| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-38000 | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638... | KEV E | |
| CVE-2021-38001 | Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially... | | |
| CVE-2021-38002 | Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to ... | | |
| CVE-2021-38003 | Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker ... | KEV E | |
| CVE-2021-38004 | Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote ... | | |
| CVE-2021-38005 | Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potenti... | | |
| CVE-2021-38006 | Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacke... | | |
| CVE-2021-38007 | Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially... | | |
| CVE-2021-38008 | Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentia... | E | |
| CVE-2021-38009 | Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attack... | | |
| CVE-2021-38010 | Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a rem... | | |
| CVE-2021-38011 | Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacke... | | |
| CVE-2021-38012 | Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially... | | |
| CVE-2021-38013 | Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 a... | E S | |
| CVE-2021-38014 | Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker ... | | |
| CVE-2021-38015 | Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who... | | |
| CVE-2021-38016 | Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a... | | |
| CVE-2021-38017 | Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a r... | | |
| CVE-2021-38018 | Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote a... | | |
| CVE-2021-38019 | Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote atta... | | |
| CVE-2021-38020 | Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45... | | |
| CVE-2021-38021 | Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote att... | | |
| CVE-2021-38022 | Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a r... | | |
| CVE-2021-38023 | Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to po... | E | |
| CVE-2021-38084 | An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-mi... | | |
| CVE-2021-38085 | The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During... | E | |
| CVE-2021-38086 | Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis Agent for Windows prior to bui... | | |
| CVE-2021-38087 | Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prio... | | |
| CVE-2021-38088 | Acronis Cyber Protect 15 for Windows prior to build 27009 allowed local privilege escalation via bin... | | |
| CVE-2021-38089 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-22035. Reason: This candidat... | R | |
| CVE-2021-38090 | Integer Overflow vulnerability in function filter16_roberts in libavfilter/vf_convolution.c in Ffmpe... | E S | |
| CVE-2021-38091 | Integer Overflow vulnerability in function filter16_sobel in libavfilter/vf_convolution.c in Ffmpeg ... | E S | |
| CVE-2021-38092 | Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c in Ffmpeg ... | E S | |
| CVE-2021-38093 | Integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c in Ffmpeg 4... | E S | |
| CVE-2021-38094 | Integer Overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c in Ffmpeg 4.... | E S | |
| CVE-2021-38095 | The REST API in Planview Spigit 4.5.3 allows remote unauthenticated attackers to query sensitive use... | E | |
| CVE-2021-38096 | Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when pars... | | |
| CVE-2021-38097 | Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnerability when parsing a crafted ... | | |
| CVE-2021-38098 | Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerability when parsing a crafted file.... | | |
| CVE-2021-38099 | CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulner... | | |
| CVE-2021-38100 | Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulnerability when p... | | |
| CVE-2021-38101 | CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bounds Write vulner... | | |
| CVE-2021-38102 | IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability... | | |
| CVE-2021-38103 | IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Write vulnerabilit... | | |
| CVE-2021-38104 | IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability... | | |
| CVE-2021-38105 | IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability... | | |
| CVE-2021-38106 | UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability... | | |
| CVE-2021-38107 | CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability... | | |
| CVE-2021-38108 | Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Read vulner... | | |
| CVE-2021-38109 | Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Read vulnerability when parsing a... | | |
| CVE-2021-38110 | Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected by an Out-of-bounds Write vulne... | | |
| CVE-2021-38111 | The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized pa... | E | |
| CVE-2021-38112 | In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, argument injection in the works... | E | |
| CVE-2021-38113 | In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaSc... | E S | |
| CVE-2021-38114 | libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a simi... | S | |
| CVE-2021-38115 | read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attac... | E S | |
| CVE-2021-38116 | Possible Command injection Vulnerability in OpenText iManager | | |
| CVE-2021-38117 | Possible Remote Code Execution Vulnerability OpenText iManager | | |
| CVE-2021-38118 | Possible Local Privilege Escalation Vulnerability in OpenText iManager | | |
| CVE-2021-38119 | Possible Reflected Cross-Site Scripting (XSS) Vulnerability in OpenText iManager | | |
| CVE-2021-38120 | Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication | | |
| CVE-2021-38121 | Weak communication protocol identified in Advance Authentication client application | | |
| CVE-2021-38122 | Cross-Site Scripting (XSS) in Advance Authentication | | |
| CVE-2021-38123 | Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions... | | |
| CVE-2021-38124 | Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) produc... | | |
| CVE-2021-38125 | Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting vers... | | |
| CVE-2021-38126 | Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, ... | | |
| CVE-2021-38127 | Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, ... | | |
| CVE-2021-38129 | Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting ver... | | |
| CVE-2021-38130 | A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage... | | |
| CVE-2021-38131 | Cross-Site Scripting (XSS) Vulnerability | | |
| CVE-2021-38132 | Possible External service interaction Vulnerability | | |
| CVE-2021-38133 | Possible Improper authentication Vulnerability in OpenText eDirectory | | |
| CVE-2021-38134 | Possible Reflected and Stored XSS in OpenText iManager | | |
| CVE-2021-38135 | Possible External service interaction Vulnerability in OpenText iManager | | |
| CVE-2021-38136 | Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the... | E | |
| CVE-2021-38137 | Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor ... | | |
| CVE-2021-38138 | OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there in... | E | |
| CVE-2021-38140 | The set_user extension module before 2.0.1 for PostgreSQL allows a potential privilege escalation us... | S | |
| CVE-2021-38142 | Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upg... | | |
| CVE-2021-38143 | An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer accou... | E | |
| CVE-2021-38144 | An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XS... | E | |
