CVE-2021-39xxx

There are 787 CVE in this subgroup.
Last updated: 
← Back to 2021
ID Summary Flags Max Score
CVE-2021-39000 IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by ...
S
CVE-2021-39002 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 us...
CVE-2021-39006 IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information ...
CVE-2021-39008 IBM QRadar WinCollect Agent information disclosure
S
CVE-2021-39009 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which ca...
S
CVE-2021-39011 IBM Cloud Pak for Security information disclosure
S
CVE-2021-39013 IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to...
CVE-2021-39014 IBM Cloud Object Storage System cross-site scripting
S
CVE-2021-39015 IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-sit...
S
CVE-2021-39016 IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not s...
S
CVE-2021-39017 IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allo...
S
CVE-2021-39018 IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disc...
S
CVE-2021-39019 IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disc...
S
CVE-2021-39020 IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters....
S
CVE-2021-39021 IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under di...
CVE-2021-39022 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-...
S
CVE-2021-39023 IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive...
S
CVE-2021-39024 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This v...
S
CVE-2021-39025 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address informatio...
S
CVE-2021-39026 IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a remote attacker to obtain sensi...
S
CVE-2021-39027 IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication w...
CVE-2021-39028 IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnera...
S
CVE-2021-39031 IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authentica...
M
CVE-2021-39032 IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potentially sensitive information in lo...
S
CVE-2021-39033 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 cou...
CVE-2021-39034 IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by an issue within the channel pro...
CVE-2021-39035 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6...
CVE-2021-39036 IBM Cognos Analytics cross-site scripting
CVE-2021-39038 IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 2...
S
CVE-2021-39040 IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating ...
CVE-2021-39041 IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting i...
S
CVE-2021-39043 IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site script...
M
CVE-2021-39044 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allo...
CVE-2021-39045 IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information d...
S
CVE-2021-39046 IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and...
S
CVE-2021-39047 IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cro...
S
CVE-2021-39048 IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by im...
S
CVE-2021-39049 IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, ca...
CVE-2021-39050 IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, ca...
CVE-2021-39051 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forg...
CVE-2021-39052 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spr...
S
CVE-2021-39053 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensiti...
S
CVE-2021-39054 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the cli...
S
CVE-2021-39055 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. Th...
CVE-2021-39056 The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote au...
S
CVE-2021-39057 IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SS...
S
CVE-2021-39058 IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorit...
S
CVE-2021-39059 IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cr...
CVE-2021-39063 IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which ...
S
CVE-2021-39064 IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and ...
S
CVE-2021-39065 IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitr...
S
CVE-2021-39066 IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier ...
CVE-2021-39068 IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vul...
S
CVE-2021-39070 IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authenti...
CVE-2021-39072 IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by ...
CVE-2021-39074 IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to...
CVE-2021-39076 IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could al...
CVE-2021-39077 IBM Security Guardium information disclosure
S
CVE-2021-39078 IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local ...
CVE-2021-39079 IBM Cognos Analytics Mobile for Android applications prior to version 1.1.14 is vulnerable to cross-...
CVE-2021-39080 Due to weak obfuscation, IBM Cognos Analytics Mobile for Android application prior to version 1.1.14...
CVE-2021-39081 IBM Cognos Analytics Mobile information disclosure
CVE-2021-39082 IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could all...
S
CVE-2021-39085 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6...
CVE-2021-39086 IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1....
CVE-2021-39087 IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6...
CVE-2021-39088 IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combi...
S
CVE-2021-39089 IBM Cloud Pak for Security information disclosure
S
CVE-2021-39090 IBM Cloud Pak for Security information disclosure
CVE-2021-39109 The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attacker...
S
CVE-2021-39111 The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before ...
CVE-2021-39112 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users ...
S
CVE-2021-39113 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to conti...
CVE-2021-39114 Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on...
CVE-2021-39115 Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers...
CVE-2021-39116 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the appl...
S
CVE-2021-39117 The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allo...
CVE-2021-39118 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the us...
CVE-2021-39119 Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to ...
CVE-2021-39121 Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to e...
S
CVE-2021-39122 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view ...
S
CVE-2021-39123 Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to...
CVE-2021-39124 The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center...
CVE-2021-39125 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to disco...
CVE-2021-39126 Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various ...
