
| CVE-2021-37417 | Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper pa... | | |
| CVE-2021-37418 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-31874. Reason: This candidat... | R | |
| CVE-2021-37419 | Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.... | E S | |
| CVE-2021-37420 | Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.... | E S | |
| CVE-2021-37421 | Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction... | | |
| CVE-2021-37422 | Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the... | | |
| CVE-2021-37423 | Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.... | | |
| CVE-2021-37424 | ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover.... | S | |
| CVE-2021-37425 | Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes at... | E | |
| CVE-2021-37436 | Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a ... | | |
| CVE-2021-37438 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-37439 | NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability.... | E | |
| CVE-2021-37440 | NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. su... | E | |
| CVE-2021-37441 | NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. su... | E | |
| CVE-2021-37442 | NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files.... | E | |
| CVE-2021-37443 | NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter... | E | |
| CVE-2021-37444 | NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugi... | | |
| CVE-2021-37445 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=... | E | |
| CVE-2021-37446 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?... | E | |
| CVE-2021-37447 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelet... | E | |
| CVE-2021-37448 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (store... | | |
| CVE-2021-37449 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (refle... | | |
| CVE-2021-37450 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected... | E | |
| CVE-2021-37451 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflecte... | E | |
| CVE-2021-37452 | NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to ... | E | |
| CVE-2021-37453 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).... | E | |
| CVE-2021-37454 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).... | E | |
| CVE-2021-37455 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (s... | E | |
| CVE-2021-37456 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (st... | E | |
| CVE-2021-37457 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).... | E | |
| CVE-2021-37458 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (sto... | E | |
| CVE-2021-37459 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (sto... | E | |
| CVE-2021-37460 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected).... | E | |
| CVE-2021-37461 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (... | E | |
| CVE-2021-37462 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (refle... | E | |
| CVE-2021-37463 | In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored).... | E | |
| CVE-2021-37464 | In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored).... | E | |
| CVE-2021-37465 | In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected).... | E | |
| CVE-2021-37466 | In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected).... | E | |
| CVE-2021-37467 | In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected).... | E | |
| CVE-2021-37468 | NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading th... | E | |
| CVE-2021-37469 | In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal t... | E | |
| CVE-2021-37470 | In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. A... | E | |
| CVE-2021-37471 | Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escap... | E | |
| CVE-2021-37473 | In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on ... | E S | |
| CVE-2021-37475 | In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection o... | E S | |
| CVE-2021-37476 | In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on ... | E S | |
| CVE-2021-37477 | In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection o... | E S | |
| CVE-2021-37478 | In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter... | E S | |
| CVE-2021-37491 | An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier al... | E S | |
| CVE-2021-37492 | An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers ... | E | |
| CVE-2021-37497 | SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL ... | E | |
| CVE-2021-37498 | An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that all... | | |
| CVE-2021-37499 | CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password pa... | | |
| CVE-2021-37500 | Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in t... | | |
| CVE-2021-37501 | Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to caus... | E | |