| CVE-2021-38145 | An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_i... | E | |
| CVE-2021-38146 | The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attacker... | E | |
| CVE-2021-38147 | Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary f... | E | |
| CVE-2021-38148 | Obsidian before 0.12.12 does not require user confirmation for non-http/https URLs.... | | |
| CVE-2021-38149 | index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS.... | E | |
| CVE-2021-38150 | When an attacker manages to get access to the local memory, or the memory dump of a victim, for exam... | | |
| CVE-2021-38151 | index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS.... | E | |
| CVE-2021-38152 | index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 all... | E | |
| CVE-2021-38153 | Timing Attack Vulnerability for Apache Kafka Connect and Clients | S | |
| CVE-2021-38154 | Certain Canon devices manufactured in 2012 through 2020 (such as imageRUNNER ADVANCE iR-ADV C5250), ... | E | |
| CVE-2021-38155 | OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x... | E S | |
| CVE-2021-38156 | In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative user... | E | |
| CVE-2021-38157 | LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.... | E | |
| CVE-2021-38159 | In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0.4), SQL injection in the MOVE... | | |
| CVE-2021-38160 | In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be t... | S | |
| CVE-2021-38161 | Not validating origin TLS certificate | S | |
| CVE-2021-38162 | SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22, 7.22EXT, 7.49, KRNL64UC -7.2... | E | |
| CVE-2021-38163 | SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an at... | KEV | |
| CVE-2021-38164 | SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, ... | | |
| CVE-2021-38165 | Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to d... | | |
| CVE-2021-38166 | In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-... | S | |
| CVE-2021-38167 | Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unauthenticated attacker can extrac... | | |
| CVE-2021-38168 | Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_servers.... | | |
| CVE-2021-38169 | Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and /api/api_funct.py.... | | |
| CVE-2021-38171 | adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not check the init_get_bits return... | S | |
| CVE-2021-38172 | perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)... | E S | |
| CVE-2021-38173 | Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SS... | S | |
| CVE-2021-38174 | When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise View... | | |
| CVE-2021-38175 | SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sen... | | |
| CVE-2021-38176 | Due to improper input sanitization, an authenticated user with certain specific privileges can remot... | | |
| CVE-2021-38177 | SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability ... | M | |
| CVE-2021-38178 | The software logistics system of SAP NetWeaver AS ABAP and ABAP Platform versions - 700, 701, 702, 7... | | |
| CVE-2021-38179 | Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin ... | | |
| CVE-2021-38180 | SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel ... | | |
| CVE-2021-38181 | SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753,... | | |
| CVE-2021-38182 | Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice ... | | |
| CVE-2021-38183 | SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, al... | | |
| CVE-2021-38185 | GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because... | E S | |
| CVE-2021-38186 | An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, lead... | E S | |
| CVE-2021-38187 | An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conve... | E S | |
| CVE-2021-38188 | An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. In Decoder::new(), slice.get_... | E S | |
| CVE-2021-38189 | An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an att... | E S | |
| CVE-2021-38190 | An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory... | E S | |
| CVE-2021-38191 | An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task m... | E S | |
| CVE-2021-38192 | An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during... | E S | |
| CVE-2021-38193 | An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsin... | E S | |
| CVE-2021-38194 | An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any con... | E S | |
| CVE-2021-38195 | An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rust. It can verify an invalid si... | E S | |
| CVE-2021-38196 | An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demo... | E S | |
| CVE-2021-38197 | unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Directory Traversal via ../ in a pathn... | E | |
| CVE-2021-38198 | arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 incorrectly computes the access pe... | E S | |
| CVE-2021-38199 | fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect connection-setup ordering, which... | S | |
| CVE-2021-38200 | arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on systems with perf_event_paran... | S | |
| CVE-2021-38201 | net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of serv... | S | |
| CVE-2021-38202 | fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote attackers to cause a denial of ... | S | |
| CVE-2021-38203 | btrfs in the Linux kernel before 5.13.4 allows attackers to cause a denial of service (deadlock) via... | E S | |
| CVE-2021-38204 | drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allows physically proximate attacke... | S | |
| CVE-2021-38205 | drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel before 5.13.3 makes it easier for ... | S | |
| CVE-2021-38206 | The mac80211 subsystem in the Linux kernel before 5.12.13, when a device supporting only 5 GHz is us... | S | |
| CVE-2021-38207 | drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attacke... | S | |
| CVE-2021-38208 | net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a de... | E S | |
| CVE-2021-38209 | net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of chan... | S | |
| CVE-2021-38217 | SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.... | E | |
| CVE-2021-38221 | bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS.... | E S | |
| CVE-2021-38239 | SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information... | E | |
| CVE-2021-38241 | Deserialization issue discovered in Ruoyi before 4.6.1 allows remote attackers to run arbitrary code... | | |
| CVE-2021-38243 | xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /ind... | E | |
| CVE-2021-38244 | A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older vi... | E | |
| CVE-2021-38258 | NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProces... | E | |
| CVE-2021-38260 | NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseD... | E | |
| CVE-2021-38263 | Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3... | S | |
| CVE-2021-38264 | Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7... | S | |
| CVE-2021-38265 | Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 a... | S | |
| CVE-2021-38266 | The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack ... | | |
| CVE-2021-38267 | Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Porta... | S | |
| CVE-2021-38268 | The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fi... | S | |
| CVE-2021-38269 | Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.... | S | |
| CVE-2021-38278 | Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the urls parameter i... | E | |
| CVE-2021-38283 | Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log... | E | |