S
CVE-2021-39127 Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the q...
S
CVE-2021-39128 Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon al...
CVE-2021-39131 Improper Handling of Unexpected Data Type in ced
E S
CVE-2021-39132 YAML deserialization can run untrusted code
S
CVE-2021-39133 Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
S
CVE-2021-39134 UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
S
CVE-2021-39135 UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
S
CVE-2021-39136 Cross-site scripting vulnerability in file upload
S
CVE-2021-39137 Consensus flaw during block processing in go-ethereum
CVE-2021-39138 New anonymous user session acts as if it's created with password
S
CVE-2021-39139 XStream is vulnerable to an Arbitrary Code Execution attack
S
CVE-2021-39140 XStream can cause a Denial of Service
E S
CVE-2021-39141 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-39143 Path Traversal in spinnaker
E
CVE-2021-39144 XStream is vulnerable to a Remote Command Execution attack
KEV E S
CVE-2021-39145 XStream is vulnerable to an Arbitrary Code Execution attack
S
CVE-2021-39146 XStream is vulnerable to an Arbitrary Code Execution attack
S
CVE-2021-39147 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-39148 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-39149 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-39150 A Server-Side Forgery Request vulnerability in XStream via PriorityQueue unmarshaling
E S
CVE-2021-39151 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-39152 A Server-Side Forgery Request vulnerability in XStream via HashMap unmarshaling
E S
CVE-2021-39153 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-39154 XStream is vulnerable to an Arbitrary Code Execution attack
E S
CVE-2021-39155 Authorization Policy Bypass Due to Case Insensitive Host Comparison
CVE-2021-39156 Fragments in Path May Lead to Authorization Policy Bypass
CVE-2021-39157 Improper Handling of Exceptional Conditions in detect-character-encoding
E S
CVE-2021-39158 Dependency injection in NVCaffe
CVE-2021-39159 Remote code execution in Binderhub
S
CVE-2021-39160 Code injection in nbgitpuller
S
CVE-2021-39161 Cross-site scripting via category name in Discourse
CVE-2021-39162 Incorrect handling of H2 GOAWAY + SETTINGS frames
CVE-2021-39163 Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
S
CVE-2021-39164 Improper authorisation of /members discloses room membership to non-members
S
CVE-2021-39165 Unauthenticated SQL Injection
S
CVE-2021-39166 Improper Neutralization of Text-Values in Object Version Preview
S
CVE-2021-39167 TimelockController vulnerability in OpenZeppelin Contracts
S
CVE-2021-39168 TimelockController vulnerability in OpenZeppelin Contracts
S
CVE-2021-39169 XSS vulnerability using dialog
S
CVE-2021-39170 Improper Encoding or Escaping of Output in Asset Metadata Component
E S
CVE-2021-39171 Unlimited transforms allowed for signed nodes
S
CVE-2021-39172 New line injection during configuration edition
E
CVE-2021-39173 Forced reinstall
E
CVE-2021-39174 Configuration leak
E
CVE-2021-39175 XSS vector in slide mode speaker-view
S
CVE-2021-39176 Missing Release of Memory after Effective Lifetime in detect-character-encoding
E S
CVE-2021-39177 User impersonation due to incorrect handling of the login JWT
S
CVE-2021-39178 XSS in Image Optimization API for Next.js versions between 10.0.0 and 11.1.0
S
CVE-2021-39179 SQL Injection in DHIS2 Tracker API
E S
CVE-2021-39180 Path Traversal in Archive Handling Leading to Code Execution
S
CVE-2021-39181 Unsafe Deserialization of User Data Using XStream
S
CVE-2021-39182 Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py
E
CVE-2021-39183 Unsafe inline XSS Owncast
E S
CVE-2021-39184 Sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
M
CVE-2021-39185 Default CORS config allows any origin with credentials
S
CVE-2021-39186 Improper Input Validation in GlobalNewFiles
E S
CVE-2021-39187 Crash server with query parameter
S
CVE-2021-39189 Observable Response Discrepancy in Lost Password Service
S
CVE-2021-39190 SCCM plugin for GLPI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
S
CVE-2021-39191 URL Redirection to Untrusted Site ('Open Redirect') in mod_auth_openidc
E S