| CVE-2021-37502 | Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary c... | E | |
| CVE-2021-37504 | A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.1... | | |
| CVE-2021-37517 | An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the fo... | S | |
| CVE-2021-37518 | Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remo... | E | |
| CVE-2021-37519 | Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of se... | E S | |
| CVE-2021-37522 | SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQ... | E | |
| CVE-2021-37524 | Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to ... | S | |
| CVE-2021-37529 | A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream func... | E S | |
| CVE-2021-37530 | A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_strea... | E S | |
| CVE-2021-37531 | SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains... | | |
| CVE-2021-37532 | SAP Business One version - 10, due to improper input validation, allows an authenticated User to gai... | | |
| CVE-2021-37533 | Apache Commons Net's FTP client trusts the host from PASV response by default | | |
| CVE-2021-37534 | app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster.... | S | |
| CVE-2021-37535 | SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.4... | | |
| CVE-2021-37538 | Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for PrestaShop before 4.06 allow a... | E | |
| CVE-2021-37539 | Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestricted file which leads to Remot... | | |
| CVE-2021-37540 | In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP for the Widget deployment featu... | | |
| CVE-2021-37541 | In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible.... | | |
| CVE-2021-37542 | In JetBrains TeamCity before 2020.2.3, XSS was possible.... | | |
| CVE-2021-37543 | In JetBrains RubyMine before 2021.1.1, code execution without user confirmation was possible for unt... | | |
| CVE-2021-37544 | In JetBrains TeamCity before 2020.2.4, there was an insecure deserialization.... | | |
| CVE-2021-37545 | In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were ma... | | |
| CVE-2021-37546 | In JetBrains TeamCity before 2021.1, an insecure key generation mechanism for encrypted properties w... | | |
| CVE-2021-37547 | In JetBrains TeamCity before 2020.2.4, insufficient checks during file uploading were made.... | | |
| CVE-2021-37548 | In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS.... | | |
| CVE-2021-37549 | In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was insufficient.... | | |
| CVE-2021-37550 | In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons were used.... | | |
| CVE-2021-37551 | In JetBrains YouTrack before 2021.2.16363, system user passwords were hashed with SHA-256.... | | |
| CVE-2021-37552 | In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.... | | |
| CVE-2021-37553 | In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.... | | |
| CVE-2021-37554 | In JetBrains YouTrack before 2021.3.21051, a user could see boards without having corresponding perm... | | |
| CVE-2021-37555 | TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell as root/superuser, a related is... | | |
| CVE-2021-37556 | A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 ... | E S | |
| CVE-2021-37557 | A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 ... | E S | |
| CVE-2021-37558 | A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.... | E S | |
| CVE-2021-37560 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the ... | | |
| CVE-2021-37561 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the ... | | |
| CVE-2021-37562 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the ... | | |
| CVE-2021-37563 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the ... | | |
| CVE-2021-37564 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE... | | |
| CVE-2021-37565 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE... | | |
| CVE-2021-37566 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE... | | |
| CVE-2021-37567 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE... | | |
| CVE-2021-37568 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE... | | |
| CVE-2021-37569 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE... | | |
| CVE-2021-37570 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE... | | |
| CVE-2021-37571 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE... | | |
| CVE-2021-37572 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE... | | |
| CVE-2021-37573 | A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Ser... | E | |
| CVE-2021-37576 | arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM... | E S | |
| CVE-2021-37577 | Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry... | | |
| CVE-2021-37578 | Remote code execution via RMI | M | |
| CVE-2021-37579 | Bypass deserialization checks in Apache Dubbo | | |