| CVE-2021-38289 | An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege ... | E | |
| CVE-2021-38290 | A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_co... | E S | |
| CVE-2021-38291 | FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) suffers from a an assertion fai... | E S | |
| CVE-2021-38294 | Shell Command Injection Vulnerability in Nimbus Thrift Server | E M | |
| CVE-2021-38295 | Privilege escalation vulnerability when using HTML attachments | | |
| CVE-2021-38296 | Apache Spark Key Negotiation Vulnerability | S | |
| CVE-2021-38297 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function in... | | |
| CVE-2021-38298 | Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.... | | |
| CVE-2021-38299 | Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user... | | |
| CVE-2021-38300 | arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when... | E S | |
| CVE-2021-38302 | The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.... | | |
| CVE-2021-38303 | A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360.... | E | |
| CVE-2021-38304 | Improper input validation in the National Instruments NI-PAL driver in versions 20.0.0 and prior may... | S | |
| CVE-2021-38305 | 23andMe Yamale before 3.0.8 allows remote attackers to execute arbitrary code via a crafted schema f... | S | |
| CVE-2021-38306 | Network Attached Storage on LG N1T1*** 10124 devices allows an unauthenticated attacker to gain root... | E | |
| CVE-2021-38311 | In Contiki 3.0, potential nonterminating acknowledgment loops exist in the Telnet service. When the ... | E S | |
| CVE-2021-38312 | Gutenberg Template Library & Redux Framework <= 4.2.11 Incorrect Authorization check to Arbitrary plugin installation and post deletion | E | |
| CVE-2021-38314 | Gutenberg Template Library & Redux Framework <= 4.2.11 Sensitive Information Disclosure | E | |
| CVE-2021-38315 | SP Project & Document Manager <= 4.25 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38316 | WP Academic People List <= 0.4.1 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38317 | Konnichiwa! Membership <= 0.8.3 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38318 | 3D Cover Carousel <= 1.0 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38319 | More From Google <= 0.0.2 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38320 | simpleSAMLphp Authentication <= 0.7.0 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38321 | Custom Menu Plugin <= 1.3.3 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38322 | Twitter Friends Widget <= 3.1 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38323 | RentPress <= 6.6.4 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38324 | SP Rental Manager <= 1.5.3 Unauthenticated SQL Injection | E S | |
| CVE-2021-38325 | User Activation Email <= 1.3.0 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38326 | Post Title Counter <= 1.1 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38327 | YouTube Video Inserter <= 1.2.1.0 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38328 | Notices <= 6.1 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38329 | DJ EmailPublish <= 1.7.2 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38330 | Yet Another bol.com Plugin <= 1.4 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38331 | WP-T-Wap <= 1.13.2 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38332 | On Page SEO + Whatsapp Chat Button <= 1.0.1 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38333 | WP Scrippets <= 1.5.1 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38334 | WP Design Maps & Places <= 1.2 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38335 | Wise Agent Capture Forms <= 1.0 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38336 | Edit Comments XT <= 1.0 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38337 | RSVPMaker Excel <= 1.1 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38338 | Border Loading Bar <= 1.0.1 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38339 | Simple Matted Thumbnails <= 1.01 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38340 | Wordpress Simple Shop <= 1.2 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38341 | WooCommerce Payment Gateway Per Category <= 2.0.10 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38342 | Nested Pages <= 3.1.15 Cross-Site Request Forgery to Arbitrary Post Deletion and Modification | S | |
| CVE-2021-38343 | Nested Pages <= 3.1.15 Open Redirect | E S | |
| CVE-2021-38344 | Brizy <= 2.3.11 Authenticated Stored Cross-Site Scripting | E | |
| CVE-2021-38345 | Brizy <= 1.0.125 and 1.0.127 – 2.3.11 Incorrect authorization checks allowing Post modification | | |
| CVE-2021-38346 | Brizy <= 2.3.11 Authenticated Unrestricted File Upload and Path Traversal | | |
| CVE-2021-38347 | Custom Website Data <= 2.2 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38348 | Advance Search <= 1.1.2 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38349 | Integration of Moneybird for WooCommerce <= 2.1.1 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38350 | spideranalyse <= 0.0.1 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38351 | OSD Subscribe <= 1.2.3 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38352 | Feedify – Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38353 | Dropdown and scrollable Text <= 2.0 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38354 | GNU-Mailman Integration <= 1.0.6 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38355 | Bug Library <= 2.0.3 Reflected Cross-Site Scripting | E S | |
| CVE-2021-38356 | NextScripts: Social Networks Auto-Poster <= 4.3.20 Reflected Cross-Site Scripting | E | |
| CVE-2021-38357 | SMS OVH <= 0.1 Reflected Cross-Site Scripting | S | |
| CVE-2021-38358 | MoolaMojo <= 0.7.4.1 Reflected Cross-Site Scripting | S | |
| CVE-2021-38359 | WordPress InviteBox Plugin <= 1.4.1 Reflected Cross-Site Scripting | S | |
| CVE-2021-38360 | wp-publications <= 0.0 Local File Include | S | |
| CVE-2021-38361 | .htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting | S | |
| CVE-2021-38362 | In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a R... | | |
| CVE-2021-38363 | An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes ... | E | |
| CVE-2021-38364 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by i... | E | |
| CVE-2021-38365 | Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remote attackers to recover speech... | E | |
| CVE-2021-38366 | Sitecore through 10.1, when Update Center is enabled, allows remote authenticated users to upload ar... | E | |
| CVE-2021-38370 | In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.... | E | |
| CVE-2021-38371 | The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP se... | | |
| CVE-2021-38372 | In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses fr... | E | |
| CVE-2021-38373 | In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages a... | | |
| CVE-2021-38374 | OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader referenc... | E | |
| CVE-2021-38375 | OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail... | E | |
| CVE-2021-38376 | OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via th... | E | |
| CVE-2021-38377 | OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncate... | E | |
| CVE-2021-38378 | OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By... | E | |
| CVE-2021-38379 | The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Inform... | | |
| CVE-2021-38380 | Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s st... | E | |
| CVE-2021-38381 | Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP c... | E | |