CVE-2021-39192 Privilege escalation: all users can access Admin-level API keys
CVE-2021-39193 Transaction validity oversight in pallet-ethereum
S
CVE-2021-39194 Denial of service while parsing polymorphic input with tagged polymorphism style in kaml
E S
CVE-2021-39195 Server-Side Request Forgery vulnerability in misskey
S
CVE-2021-39196 Authenticated non-privileged user can request unfiltered data without adequate permissions in pcapture
S
CVE-2021-39197 Cross-Site Request Forgery in better_errors
S
CVE-2021-39198 The disqualify lead action may be executed without CSRF token check
CVE-2021-39199 Cross site scripting via unsafe defaults in remark-html
S
CVE-2021-39200 Information Disclosure in wp_die() via JSONP in wordpress
CVE-2021-39201 Authenticated cross-site scripting (XSS) in WordPress editor
CVE-2021-39202 WordPress 5.8 beta: Stored Cross-Site Scripting (XSS) vulnerability in widget
CVE-2021-39203 Private data disclosure/privilege escalation through the block editor in Wordpress
CVE-2021-39204 Excessive CPU usage in Pomerium
CVE-2021-39205 DOM-based XSS/Content Spoofing via Prototype Pollution
S
CVE-2021-39206 Incorrect Authorization with specially crafted requests
CVE-2021-39207 Deserialization of Untrusted Data in parlai
S
CVE-2021-39208 WriteEntryToDirectory used for an archive extraction is vulnerable to partial path traversal.
E S
CVE-2021-39209 Bypassable CSRF protection
CVE-2021-39210 Autologin cookie accessible by scripts
CVE-2021-39211 Disclosure of GLPI and server information in telemetry endpoint
CVE-2021-39212 Issue when Configuring the ImageMagick Security Policy
S
CVE-2021-39213 IP restriction on GLPI API Bypass with custom header injection
CVE-2021-39214 Lacking Protection against HTTP Request Smuggling in mitmproxy
CVE-2021-39215 Authentication Bypass: Forged Tokens Allow Access to Arbitrary Rooms
S
CVE-2021-39216 Use after free passing `externref`s to Wasm in Wasmtime
CVE-2021-39217 OpenMage LTS arbitrary command execution in custom layout update through blocks
S
CVE-2021-39218 Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime
S
CVE-2021-39219 Wrong type for `Linker`-define functions when used across two `Engine`s
S
CVE-2021-39220 Bypass of image blocking in Nextcloud Mail
S
CVE-2021-39221 XSS in Contacts
CVE-2021-39222 XSS in Talk
CVE-2021-39223 File path disclosure of shared files in Richdocuments application
S
CVE-2021-39224 File path disclosure of shared files in OfficeOnline application
S
CVE-2021-39225 Missing permission check on Deck API
S
CVE-2021-39226 Snapshot authentication bypass in grafana
KEV E S
CVE-2021-39227 Fix prototype pollution in the zrender merge and clone helper methods
S
CVE-2021-39228 Memory Safety Issue when using patch or merge on state and assign the result back to state
E S
CVE-2021-39229 Regular expression deinal of service in apprise
E S
CVE-2021-39230 Error in JPNS kernel of Butter
S
CVE-2021-39231 Missing authentication/authorization on internal RPC endpoints
M
CVE-2021-39232 Missing admin check for SCM related admin commands
M
CVE-2021-39233 Container-related datanode operations can be called without authorization
M
CVE-2021-39234 Raw block data can be read bypassing ACL/authorization
M
CVE-2021-39235 Access mode of block tokens are not enforced
M
CVE-2021-39236 Owners of the S3 tokens are not validated
E M
CVE-2021-39237 Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulne...
CVE-2021-39238 Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise PageWide, HP PageWide Managed pro...
CVE-2021-39239 XML External Entity (XXE) vulnerability
M
CVE-2021-39240 An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It do...
CVE-2021-39241 An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 ...
CVE-2021-39242 An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.13, and 2.4 before 2.4.3. It ca...
CVE-2021-39243 Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via ...
E
CVE-2021-39244 Authenticated Semi-Blind Command Injection (via Parameter Injection) exists on Altus Nexto, Nexto Xp...
E
CVE-2021-39245 Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm...
E
CVE-2021-39246 Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise t...
E S
CVE-2021-39247 Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, related to is_last_single_asci...