| CVE-2021-37580 | Apache ShenYu Admin bypass JWT authentication | | |
| CVE-2021-37583 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE... | | |
| CVE-2021-37584 | MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the ... | | |
| CVE-2021-37586 | The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could all... | | |
| CVE-2021-37587 | In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 data.... | S | |
| CVE-2021-37588 | In Charm 0.43, any two users can collude to achieve the ability to decrypt YCT14 data.... | | |
| CVE-2021-37589 | Virtua Cobranca before 12R allows SQL Injection on the login page.... | E | |
| CVE-2021-37592 | Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP sta... | | |
| CVE-2021-37593 | PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can i... | E | |
| CVE-2021-37594 | In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cli... | S | |
| CVE-2021-37595 | In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cli... | S | |
| CVE-2021-37596 | Telegram Web K Alpha 0.6.1 allows XSS via a document name.... | S | |
| CVE-2021-37597 | WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation.... | E | |
| CVE-2021-37598 | WP Cerber before 8.9.3 allows bypass of /wp-json access control via a trailing ? character.... | E | |
| CVE-2021-37599 | The exporter/Login.aspx login form in the Exporter in Nuance Winscribe Dictation 4.1.0.99 is vulnera... | E | |
| CVE-2021-37600 | An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attac... | E S | |
| CVE-2021-37601 | muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information... | E | |
| CVE-2021-37604 | In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there... | | |
| CVE-2021-37605 | In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stac... | | |
| CVE-2021-37606 | Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether ... | | |
| CVE-2021-37608 | Arbitrary file upload vulnerability in OFBiz | S | |
| CVE-2021-37613 | Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service.... | | |
| CVE-2021-37614 | In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0.3), SQL injection in the MOVE... | S | |
| CVE-2021-37615 | Null pointer dereference in Exiv2::Internal::resolveLens0x319 | S | |
| CVE-2021-37616 | Null pointer dereference in Exiv2::Internal::resolveLens0x8ff | S | |
| CVE-2021-37617 | Untrusted Search Path in Nextcloud Desktop Client | S | |
| CVE-2021-37618 | Out-of-bounds read in Exiv2::Jp2Image::printStructure | S | |
| CVE-2021-37619 | Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header | S | |
| CVE-2021-37620 | Out-of-bounds read in XmpTextValue::read() | S | |
| CVE-2021-37621 | Denial of service due to infinite loop in Image::printIFDStructure | S | |
| CVE-2021-37622 | Denial of service due to infinite loop in JpegBase::printStructure (#1) | S | |
| CVE-2021-37623 | Denial of service due to infinite loop in JpegBase::printStructure (#2) | S | |
| CVE-2021-37624 | FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing | E | |
| CVE-2021-37625 | Incorrect Check of Function Return Value in Skytable | S | |
| CVE-2021-37626 | PHP file inclusion via insert tags | | |
| CVE-2021-37627 | Privilege escalation via form generator | | |
| CVE-2021-37628 | File Drop can be bypassed using Richdocuments app in nextcloud | S | |
| CVE-2021-37629 | Lack of ratelimit on Richdocuments OCS endpoint in nextcloud | | |
| CVE-2021-37630 | Secret Circle can be joined without approval in Nextcloud Circles | S | |
| CVE-2021-37631 | Circle can be accessed by non-Circle members in Nextcloud Deck | S | |
| CVE-2021-37632 | Deserialization of Untrusted Data in com.supermartijn642.configlib.ConfigSyncPacket | | |
| CVE-2021-37633 | XSS via d-popover and d-html-popover attribute | S | |
| CVE-2021-37634 | LeafKit allows XSS with untrusted user input | | |
| CVE-2021-37635 | Heap out of bounds access in sparse reduction operations in TensorFlow | S | |
| CVE-2021-37636 | Floating point exception in `SparseDenseCwiseDiv` in TensorFlow | S | |
| CVE-2021-37637 | Null pointer dereference in `CompressElement` in TensorFlow | S | |
| CVE-2021-37638 | Null pointer dereference in `RaggedTensorToTensor` in TensorFlow | S | |
| CVE-2021-37639 | Null pointer dereference and heap OOB read in TensorFlow | S | |
| CVE-2021-37640 | Integer division by 0 in sparse reshaping in TensorFlow | S | |
| CVE-2021-37641 | Heap OOB in `RaggedGather` in TensorFlow | S | |
| CVE-2021-37642 | Division by 0 in `ResourceScatterDiv` in TensorFlow | S | |
| CVE-2021-37643 | Null pointer dereference in `MatrixDiagPartOp` in TensorFlow | S | |
| CVE-2021-37644 | `std::abort` raised from `TensorListReserve` in TensorFlow | S | |
| CVE-2021-37645 | Integer overflow due to conversion to unsigned in TensorFlow | S | |
| CVE-2021-37646 | Bad alloc in `StringNGrams` caused by integer conversion in TensorFlow | S | |
| CVE-2021-37647 | Null pointer dereference in `SparseTensorSliceDataset` in TensorFlow | S | |