| CVE-2021-38382 | Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SE... | E | |
| CVE-2021-38383 | OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.... | S | |
| CVE-2021-38384 | Serverless Offline 8.0.0 returns a 403 HTTP status code for a route that has a trailing / character,... | E | |
| CVE-2021-38385 | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verif... | E | |
| CVE-2021-38386 | In Contiki 3.0, a buffer overflow in the Telnet service allows remote attackers to cause a denial of... | | |
| CVE-2021-38387 | In Contiki 3.0, a Telnet server that silently quits (before disconnection with clients) leads to con... | | |
| CVE-2021-38388 | Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a... | S | |
| CVE-2021-38389 | Advantech WebAccess | S | |
| CVE-2021-38390 | A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of De... | | |
| CVE-2021-38391 | A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta ... | | |
| CVE-2021-38392 | Improper Access Control for Boston Scientific Zoom Latitude | M | |
| CVE-2021-38393 | A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of De... | | |
| CVE-2021-38394 | Missing Protection against Hardware Reverse Engineering Using Integrated Circuit Imaging Techniques for Boston Scientific Zoom Latitude | M | |
| CVE-2021-38395 | Honeywell Experion PKS and ACE Controllers Injection | M | |
| CVE-2021-38396 | Missing Support Integrity Check for Boston Scientific Zoom Latitude | M | |
| CVE-2021-38397 | Honeywell Experion PKS and ACE Controllers Unrestricted Upload of File with Dangerous Type | M | |
| CVE-2021-38398 | Reliance on Component that is not Updateable for Boston Scientific Zoom Latitude | M | |
| CVE-2021-38399 | Honeywell Experion PKS and ACE Controllers Relative Path Traversal | M | |
| CVE-2021-38400 | Use of Password Hash with Insufficient Computational Effort for Boston Scientific Zoom Latitude | M | |
| CVE-2021-38401 | Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference | S | |
| CVE-2021-38402 | Delta Electronics DOPSoft 2 Stack-Based Buffer Overflow | S | |
| CVE-2021-38403 | Delta Electronics DIALink | M | |
| CVE-2021-38404 | Delta Electronics DOPSoft 2 Heap-based Buffer Overflow | S | |
| CVE-2021-38405 | Siemens Solid Edge, JT2Go, and Teamcenter Visualization Improper Restriction of Operations within the Bounds of a Memory Buffer | S | |
| CVE-2021-38406 | Delta Electronics DOPSoft 2 Out-of-Bounds Write | KEV S | |
| CVE-2021-38407 | Delta Electronics DIALink | M | |
| CVE-2021-38408 | A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by... | | |
| CVE-2021-38409 | Fuji Electric Tellus Lite V-Simulator uninitialized pointer | S | |
| CVE-2021-38410 | AVEVA PCS Portal Uncontrolled Search Path Element | S | |
| CVE-2021-38411 | Delta Electronics DIALink | M | |
| CVE-2021-38412 | Digi PortServer TS 16 Improper Authentication | S | |
| CVE-2021-38413 | Fuji Electric Tellus Lite V-Simulator stack based buffer overflow | S | |
| CVE-2021-38415 | Fuji Electric Tellus Lite V-Simulator heap based buffer overflow | S | |
| CVE-2021-38416 | Delta Electronics DIALink | M | |
| CVE-2021-38417 | VISAM VBASE Editor Improper Access Control | S | |
| CVE-2021-38418 | Delta Electronics DIALink | M | |
| CVE-2021-38419 | Fuji Electric Tellus Lite V-Simulator out of bounds write | S | |
| CVE-2021-38420 | Delta Electronics DIALink | M | |
| CVE-2021-38421 | Fuji Electric Tellus Lite V-Simulator out of bounds read | S | |
| CVE-2021-38422 | Delta Electronics DIALink | M | |
| CVE-2021-38423 | GurumDDS Heap-based Incorrect Calculation of Buffer Size | S | |
| CVE-2021-38424 | Delta Electronics DIALink | M | |
| CVE-2021-38425 | eProsima Fast DDS Network Amplification | S | |
| CVE-2021-38426 | FATEK Automation WinProladder | M | |
| CVE-2021-38427 | RTI Connext DDS Professional and Connext DDS Secure Stack-based Buffer Overflow | S | |
| CVE-2021-38428 | Delta Electronics DIALink | M | |
| CVE-2021-38429 | OCI OpenDDS Secure Network Amplification | S | |
| CVE-2021-38430 | FATEK Automation WinProladder | M | |
| CVE-2021-38431 | Advantech WebAccess SCADA | S | |
| CVE-2021-38432 | FATEK Automation Communication Server | M | |
| CVE-2021-38433 | RTI Connext DDS Professional and Connext DDS Secure Stack-based Buffer Overflow | S | |
| CVE-2021-38434 | FATEK Automation WinProladder | M | |
| CVE-2021-38435 | RTI Connext DDS Professional and Connext DDS Secure Incorrect Calculation of Buffer Size | S | |
| CVE-2021-38436 | FATEK Automation WinProladder | M | |
| CVE-2021-38438 | FATEK Automation WinProladder | M | |
| CVE-2021-38439 | GurumDDS Heap-based Buffer Overflow | S | |
| CVE-2021-38440 | FATEK Automation WinProladder | M | |
| CVE-2021-38441 | Eclipse CycloneDDS Write-what-where Condition | S | |
| CVE-2021-38442 | FATEK Automation WinProladder | M | |
| CVE-2021-38443 | Eclipse CycloneDDS Improper Handling of Syntactically Invalid Structure | S | |
| CVE-2021-38445 | OCI OpenDDS Secure Improper Handling of Length Parameter Inconsistency | S | |
| CVE-2021-38447 | OCI OpenDDS Secure Amplification | S | |
| CVE-2021-38448 | Trane Symbio Improper Control of Generation of Code | S | |
| CVE-2021-38449 | AUVESY Versiondog | S | |
| CVE-2021-38450 | Trane Tracer Code Injection | S | |
| CVE-2021-38451 | AUVESY Versiondog | S | |
| CVE-2021-38452 | Moxa MXview Network Management Software | S | |
| CVE-2021-38453 | AUVESY Versiondog | S | |
| CVE-2021-38454 | Moxa MXview Network Management Software | S | |
| CVE-2021-38455 | AUVESY Versiondog | S | |
| CVE-2021-38456 | Moxa MXview Network Management Software | S | |
| CVE-2021-38457 | AUVESY Versiondog | S | |
| CVE-2021-38458 | Moxa MXview Network Management Software | S | |
| CVE-2021-38459 | AUVESY Versiondog | S | |
| CVE-2021-38460 | Moxa MXview Network Management Software | S | |
| CVE-2021-38461 | AUVESY Versiondog | S | |
| CVE-2021-38462 | InHand Networks IR615 Router | M | |
| CVE-2021-38463 | AUVESY Versiondog | S | |
| CVE-2021-38464 | InHand Networks IR615 Router | M | |
| CVE-2021-38465 | AUVESY Versiondog | S | |
| CVE-2021-38466 | InHand Networks IR615 Router | M | |
| CVE-2021-38467 | AUVESY Versiondog | S | |
| CVE-2021-38468 | InHand Networks IR615 Router | M | |
| CVE-2021-38469 | AUVESY Versiondog | S | |
| CVE-2021-38470 | InHand Networks IR615 Router | M | |
| CVE-2021-38471 | AUVESY Versiondog | S | |
| CVE-2021-38472 | InHand Networks IR615 Router | M | |
| CVE-2021-38473 | AUVESY Versiondog | S | |
| CVE-2021-38474 | InHand Networks IR615 Router | M | |
| CVE-2021-38475 | AUVESY Versiondog | S | |
| CVE-2021-38476 | InHand Networks IR615 Router | M | |
| CVE-2021-38477 | AUVESY Versiondog | S | |
| CVE-2021-38478 | InHand Networks IR615 Router | M | |
| CVE-2021-38479 | AUVESY Versiondog | S | |
| CVE-2021-38480 | InHand Networks IR615 Router | M | |
| CVE-2021-38481 | AUVESY Versiondog | S | |
| CVE-2021-38482 | InHand Networks IR615 Router | M | |
| CVE-2021-38483 | ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform | S | |
| CVE-2021-38484 | InHand Networks IR615 Router | M | |
| CVE-2021-38485 | Emerson WirelessHART Gateway | S | |
| CVE-2021-38486 | InHand Networks IR615 Router | M | |
| CVE-2021-38487 | RTI Connext DDS Professional and Connext DDS Secure Network Amplification | S | |
| CVE-2021-38488 | Delta Electronics DIALink | M | |
| CVE-2021-38490 | Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vul... | | |
| CVE-2021-38491 | Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loa... | | |
| CVE-2021-38492 | When delegating navigations to the operating system, Firefox would accept the `mk` scheme which migh... | E | |
| CVE-2021-38493 | Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of ... | | |
| CVE-2021-38494 | Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evid... | | |