E S
CVE-2021-39248 Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX...
S
CVE-2021-39249 Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because...
E
CVE-2021-39250 Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resu...
E
CVE-2021-39251 A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 202...
CVE-2021-39252 A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22....
CVE-2021-39253 A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22...
CVE-2021-39254 A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overfl...
CVE-2021-39255 A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_...
CVE-2021-39256 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G ...
CVE-2021-39257 A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain ...
CVE-2021-39258 A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in ...
CVE-2021-39259 A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length ...
CVE-2021-39260 A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NT...
CVE-2021-39261 A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G < 2...
CVE-2021-39262 A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G < 2021.8.22....
CVE-2021-39263 A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in...
CVE-2021-39267 Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remot...
E
CVE-2021-39268 Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remot...
E
CVE-2021-39270 In Ping Identity RSA SecurID Integration Kit before 3.2, user impersonation can occur....
CVE-2021-39271 OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive e...
E
CVE-2021-39272 Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as ...
CVE-2021-39273 In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application exec...
E
CVE-2021-39274 In XeroSecurity Sn1per 9.0 (free version), insecure directory permissions (0777) are set during inst...
E
CVE-2021-39275 ap_escape_quotes buffer overflow
S
CVE-2021-39278 Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-...
E
CVE-2021-39279 Certain MOXA devices allow Authenticated Command Injection via /forms/web_importTFTP. This affects W...
E
CVE-2021-39280 Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /sys...
CVE-2021-39282 Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files....
E
CVE-2021-39283 liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit ...
E
CVE-2021-39285 A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the admi...
E
CVE-2021-39286 Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoes...
S
CVE-2021-39289 Certain NetModule devices have Insecure Password Handling (cleartext or reversible encryption), Thes...
E
CVE-2021-39290 Certain NetModule devices allow Limited Session Fixation via PHPSESSID. These models with firmware b...
E
CVE-2021-39291 Certain NetModule devices allow credentials via GET parameters to CLI-PHP. These models with firmwar...
E
CVE-2021-39293 In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely desig...
CVE-2021-39295 In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via ...
E
CVE-2021-39296 In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full contr...
E
CVE-2021-39297 Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which ma...
S
CVE-2021-39298 A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacke...
CVE-2021-39299 Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which ma...
S
CVE-2021-39300 Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which ma...
S
CVE-2021-39301 Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which ma...
S
CVE-2021-39302 MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions[...
S
CVE-2021-39303 The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. NOTE: Jamf Nation wi...
E
CVE-2021-39304 Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass....
CVE-2021-39306 A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the c...
CVE-2021-39307 PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, inc...
E S
CVE-2021-39308 WooCommerce myghpay Payment Gateway <= 3.0 Reflected Cross-Site Scripting
S
CVE-2021-39309 Parsian Bank Gateway for Woocommerce <= 1.0 Reflected Cross-Site Scripting
S
CVE-2021-39310 Real WYSIWYG <= 0.0.2 Reflected Cross-Site Scripting
S
CVE-2021-39311 link-list-manager <= 1.0 Reflected Cross-Site Scripting
S
CVE-2021-39312 True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read
E S
CVE-2021-39313 Simple Image Gallery <= 1.0.6 Reflected Cross-Site Scripting
S
CVE-2021-39314 WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting
S
CVE-2021-39315 Magic Post Voice <= 1.2 Reflected Cross-Site Scripting
S
CVE-2021-39316 ZoomSounds <= 6.45 Unauthenticated Directory Traversal and Sensitive Information Dislosure
E
CVE-2021-39317 AccessPress Themes - Authenticated Malicious File Upload
E S
CVE-2021-39318 H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting
S
CVE-2021-39319 duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 Reflected Cross-Site Scripting
S
CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting
CVE-2021-39321 Sassy Social Share 3.3.23 PHP Object Injection
E S
CVE-2021-39322 Easy Social Icons <= 3.0.8 - Reflected Cross-Site Scripting
E
CVE-2021-39324 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2021-39325 OptinMonster <= 2.6.0 Reflected Cross-Site Scripting
S
CVE-2021-39326 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2021-39327 BulletProof Security <= 5.1 Sensitive Information Disclosure
E S
CVE-2021-39328 Simple Job Board <= 2.9.4 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39329 JobBoardWP – Job Board Listings and Submissions <= 1.0.7 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39330 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-24608. Reason: This candidat...