| CVE-2021-37648 | Incorrect validation of `SaveV2` inputs in TensorFlow | S | |
| CVE-2021-37649 | Null pointer dereference in `UncompressElement` in TensorFlow | S | |
| CVE-2021-37650 | Segfault and heap buffer overflow in `{Experimental,}DatasetToTFRecord` in TensorFlow | S | |
| CVE-2021-37651 | Heap buffer overflow in `FractionalAvgPoolGrad` in TensorFlow | S | |
| CVE-2021-37652 | Use after free in boosted trees creation in TensorFlow | S | |
| CVE-2021-37653 | Division by 0 in `ResourceGather` in TensorFlow | S | |
| CVE-2021-37654 | Heap OOB and CHECK fail in `ResourceGather` in TensorFlow | S | |
| CVE-2021-37655 | Heap OOB in `ResourceScatterUpdate` in TensorFlow | S | |
| CVE-2021-37656 | Reference binding to nullptr in `RaggedTensorToSparse` in TensorFlow | S | |
| CVE-2021-37657 | Reference binding to nullptr in `MatrixDiagV*` ops in TensorFlow | S | |
| CVE-2021-37658 | Reference binding to nullptr in `MatrixSetDiagV*` ops in TensorFlow | S | |
| CVE-2021-37659 | Out of bounds read via null pointer dereference in TensorFlow | S | |
| CVE-2021-37660 | Division by 0 in inplace operations in TensorFlow | S | |
| CVE-2021-37661 | Crash caused by integer conversion to unsigned in TensorFlow | S | |
| CVE-2021-37662 | Reference binding to nullptr in boosted trees in TensorFlow | S | |
| CVE-2021-37663 | Incomplete validation in `QuantizeV2` in TensorFlow | S | |
| CVE-2021-37664 | Heap OOB in boosted trees in TensorFlow | S | |
| CVE-2021-37665 | Incomplete validation in MKL requantization in TensorFlow | S | |
| CVE-2021-37666 | Reference binding to nullptr in `RaggedTensorToVariant` in TensorFlow | S | |
| CVE-2021-37667 | Reference binding to nullptr in unicode encoding in TensorFlow | S | |
| CVE-2021-37668 | Division by zero in TensorFlow Lite `tf.raw_ops.UnravelIndex` | S | |
| CVE-2021-37669 | Crash in NMS ops caused by integer conversion to unsigned in TensorFlow | S | |
| CVE-2021-37670 | Heap OOB in `UpperBound` and `LowerBound` in TensorFlow | S | |
| CVE-2021-37671 | Reference binding to nullptr in map operations in TensorFlow | S | |
| CVE-2021-37672 | Heap OOB in `SdcaOptimizerV2` in TensorFlow | S | |
| CVE-2021-37673 | `CHECK`-fail in `MapStage` in TensorFlow | S | |
| CVE-2021-37674 | Incomplete validation in `MaxPoolGrad` in TensorFlow | S | |
| CVE-2021-37675 | Division by 0 in most convolution operators in TensorFlow | S | |
| CVE-2021-37676 | Reference binding to nullptr in shape inference in TensorFlow | S | |
| CVE-2021-37677 | Missing validation in shape inference for `Dequantize` in TensorFlow | S | |
| CVE-2021-37678 | Arbitrary code execution due to YAML deserialization | S | |
| CVE-2021-37679 | Heap OOB in nested `tf.map_fn` with `RaggedTensor`s in TensorFlow | S | |
| CVE-2021-37680 | Division by zero in TFLite in TensorFlow | S | |
| CVE-2021-37681 | Null pointer exception in TensorFlow Lite | S | |
| CVE-2021-37682 | Use of unitialized value in TensorFlow Lite | S | |
| CVE-2021-37683 | Division by zero in TensorFlow Lite division operations | S | |
| CVE-2021-37684 | Division by zero in TensorFlow Lite pooling operations | | |
| CVE-2021-37685 | Heap OOB in TensorFlow Lite | S | |
| CVE-2021-37686 | Infinite loop in TensorFlow Lite | S | |
| CVE-2021-37687 | Heap OOB in TensorFlow Lite's `Gather*` implementations | S | |
| CVE-2021-37688 | Null pointer dereference in TensorFlow Lite | S | |
| CVE-2021-37689 | Null pointer dereference in TensorFlow Lite MLIR optimizations | S | |
| CVE-2021-37690 | Use after free and segfault in shape inference functions in TensorFlow | S | |
| CVE-2021-37691 | Division by zero in LSH in TensorFlow Lite | S | |
| CVE-2021-37692 | Segfault on strings tensors with mistmatched dimensions in TensorFlow | S | |
| CVE-2021-37693 | Re-use of email tokens in Discourse | S | |
| CVE-2021-37694 | Code injection issue for java-spring-cloud-stream-template | E | |
| CVE-2021-37695 | Execution of JavaScript code using malformed HTML in ckeditor | S | |
| CVE-2021-37696 | Sensitive information leak in MassDM of tmerc-cogs | S | |
| CVE-2021-37697 | Sensitive information leak in Welcome of tmerc-cogs | S | |
| CVE-2021-37698 | Missing TLS service certificate validation in GelfWriter, ElasticsearchWriter, InfluxdbWriter and Influxdb2Writer | | |
| CVE-2021-37699 | Open Redirect in Next.js versions below 11.1.0 | | |
| CVE-2021-37700 | Clipboard-based DOM-XSS | E S | |
| CVE-2021-37701 | Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links | S | |
| CVE-2021-37702 | Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore | S | |
| CVE-2021-37703 | Information exposure in Discourse | S | |
| CVE-2021-37704 | Exposed phpinfo() in PhpFastCache | E S | |
| CVE-2021-37705 | Improper Authorization and Origin Validation Error in OneFuzz | S | |
| CVE-2021-37706 | Potential integer underflow upon receiving STUN message in PJSIP | S | |
| CVE-2021-37707 | Manipulation of product reviews via API | S | |