| CVE-2021-38495 | Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs sh... | | |
| CVE-2021-38496 | During operations on MessageTasks, a task may have been removed while it was still scheduled, result... | | |
| CVE-2021-38497 | Through use of reportValidity() and window.open(), a plain-text validation message could have been o... | | |
| CVE-2021-38498 | During process shutdown, a document could have caused a use-after-free of a languages service object... | | |
| CVE-2021-38499 | Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evid... | | |
| CVE-2021-38500 | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of t... | | |
| CVE-2021-38501 | Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of t... | | |
| CVE-2021-38502 | Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM co... | | |
| CVE-2021-38503 | The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypas... | | |
| CVE-2021-38504 | When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-aft... | | |
| CVE-2021-38505 | Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will re... | | |
| CVE-2021-38506 | Through a series of navigations, Firefox could have entered fullscreen mode without notification or ... | | |
| CVE-2021-38507 | The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upg... | | |
| CVE-2021-38508 | By displaying a form validity message in the correct location at the same time as a permission promp... | | |
| CVE-2021-38509 | Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary... | | |
| CVE-2021-38510 | The executable file warning was not presented when downloading .inetloc files, which, due to a flaw ... | | |
| CVE-2021-38511 | An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR ... | E | |
| CVE-2021-38512 | An issue was discovered in the actix-http crate before 3.0.0-beta.9 for Rust. HTTP/1 request smuggli... | E | |
| CVE-2021-38513 | Certain NETGEAR devices are affected by authentication bypass. This affects RBK852 before 3.2.10.11,... | | |
| CVE-2021-38514 | Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D... | | |
| CVE-2021-38515 | Certain NETGEAR devices are affected by denial of service. This affects R6400v2 before 1.0.4.98, R67... | | |
| CVE-2021-38516 | Certain NETGEAR devices are affected by lack of access control at the function level. This affects D... | | |
| CVE-2021-38517 | Certain NETGEAR devices are affected by out-of-bounds reads and writes. This affects R6400 before 1.... | | |
| CVE-2021-38518 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX... | | |
| CVE-2021-38519 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R62... | | |
| CVE-2021-38520 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R64... | | |
| CVE-2021-38521 | Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R64... | | |
| CVE-2021-38522 | NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authentica... | | |
| CVE-2021-38523 | NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authentica... | | |
| CVE-2021-38524 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This... | | |
| CVE-2021-38525 | Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This... | | |
| CVE-2021-38526 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affec... | | |
| CVE-2021-38527 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2021-38528 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2021-38529 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2021-38530 | Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affec... | | |
| CVE-2021-38531 | Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D... | | |
| CVE-2021-38532 | NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings.... | | |
| CVE-2021-38533 | NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.... | | |
| CVE-2021-38534 | Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before... | | |
| CVE-2021-38535 | Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 befor... | | |
| CVE-2021-38536 | Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 befor... | | |
| CVE-2021-38537 | Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 befor... | | |
| CVE-2021-38538 | Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before... | | |
| CVE-2021-38539 | Certain NETGEAR devices are affected by privilege escalation. This affects D8500 before 1.0.3.44, R6... | | |
| CVE-2021-38540 | Apache Airflow: Variable Import endpoint missed authentication check | M | |
| CVE-2021-38542 | Apache James vulnerable to STARTTLS command injection (IMAP and POP3) | M | |
| CVE-2021-38543 | TP-Link UE330 USB splitter devices through 2021-08-09, in certain specific use cases in which the de... | E | |
| CVE-2021-38544 | Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signa... | E | |
| CVE-2021-38545 | Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the dev... | E | |
| CVE-2021-38546 | CREATIVE Pebble devices through 2021-08-09 allow remote attackers to recover speech signals from an ... | E | |
| CVE-2021-38547 | Logitech Z120 and S120 speakers through 2021-08-09 allow remote attackers to recover speech signals ... | E | |
| CVE-2021-38548 | JBL Go 2 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on ... | E | |
| CVE-2021-38549 | MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific use cases in which the device... | E | |
| CVE-2021-38553 | HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file ass... | | |
| CVE-2021-38554 | HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between... | | |
| CVE-2021-38555 | An XML external entity (XXE) injection vulnerability exists in Apache Any23 StreamUtils.java | | |
| CVE-2021-38556 | includes/configure_client.php in RaspAP 2.6.6 allows attackers to execute commands via command injec... | E | |
| CVE-2021-38557 | raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure s... | E | |
| CVE-2021-38559 | DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 par... | E | |
| CVE-2021-38560 | Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigD... | S | |
| CVE-2021-38561 | golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read du... | S | |
| CVE-2021-38562 | Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows... | S | |
| CVE-2021-38563 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It mishandle... | | |
| CVE-2021-38564 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows an... | | |
| CVE-2021-38565 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows wr... | | |
| CVE-2021-38566 | An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. It allows st... | | |
| CVE-2021-38567 | An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. It ... | | |
| CVE-2021-38568 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption du... | S | |
| CVE-2021-38569 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows stack consumption vi... | | |
| CVE-2021-38570 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows attackers to delete ... | | |
| CVE-2021-38571 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows DLL hijacking, aka C... | | |
| CVE-2021-38572 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary... | | |
| CVE-2021-38573 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows writing to arbitrary... | | |
| CVE-2021-38574 | An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows SQL Injection via cr... | | |
| CVE-2021-38575 | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.... | E | |
| CVE-2021-38576 | A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This... | | |
| CVE-2021-38577 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was inco... | R | |
| CVE-2021-38578 | Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.... | | |
| CVE-2021-38583 | openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cr... | E | |