R
CVE-2021-39332 Business Manager – WordPress ERP, HR, CRM, and Project Management Plugin <= 1.4.5 Authenticated Stored Cross-Site Scripting
S
CVE-2021-39333 Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion
E
CVE-2021-39334 Job Board Vanila Plugin <= 1.0 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39335 WpGenius Job Listing <= 1.0.2 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39336 Job Manager <= 0.7.25 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39337 job-portal <= 0.0.1 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39338 MyBB Cross-Poster <= 1.0 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39339 Telefication <= 1.8.0 Open Proxy and Server-Side Request Forgery
S
CVE-2021-39340 Notification – Custom Notifications and Alerts for WordPress <= 7.2.4 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39341 OptinMonster <= 2.6.4 Unprotected REST-API Endpoints
E S
CVE-2021-39342 Credova_Financial <= 1.4.8 Sensitive Information Disclosure
S
CVE-2021-39343 MPL-Publisher – Self-publish your book & ebook <= 1.30.2 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39344 KJM Admin Notices <= 2.0.1 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39345 HAL <= 2.1.1 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39346 Google Maps Easy <= 1.9.33 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39347 Stripe for WooCommerce 3.0.0 - 3.3.9 Missing Authorization Controls to Financial Account Hijacking
S
CVE-2021-39348 LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39349 Author Bio Box <= 3.3.1 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39350 FV Flowplayer Video Player <= 7.5.0.727 - 7.5.2.727 Reflected Cross-Site Scripting
S
CVE-2021-39351 WP Bannerize 2.0.0 - 4.0.2 - Authenticated SQL Injection
S
CVE-2021-39352 Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload
E S
CVE-2021-39353 Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting
S
CVE-2021-39354 Easy Digital Downloads <= 2.11.2 Authenticated Reflected Cross-Site Scripting
E S
CVE-2021-39355 Indeed Job Importer <= 1.0.5 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39356 Content Staging <= 2.0.1 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39357 Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting
E S
CVE-2021-39358 In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on...
CVE-2021-39359 In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on th...
CVE-2021-39360 In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on th...
CVE-2021-39361 In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification o...
CVE-2021-39362 An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com...
CVE-2021-39363 Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow a video replay attack after ...
CVE-2021-39364 Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera...
CVE-2021-39365 In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupS...
S
CVE-2021-39367 Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection....
E
CVE-2021-39368 Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter....
E
CVE-2021-39369 In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Pa...
M
CVE-2021-39371 An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the...
S
CVE-2021-39373 Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access contr...
E
CVE-2021-39375 Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedF...
E
CVE-2021-39376 Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/...
E
CVE-2021-39377 A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the applic...
E
CVE-2021-39378 A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the applic...
E
CVE-2021-39379 A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the applic...
E
CVE-2021-39383 DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the com...
E
CVE-2021-39384 DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /u...
E
CVE-2021-39390 Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter....
E
CVE-2021-39391 Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path ...
E S
CVE-2021-39392 The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arb...
CVE-2021-39393 mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown...
E
CVE-2021-39394 mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers ...
E
CVE-2021-39402 MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The...
E
CVE-2021-39404 MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database....
E
CVE-2021-39408 Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page param...
E
CVE-2021-39409 A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an adm...
E
CVE-2021-39411 Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4...
CVE-2021-39412 Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) c...
CVE-2021-39413 Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time pa...
E
CVE-2021-39416 Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/reg...
E
CVE-2021-39420 Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter i...
E
CVE-2021-39421 A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary ...
CVE-2021-39425 SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit th...
CVE-2021-39426 An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11.4 allows attackers to execute...
E
CVE-2021-39427 Cross site scripting vulnerability in 188Jianzhan 2.10 allows attackers to execute arbitrary code vi...
E
CVE-2021-39428 Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to ru...
E
CVE-2021-39432 diplib v3.0.0 is vulnerable to Double Free....
E S
CVE-2021-39433 A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when...
E
CVE-2021-39434 A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 th...
CVE-2021-39458 Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an...
E
CVE-2021-39459 Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an...
E
CVE-2021-39473 Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization ...
CVE-2021-39474 Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009...