| CVE-2021-37708 | Command injection in mail agent settings | S | |
| CVE-2021-37709 | Insecure direct object reference of log files of the Import/Export feature | S | |
| CVE-2021-37710 | Cross-Site Scripting via SVG media files | S | |
| CVE-2021-37711 | Authenticated server-side request forgery in file upload via URL. | S | |
| CVE-2021-37712 | Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links | S | |
| CVE-2021-37713 | Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization | S | |
| CVE-2021-37714 | Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions | S | |
| CVE-2021-37715 | A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platfor... | | |
| CVE-2021-37716 | A remote buffer overflow vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba O... | S | |
| CVE-2021-37717 | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew... | M | |
| CVE-2021-37718 | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew... | M | |
| CVE-2021-37719 | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew... | | |
| CVE-2021-37720 | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew... | M | |
| CVE-2021-37721 | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew... | M | |
| CVE-2021-37722 | A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gatew... | M | |
| CVE-2021-37723 | A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software... | S | |
| CVE-2021-37724 | A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software... | S | |
| CVE-2021-37725 | A remote cross-site request forgery (csrf) vulnerability was discovered in Aruba SD-WAN Software and... | S | |
| CVE-2021-37726 | A remote buffer overflow vulnerability was discovered in HPE Aruba Instant (IAP) version(s): Aruba I... | | |
| CVE-2021-37727 | A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version... | S | |
| CVE-2021-37728 | A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): ... | M | |
| CVE-2021-37729 | A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Op... | S | |
| CVE-2021-37730 | A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version... | S | |
| CVE-2021-37731 | A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Ope... | S | |
| CVE-2021-37732 | A remote arbitrary command execution vulnerability was discovered in HPE Aruba Instant (IAP) version... | S | |
| CVE-2021-37733 | A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Op... | E | |
| CVE-2021-37734 | A remote unauthorized read access to files vulnerability was discovered in Aruba Instant version(s):... | S | |
| CVE-2021-37735 | A remote denial of service vulnerability was discovered in Aruba Instant version(s): Aruba Instant 6... | S | |
| CVE-2021-37736 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio... | | |
| CVE-2021-37737 | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Cl... | | |
| CVE-2021-37738 | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy ... | | |
| CVE-2021-37739 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager ... | | |
| CVE-2021-37740 | A denial of service vulnerability exists in MDT's firmware for the KNXnet/IP Secure router SCN-IP100... | E | |
| CVE-2021-37741 | ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vulnerabilities.... | | |
| CVE-2021-37742 | app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewi... | S | |
| CVE-2021-37743 | app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster... | S | |
| CVE-2021-37746 | textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, d... | S | |
| CVE-2021-37748 | Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 ... | E | |
| CVE-2021-37749 | MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Inje... | E | |
| CVE-2021-37750 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.... | S | |
| CVE-2021-37759 | A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privile... | | |
| CVE-2021-37760 | A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (... | | |
| CVE-2021-37761 | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, l... | | |
| CVE-2021-37762 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file overwrite leading t... | | |
| CVE-2021-37764 | Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_ima... | | |
| CVE-2021-37770 | Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use uplo... | E | |
| CVE-2021-37774 | An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to ex... | E | |
| CVE-2021-37777 | Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one ... | E | |
| CVE-2021-37778 | There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can ... | E | |
| CVE-2021-37781 | Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofi... | E | |
| CVE-2021-37782 | Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.... | E | |
| CVE-2021-37786 | Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are af... | E | |
| CVE-2021-37787 | The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQ... | | |