| CVE-2021-38584 | The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585).... | | |
| CVE-2021-38585 | The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585).... | | |
| CVE-2021-38586 | In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589).... | | |
| CVE-2021-38587 | In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-58... | | |
| CVE-2021-38588 | In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC-587)... | | |
| CVE-2021-38589 | In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly restrict the overwriting of file... | | |
| CVE-2021-38590 | In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584).... | | |
| CVE-2021-38591 | An issue was discovered on LG mobile devices with Android OS P and Q software for mt6762/mt6765/mt68... | | |
| CVE-2021-38592 | Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_Lo... | | |
| CVE-2021-38593 | Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath... | S | |
| CVE-2021-38597 | wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant respons... | S | |
| CVE-2021-38598 | OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonatio... | E | |
| CVE-2021-38599 | WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as... | S | |
| CVE-2021-38602 | PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.... | E | |
| CVE-2021-38603 | PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.... | E | |
| CVE-2021-38604 | In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandl... | E S | |
| CVE-2021-38606 | reNgine through 0.5 relies on a predictable directory name.... | S | |
| CVE-2021-38607 | Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.... | | |
| CVE-2021-38608 | Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allow... | | |
| CVE-2021-38611 | A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager ... | E | |
| CVE-2021-38612 | In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulnerability in a log-reading funct... | E | |
| CVE-2021-38613 | The assets/index.php Image Upload feature of the NASCENT RemKon Device Manager 4.0.0.0 allows attack... | E | |
| CVE-2021-38614 | Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a R... | E | |
| CVE-2021-38615 | In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/config/ SSO configuration endpoint... | | |
| CVE-2021-38616 | In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoin... | | |
| CVE-2021-38617 | In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ user creation endpoint allows a ... | | |
| CVE-2021-38618 | In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication byp... | | |
| CVE-2021-38619 | openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote... | E | |
| CVE-2021-38621 | The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index.ts in netless Agora Flat Serv... | S | |
| CVE-2021-38623 | The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allow... | | |
| CVE-2021-38624 | Windows Key Storage Provider Security Feature Bypass Vulnerability | S | |
| CVE-2021-38625 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2021-38626 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2021-38628 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | S | |
| CVE-2021-38629 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability | S | |
| CVE-2021-38630 | Windows Event Tracing Elevation of Privilege Vulnerability | S | |
| CVE-2021-38631 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | S | |
| CVE-2021-38632 | BitLocker Security Feature Bypass Vulnerability | S | |
| CVE-2021-38633 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-38634 | Microsoft Windows Update Client Elevation of Privilege Vulnerability | S | |
| CVE-2021-38635 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | S | |
| CVE-2021-38636 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability | S | |
| CVE-2021-38637 | Windows Storage Information Disclosure Vulnerability | S | |
| CVE-2021-38638 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | S | |
| CVE-2021-38639 | Win32k Elevation of Privilege Vulnerability | S | |
| CVE-2021-38641 | Microsoft Edge for Android Spoofing Vulnerability | S | |
| CVE-2021-38642 | Microsoft Edge for iOS Spoofing Vulnerability | S | |
| CVE-2021-38644 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability | S | |
| CVE-2021-38645 | Open Management Infrastructure Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-38646 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | KEV S | |
| CVE-2021-38647 | Open Management Infrastructure Remote Code Execution Vulnerability | KEV E S | |
| CVE-2021-38648 | Open Management Infrastructure Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2021-38649 | Open Management Infrastructure Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-38650 | Microsoft Office Spoofing Vulnerability | S | |
| CVE-2021-38651 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2021-38652 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2021-38653 | Microsoft Office Visio Remote Code Execution Vulnerability | S | |
| CVE-2021-38654 | Microsoft Office Visio Remote Code Execution Vulnerability | S | |
| CVE-2021-38655 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-38656 | Microsoft Word Remote Code Execution Vulnerability | S | |
| CVE-2021-38657 | Microsoft Office Graphics Component Information Disclosure Vulnerability | S | |
| CVE-2021-38658 | Microsoft Office Graphics Remote Code Execution Vulnerability | S | |
| CVE-2021-38659 | Microsoft Office Graphics Remote Code Execution Vulnerability | S | |
| CVE-2021-38660 | Microsoft Office Graphics Remote Code Execution Vulnerability | S | |
| CVE-2021-38661 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-38662 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | S | |
| CVE-2021-38663 | Windows exFAT File System Information Disclosure Vulnerability | S | |
| CVE-2021-38665 | Remote Desktop Protocol Client Information Disclosure Vulnerability | S | |
| CVE-2021-38666 | Remote Desktop Client Remote Code Execution Vulnerability | S | |
| CVE-2021-38667 | Windows Print Spooler Elevation of Privilege Vulnerability | S | |
| CVE-2021-38669 | Microsoft Edge (Chromium-based) Tampering Vulnerability | S | |
| CVE-2021-38671 | Windows Print Spooler Elevation of Privilege Vulnerability | S | |
| CVE-2021-38672 | Windows Hyper-V Remote Code Execution Vulnerability | S | |
| CVE-2021-38674 | Reflected XSS Vulnerability in TFTP | S | |
| CVE-2021-38675 | Stored XSS Vulnerability in Image2PDF | S | |
| CVE-2021-38677 | Reflected XSS Vulnerability in QcalAgent | S | |
| CVE-2021-38678 | Open Redirect Vulnerability in QcalAgent | S | |
| CVE-2021-38679 | Improper Authentication in Kazoo Server | S | |
| CVE-2021-38680 | Reflected XSS in Kazoo Server | S | |
| CVE-2021-38681 | Reflected XSS Vulnerability in Ragic Cloud DB | M | |
| CVE-2021-38682 | Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard | S | |
| CVE-2021-38684 | Buffer Overflow Vulnerability in Multimedia Console | S | |
| CVE-2021-38685 | Command Injection Vulnerability in VioStor | S | |
| CVE-2021-38686 | Improper Authentication Vulnerability in VioStor | S | |
| CVE-2021-38687 | Stack Overflow Vulnerability in Surveillance Station | S | |
| CVE-2021-38688 | Improper Authentication in Qfile | S | |
| CVE-2021-38689 | Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard | S | |
| CVE-2021-38690 | Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard | S | |
| CVE-2021-38691 | Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard | S | |
| CVE-2021-38692 | Stack Overflow Vulnerability in QVR Elite, QVR Pro and QVR Guard | S | |
| CVE-2021-38693 | Path Traversal in thttpd | S | |
| CVE-2021-38694 | SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection.... | E | |