E
CVE-2021-39480 Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Ser...
E
CVE-2021-39486 A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to...
E
CVE-2021-39491 A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine na...
E S
CVE-2021-39496 Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `...
E
CVE-2021-39497 eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blin...
E
CVE-2021-39499 A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attacke...
E
CVE-2021-39500 Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param...
CVE-2021-39501 EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via...
E
CVE-2021-39503 PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without "<, >, ?, =, ...
E
CVE-2021-39509 An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B011D88210 The HTTP request param...
E
CVE-2021-39510 An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wireless router, The HTTP request pa...
E
CVE-2021-39514 An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the func...
E
CVE-2021-39515 An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the functio...
E
CVE-2021-39516 An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the functio...
E
CVE-2021-39517 An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the functio...
E S
CVE-2021-39518 An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has ...
E S
CVE-2021-39519 An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the functio...
E S
CVE-2021-39520 An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the functio...
E S
CVE-2021-39521 An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the f...
E S
CVE-2021-39522 An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len() in bits.c has a heap-based b...
E S
CVE-2021-39523 An issue was discovered in libredwg through v0.10.1.3751. A NULL pointer dereference exists in the f...
E
CVE-2021-39525 An issue was discovered in libredwg through v0.10.1.3751. bit_read_fixed() in bits.c has a heap-base...
E
CVE-2021-39527 An issue was discovered in libredwg through v0.10.1.3751. appinfo_private() in decode.c has a heap-b...
E
CVE-2021-39528 An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec ha...
E S
CVE-2021-39530 An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen() in bits.c has a heap-based ...
E S
CVE-2021-39531 An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a stack-based buf...
E
CVE-2021-39532 An issue was discovered in libslax through v0.22.1. A NULL pointer dereference exists in the functio...
E
CVE-2021-39533 An issue was discovered in libslax through v0.22.1. slaxLexer() in slaxlexer.c has a heap-based buff...
E
CVE-2021-39534 An issue was discovered in libslax through v0.22.1. slaxIsCommentStart() in slaxlexer.c has a heap-b...
E
CVE-2021-39535 An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer dereference exists in JIT code...
E
CVE-2021-39536 An issue was discovered in libxsmm through v1.16.1-93. The JIT code has a heap-based buffer overflow...
E
CVE-2021-39537 An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buf...
E S
CVE-2021-39538 An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the funct...
E
CVE-2021-39539 An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the funct...
E
CVE-2021-39540 An issue was discovered in pdftools through 20200714. A stack-buffer-overflow exists in the function...
E
CVE-2021-39541 An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the funct...
E
CVE-2021-39542 An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the funct...
E
CVE-2021-39543 An issue was discovered in pdftools through 20200714. A NULL pointer dereference exists in the funct...
E
CVE-2021-39544 An issue was discovered in sela through 20200412. file::WavFile::writeToFile() in wav_file.c has a h...
E
CVE-2021-39545 An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function ...
E
CVE-2021-39546 An issue was discovered in sela through 20200412. rice::RiceDecoder::process() in rice_decoder.cpp h...
E
CVE-2021-39547 An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function ...
E
CVE-2021-39548 An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function ...
E
CVE-2021-39549 An issue was discovered in sela through 20200412. A NULL pointer dereference exists in the function ...
E
CVE-2021-39550 An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.cpp ha...
E
CVE-2021-39551 An issue was discovered in sela through 20200412. file::SelaFile::readFromFile() in sela_file.c has ...
E
CVE-2021-39552 An issue was discovered in sela through 20200412. file::WavFile::readFromFile() in wav_file.c has a ...
E
CVE-2021-39553 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39554 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39555 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39556 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39557 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39558 An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function...
E
CVE-2021-39559 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39561 An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function...
E
CVE-2021-39562 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39563 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39564 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function ...
E
CVE-2021-39569 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function ...
E
CVE-2021-39574 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function ...
E
CVE-2021-39575 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39577 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function ...
E
CVE-2021-39579 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function ...
E
CVE-2021-39582 An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function ...
E
CVE-2021-39583 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39584 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39585 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39587 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39588 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39589 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39590 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39591 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39592 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39593 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39594 Other An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the...
E
CVE-2021-39595 An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function...
E
CVE-2021-39596 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39597 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39598 An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the funct...