| CVE-2021-37788 | A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote ... | E | |
| CVE-2021-37789 | stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure ... | E | |
| CVE-2021-37791 | MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in ... | E | |
| CVE-2021-37794 | A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an aut... | S | |
| CVE-2021-37803 | An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.... | E | |
| CVE-2021-37805 | A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management ... | E | |
| CVE-2021-37806 | An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System af... | E | |
| CVE-2021-37807 | An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the em... | E | |
| CVE-2021-37808 | SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) ca... | E | |
| CVE-2021-37819 | PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/Pd... | S | |
| CVE-2021-37823 | OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL inject... | E | |
| CVE-2021-37832 | A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as th... | E | |
| CVE-2021-37833 | A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of th... | E | |
| CVE-2021-37839 | Improper access to dataset metadata information | M | |
| CVE-2021-37840 | aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within Web... | E | |
| CVE-2021-37841 | Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is ab... | | |
| CVE-2021-37842 | metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster... | | |
| CVE-2021-37843 | The resolution SAML SSO apps for Atlassian products allow a remote attacker to login to a user accou... | | |
| CVE-2021-37845 | An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate t... | E | |
| CVE-2021-37847 | crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is ... | E S | |
| CVE-2021-37848 | common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp ... | E S | |
| CVE-2021-37850 | Denial of service in ESET for Mac products | | |
| CVE-2021-37851 | Local Privilege Escalation in ESET product for Windows | | |
| CVE-2021-37852 | LPE in ESET products for Windows | M | |
| CVE-2021-37853 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-37854 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-37855 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-37856 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-37857 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-37858 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2021-37859 | Reflected XSS in OAuth Flow | | |
| CVE-2021-37860 | Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-a... | | |
| CVE-2021-37861 | Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password in audit logs when user ... | | |
| CVE-2021-37862 | Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, whi... | | |
| CVE-2021-37863 | Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which all... | | |
| CVE-2021-37864 | Users can view the contents of an archived channel when access is explicitly denied by the system admin | | |
| CVE-2021-37865 | Server-side Denial of Service while processing a specifically crafted GIF file | | |
| CVE-2021-37866 | Session is not invalidated on server-side when user logged out of Boards | E | |
| CVE-2021-37867 | Emails of all users are exposed via one of the Boards APIs | | |
| CVE-2021-37909 | CHANGING Inc. TSSServiSignAdapter Windows Versions - Improper Input Validation | S | |
| CVE-2021-37910 | ASUS GT-AXE11000, RT-AX3000, RT-AX55, RT-AX58U, TUF-AX3000 - Improper Authentication | S | |
| CVE-2021-37911 | The management interface of BenQ smart wireless conference projector does not properly control user'... | S | |
| CVE-2021-37912 | HGiga OAKlouds - Command Injection-1 | S | |
| CVE-2021-37913 | HGiga OAKlouds - Command Injection-2 | S | |
| CVE-2021-37914 | In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed ... | E S | |
| CVE-2021-37915 | An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the ... | E | |
| CVE-2021-37916 | Joplin before 2.0.9 allows XSS via button and form in the note body.... | S | |
| CVE-2021-37918 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37919 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37920 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37921 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37922 | Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to path traversal which allows... | | |
| CVE-2021-37923 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37924 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37925 | Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnera... | | |
| CVE-2021-37926 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37927 | Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.... | | |
| CVE-2021-37928 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37929 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37930 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37931 | Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestricted file upload which leads ... | | |