| CVE-2021-38695 | SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting (XSS) that allows users... | E | |
| CVE-2021-38696 | SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to... | E | |
| CVE-2021-38697 | SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted File Upload, that allows attacke... | E | |
| CVE-2021-38698 | HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxie... | | |
| CVE-2021-38699 | TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.... | E | |
| CVE-2021-38701 | Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/20... | | |
| CVE-2021-38702 | Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attac... | E | |
| CVE-2021-38703 | Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not... | E | |
| CVE-2021-38704 | Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthentic... | E | |
| CVE-2021-38705 | ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consis... | E | |
| CVE-2021-38706 | messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allow... | | |
| CVE-2021-38707 | Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged atta... | E | |
| CVE-2021-38708 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS.... | | |
| CVE-2021-38709 | In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging ... | | |
| CVE-2021-38710 | Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/f... | | |
| CVE-2021-38711 | In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.... | S | |
| CVE-2021-38712 | OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommend... | E | |
| CVE-2021-38713 | imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header.... | E | |
| CVE-2021-38714 | In Plib through 1.85, there is an integer overflow vulnerability that could result in arbitrary code... | E | |
| CVE-2021-38721 | FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability... | E S | |
| CVE-2021-38723 | FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items... | E | |
| CVE-2021-38725 | Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php... | S | |
| CVE-2021-38727 | FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items... | E | |
| CVE-2021-38728 | SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.... | E | |
| CVE-2021-38729 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.... | E | |
| CVE-2021-38730 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.... | E | |
| CVE-2021-38731 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.... | | |
| CVE-2021-38732 | SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.... | | |
| CVE-2021-38733 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.... | | |
| CVE-2021-38734 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.... | E | |
| CVE-2021-38736 | SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.... | E | |
| CVE-2021-38737 | SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.... | E | |
| CVE-2021-38745 | Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allow... | S | |
| CVE-2021-38751 | A HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified... | E | |
| CVE-2021-38752 | A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Source... | E | |
| CVE-2021-38753 | An unrestricted file upload on Simple Image Gallery Web App can be exploited to upload a web shell a... | E | |
| CVE-2021-38754 | SQL Injection vulnerability in Hospital Management System due to lack of input validation in messear... | E | |
| CVE-2021-38755 | Unauthenticated doctor entry deletion in Hospital Management System in admin-panel1.php.... | E | |
| CVE-2021-38756 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin throu... | E | |
| CVE-2021-38757 | Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin throu... | E | |
| CVE-2021-38758 | Directory traversal vulnerability in Online Catering Reservation System 1.0 exists due to lack of va... | E | |
| CVE-2021-38759 | Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not changed, ... | | |
| CVE-2021-38772 | Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer overflow via the list parameter i... | E | |
| CVE-2021-38783 | There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK V1.0 camera driver "/dev/cedar... | | |
| CVE-2021-38784 | There is a NULL pointer dereference in the syscall open_exec function of Allwinner R818 SoC Android ... | | |
| CVE-2021-38785 | There is a NULL pointer deference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/ce... | | |
| CVE-2021-38786 | There is a NULL pointer dereference in media/libcedarc/vdecoder of Allwinner R818 SoC Android Q SDK ... | | |
| CVE-2021-38787 | There is an integer overflow in the ION driver "/dev/ion" of Allwinner R818 SoC Android Q SDK V1.0 t... | | |
| CVE-2021-38788 | The Background service in Allwinner R818 SoC Android Q SDK V1.0 is used to manage background applica... | | |
| CVE-2021-38789 | Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that ... | | |
| CVE-2021-38819 | A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" ... | E | |
| CVE-2021-38822 | A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of Ic... | E | |
| CVE-2021-38823 | The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an adm... | E | |
| CVE-2021-38827 | Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.... | E | |
| CVE-2021-38828 | Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic... | E | |
| CVE-2021-38833 | SQL injection vulnerability in PHPGurukul Apartment Visitors Management System (AVMS) v. 1.0 allows ... | E | |
| CVE-2021-38834 | easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sandbox and execute arbitrary syst... | E | |
| CVE-2021-38840 | SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refill... | E | |
| CVE-2021-38841 | Remote Code Execution can occur in Simple Water Refilling Station Management System 1.0 via the Syst... | E | |
| CVE-2021-38847 | S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Edit... | | |
| CVE-2021-38859 | IBM Security Verify Privilege information disclosure | S | |
| CVE-2021-38862 | IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could all... | | |
| CVE-2021-38863 | IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain clear text which can be read by ... | S | |
| CVE-2021-38864 | IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to imprope... | S | |
| CVE-2021-38868 | IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-sit... | | |
| CVE-2021-38869 | IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they ... | S | |
| CVE-2021-38870 | IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to em... | | |
| CVE-2021-38871 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. Th... | S | |
| CVE-2021-38872 | IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1... | S | |
| CVE-2021-38873 | IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execu... | S | |
| CVE-2021-38874 | IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain bo... | S | |
| CVE-2021-38875 | IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attac... | S | |
| CVE-2021-38876 | IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to em... | S | |
| CVE-2021-38877 | IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerab... | S | |
| CVE-2021-38878 | IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchan... | S | |
| CVE-2021-38879 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain s... | S | |
| CVE-2021-38882 | IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit ... | S | |
| CVE-2021-38883 | IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and ... | S | |
| CVE-2021-38886 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which co... | S | |
| CVE-2021-38887 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive informa... | S | |