E
CVE-2021-39599 Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parame...
E
CVE-2021-39602 A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd function in the ftpproto.c file,...
E
CVE-2021-39608 Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, w...
E
CVE-2021-39609 Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function....
E
CVE-2021-39613 D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for u...
E
CVE-2021-39614 D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd...
E
CVE-2021-39615 D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '...
E
CVE-2021-39616 Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438...
CVE-2021-39617 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2021-39618 In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing pa...
CVE-2021-39619 In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security a...
S
CVE-2021-39620 In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after f...
CVE-2021-39621 In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions byp...
CVE-2021-39622 In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission ch...
CVE-2021-39623 In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an incorrect b...
CVE-2021-39624 In PackageManager, there is a possible permanent denial of service due to resource exhaustion. This ...
CVE-2021-39625 In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way ...
CVE-2021-39626 In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a...
CVE-2021-39627 In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions byp...
CVE-2021-39628 In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a...
CVE-2021-39629 In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a ra...
CVE-2021-39630 In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overl...
CVE-2021-39631 In clear_data_dlg_text of strings.xml, there is a possible situation when "Clear storage" functional...
S
CVE-2021-39632 In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds chec...
CVE-2021-39633 In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. ...
S
CVE-2021-39634 In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privil...
S
CVE-2021-39635 ims_ex is a vendor system service used to manage VoLTE in unisoc devices,But it does not verify the ...
CVE-2021-39636 In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possible way to leak kernel informat...
S
CVE-2021-39637 In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there is a possible out of bounds rea...
S
CVE-2021-39638 In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use...
S
CVE-2021-39639 In TBD of fvp.c, there is a possible way to glitch CPU behavior due to a missing permission check. T...
S
CVE-2021-39640 In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds write due to improper locking...
S
CVE-2021-39641 Product: AndroidVersions: Android kernelAndroid ID: A-126949257References: N/A...
S
CVE-2021-39642 In synchronous_process_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to a ...
S
CVE-2021-39643 In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of defense-i...
S
CVE-2021-39644 Product: AndroidVersions: Android kernelAndroid ID: A-199809304References: N/A...
S
CVE-2021-39645 Product: AndroidVersions: Android kernelAndroid ID: A-199805112References: N/A...
S
CVE-2021-39646 Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A...
S
CVE-2021-39647 In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible...
S
CVE-2021-39648 In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due ...
S
CVE-2021-39649 In regmap_exit of regmap.c, there is a possible use-after-free due to improper locking. This could l...
S
CVE-2021-39650 In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could...
S
CVE-2021-39651 In TBD of TBD, there is a possible way to access PIN protected settings bypassing PIN confirmation d...
S
CVE-2021-39652 In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds write due to an incorrect bounds ...
S
CVE-2021-39653 In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warni...
CVE-2021-39655 Product: AndroidVersions: Android kernelAndroid ID: A-192641593References: N/A...
S
CVE-2021-39656 In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This ...
S
CVE-2021-39657 In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missi...
S
CVE-2021-39658 ismsEx service is a vendor service in unisoc equipment。ismsEx service is an extension of sms system ...
CVE-2021-39659 In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible preventio...
CVE-2021-39660 In TBD of TBD, there is a possible way to archive arbitrary code execution in kernel due to a race c...
CVE-2021-39661 In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, there is a possible out of bounds...
CVE-2021-39662 In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content ...
S
CVE-2021-39663 In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a pe...
CVE-2021-39664 In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bo...
S
CVE-2021-39665 In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer...
S
CVE-2021-39666 In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input valid...
S
CVE-2021-39667 In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to...
S
CVE-2021-39668 In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused dep...
S
CVE-2021-39669 In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA...
S
CVE-2021-39670 In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to impro...
S
CVE-2021-39671 In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to unini...
S
CVE-2021-39672 In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to...
CVE-2021-39674 In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after fre...
S
CVE-2021-39675 In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflo...
CVE-2021-39676 In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mi...
CVE-2021-39677 In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘...
CVE-2021-39678 In of , there is a possible bypass of Factory Reset Protection due to . This could l...
CVE-2021-39679 In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition...
CVE-2021-39680 In sec_SHA256_Transform of sha256_core.c, there is a possible way to read heap data due to uninitial...