| CVE-2021-37933 | An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow a... | E | |
| CVE-2021-37934 | Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login i... | E | |
| CVE-2021-37935 | An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could... | | |
| CVE-2021-37936 | It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using thi... | M | |
| CVE-2021-37937 | Elasticsearch privilege escalation | | |
| CVE-2021-37938 | It was discovered that on Windows operating systems specifically, Kibana was not validating a user s... | | |
| CVE-2021-37939 | It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTT... | | |
| CVE-2021-37940 | An information disclosure via GET request server-side request forgery vulnerability was discovered w... | | |
| CVE-2021-37941 | A local privilege escalation issue was found with the APM Java agent, where a user on the system cou... | | |
| CVE-2021-37942 | APM Java Agent Local Privilege Escalation | | |
| CVE-2021-37956 | Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote att... | | |
| CVE-2021-37957 | Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potenti... | | |
| CVE-2021-37958 | Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed... | | |
| CVE-2021-37959 | Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convin... | | |
| CVE-2021-37960 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-37961 | Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to pote... | | |
| CVE-2021-37962 | Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attack... | | |
| CVE-2021-37963 | Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote... | | |
| CVE-2021-37964 | Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.... | | |
| CVE-2021-37965 | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed ... | | |
| CVE-2021-37966 | Inappropriate implementation in Compositing in Google Chrome on Android prior to 94.0.4606.54 allowe... | | |
| CVE-2021-37967 | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed ... | | |
| CVE-2021-37968 | Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed ... | | |
| CVE-2021-37969 | Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 all... | | |
| CVE-2021-37970 | Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker t... | E S | |
| CVE-2021-37971 | Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote atta... | E S | |
| CVE-2021-37972 | Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker... | E S | |
| CVE-2021-37973 | Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had c... | KEV S | |
| CVE-2021-37974 | Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who ... | | |
| CVE-2021-37975 | Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially... | KEV | |
| CVE-2021-37976 | Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attac... | KEV E | |
| CVE-2021-37977 | Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacke... | | |
| CVE-2021-37978 | Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to po... | | |
| CVE-2021-37979 | heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 allowed a remote attacker who ... | E | |
| CVE-2021-37980 | Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote atta... | | |
| CVE-2021-37981 | Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who ha... | | |
| CVE-2021-37982 | Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to pote... | | |
| CVE-2021-37983 | Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to pote... | | |
| CVE-2021-37984 | Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to p... | | |
| CVE-2021-37985 | Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convin... | | |
| CVE-2021-37986 | Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to... | | |
| CVE-2021-37987 | Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to p... | | |
| CVE-2021-37988 | Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who conv... | | |
| CVE-2021-37989 | Inappropriate implementation in Blink in Google Chrome prior to 95.0.4638.54 allowed a remote attack... | | |
| CVE-2021-37990 | Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a ... | | |
| CVE-2021-37991 | Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit h... | | |
| CVE-2021-37992 | Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to p... | | |
| CVE-2021-37993 | Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker... | | |
| CVE-2021-37994 | Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remo... | | |
| CVE-2021-37995 | Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a re... | | |
| CVE-2021-37996 | Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed ... | | |
| CVE-2021-37997 | Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convi... | | |
| CVE-2021-37998 | Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacke... | | |
| CVE-2021-37999 | Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote... | E |