| CVE-2021-38890 | IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that... | S | |
| CVE-2021-38891 | IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorit... | S | |
| CVE-2021-38892 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-38893 | IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 2... | S | |
| CVE-2021-38894 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive... | S | |
| CVE-2021-38895 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulne... | S | |
| CVE-2021-38896 | IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability allow... | S | |
| CVE-2021-38899 | IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensiti... | S | |
| CVE-2021-38900 | IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 2... | S | |
| CVE-2021-38901 | IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user t... | S | |
| CVE-2021-38903 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by imp... | S | |
| CVE-2021-38904 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials ... | S | |
| CVE-2021-38905 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pag... | S | |
| CVE-2021-38909 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability all... | S | |
| CVE-2021-38910 | IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security r... | | |
| CVE-2021-38911 | IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be r... | S | |
| CVE-2021-38915 | IBM Data Risk Manager 2.0.6 stores user credentials in plain clear text which can be read by an auth... | | |
| CVE-2021-38917 | IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker that gains service access to ... | | |
| CVE-2021-38918 | IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a specific sequence of VM management... | | |
| CVE-2021-38919 | IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRa... | S | |
| CVE-2021-38921 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithm... | S | |
| CVE-2021-38923 | IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain access to another VM due to assi... | | |
| CVE-2021-38924 | IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive in... | S | |
| CVE-2021-38925 | IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryp... | S | |
| CVE-2021-38926 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 co... | | |
| CVE-2021-38927 | IBM Aspera Console cross-site scripting | | |
| CVE-2021-38928 | IBM Sterling B2B Integrator Standard Edition cross-origin resource sharing | | |
| CVE-2021-38929 | IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.... | | |
| CVE-2021-38930 | IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.... | | |
| CVE-2021-38931 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an... | | |
| CVE-2021-38933 | IBM Sterling Connect:Express for UNIX information disclosure | S | |
| CVE-2021-38934 | IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vu... | | |
| CVE-2021-38935 | IBM Maximo Asset Management 7.6.1.2 does not require that users should have strong passwords by defa... | S | |
| CVE-2021-38936 | IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive information to a privileged user. ... | S | |
| CVE-2021-38937 | IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authenticated user to cause the syste... | | |
| CVE-2021-38938 | IBM Host Access Transformation Services information disclosure | S | |
| CVE-2021-38939 | IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could b... | S | |
| CVE-2021-38941 | IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode w... | S | |
| CVE-2021-38944 | IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 20... | S | |
| CVE-2021-38945 | IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary fi... | S | |
| CVE-2021-38946 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerab... | S | |
| CVE-2021-38947 | IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorit... | S | |
| CVE-2021-38948 | IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attac... | S | |
| CVE-2021-38949 | IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can ... | S | |
| CVE-2021-38950 | IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBind... | S | |
| CVE-2021-38951 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused... | | |
| CVE-2021-38952 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability all... | | |
| CVE-2021-38954 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 cou... | S | |
| CVE-2021-38955 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a den... | S | |
| CVE-2021-38956 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in H... | S | |
| CVE-2021-38957 | IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazar... | S | |
| CVE-2021-38958 | IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrenc... | S | |
| CVE-2021-38959 | IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to... | | |
| CVE-2021-38960 | IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive informat... | | |
| CVE-2021-38961 | IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed ar... | | |
| CVE-2021-38963 | IBM Aspera Console CSV injection | | |
| CVE-2021-38965 | IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remote authenticated attacker to e... | S | |
| CVE-2021-38966 | IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows... | | |
| CVE-2021-38967 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malici... | S | |
| CVE-2021-38969 | IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due t... | | |
| CVE-2021-38971 | IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an au... | | |
| CVE-2021-38972 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not va... | S | |
| CVE-2021-38973 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not va... | S | |
| CVE-2021-38974 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause... | S | |
| CVE-2021-38975 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to ob... | S | |
| CVE-2021-38976 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear tex... | S | |
| CVE-2021-38977 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on autho... | S | |
| CVE-2021-38978 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain se... | S | |
| CVE-2021-38979 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against ... | S | |
| CVE-2021-38980 | IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and ... | S | |
| CVE-2021-38981 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain se... | S | |
| CVE-2021-38982 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. Thi... | S | |
| CVE-2021-38983 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic al... | S | |
| CVE-2021-38984 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic al... | S | |
| CVE-2021-38985 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not va... | S | |
| CVE-2021-38986 | IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after logout which could allow an au... | S | |
| CVE-2021-38988 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili... | S | |
| CVE-2021-38989 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili... | S | |
| CVE-2021-38990 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in... | | |
| CVE-2021-38991 | IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili... | S | |
| CVE-2021-38993 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili... | S | |
| CVE-2021-38994 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili... | S | |
| CVE-2021-38995 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili... | S | |
| CVE-2021-38996 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerabili... | | |
| CVE-2021-38997 | IBM API Connect HOST header injection | S | |
| CVE-2021-38999 | IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensit... | S |