CVE-2021-39681 In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free. ...
CVE-2021-39682 In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incor...
CVE-2021-39683 In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds...
CVE-2021-39684 In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due...
CVE-2021-39685 In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to...
S
CVE-2021-39686 In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux d...
S
CVE-2021-39687 In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a h...
CVE-2021-39688 In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local informati...
CVE-2021-39689 In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a ...
S
CVE-2021-39690 In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent ...
S
CVE-2021-39691 In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when process...
CVE-2021-39692 In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing u...
S
CVE-2021-39693 In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a vis...
S
CVE-2021-39694 In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly ...
CVE-2021-39695 In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error...
S
CVE-2021-39696 In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead ...
S
CVE-2021-39697 In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external stor...
S
CVE-2021-39698 In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. T...
S
CVE-2021-39700 In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to rep...
CVE-2021-39701 In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service...
S
CVE-2021-39702 In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to insta...
S
CVE-2021-39703 In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a c...
S
CVE-2021-39704 In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run...
S
CVE-2021-39705 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2021-39706 In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials sto...
S
CVE-2021-39707 In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without ...
S
CVE-2021-39708 In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorr...
CVE-2021-39709 In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission byp...
S
CVE-2021-39710 Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A...
CVE-2021-39711 In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size...
S
CVE-2021-39712 In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could...
CVE-2021-39713 Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel...
E S
CVE-2021-39714 In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This...
S
CVE-2021-39715 In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log info...
CVE-2021-39716 Product: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A...
CVE-2021-39717 In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect ...
CVE-2021-39718 In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bo...
CVE-2021-39719 In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an inte...
CVE-2021-39720 Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A...
CVE-2021-39721 In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to ...
CVE-2021-39722 In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bo...
CVE-2021-39723 Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A...
CVE-2021-39724 In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bound...
CVE-2021-39725 In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due...
CVE-2021-39726 In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds chec...
CVE-2021-39727 In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a p...
CVE-2021-39729 In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This coul...
CVE-2021-39730 In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead...
CVE-2021-39731 In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bo...
CVE-2021-39732 In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overfl...
CVE-2021-39733 In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improp...
CVE-2021-39734 In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message with...
CVE-2021-39735 In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to...
CVE-2021-39736 In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible...
CVE-2021-39737 Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A...
CVE-2021-39738 In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permi...
CVE-2021-39739 In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosu...
CVE-2021-39740 In Messaging, there is a possible way to bypass attachment restrictions due to improper input valida...
CVE-2021-39741 In Keymaster, there is a possible out of bounds write due to a missing bounds check. This could lead...
CVE-2021-39742 In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission...
CVE-2021-39743 In PackageManager, there is a possible way to update the last usage time of another package due to a...
CVE-2021-39744 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without qu...
CVE-2021-39745 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without qu...
CVE-2021-39746 In PermissionController, there is a possible way to delete some local files due to an unsafe Pending...
CVE-2021-39747 In Settings Provider, there is a possible way to list values of non-readable global settings due to ...
CVE-2021-39748 In InputMethodEditor, there is a possible way to access some files accessible to Settings due to an ...
CVE-2021-39749 In WindowManager, there is a possible way to start non-exported and protected activities due to a mi...
CVE-2021-39750 In PackageManager, there is a possible way to change the splash screen theme of other apps due to a ...
CVE-2021-39751 In Settings, there is a possible way to read Bluetooth device names without proper permissions due t...
CVE-2021-39752 In Bubbles, there is a possible way to interfere with Bubbles due to a permissions bypass. This coul...
CVE-2021-39753 In DomainVerificationService, there is a possible way to access app domain verification information ...
CVE-2021-39754 In ContextImpl, there is a possible way to determine whether an app is installed, without query perm...
CVE-2021-39755 In DevicePolicyManager, there is a possible way to reveal the existence of an installed package with...
CVE-2021-39756 In Framework, there is a possible way to determine whether an app is installed, without query permis...
CVE-2021-39757 In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent. This ...
CVE-2021-39758 In WindowManager, there is a possible way to start a foreground activity from the background due to ...
CVE-2021-39759 In libstagefright, there is a possible out of bounds write due to an integer overflow. This could le...
CVE-2021-39760 In AudioService, there is a possible way to determine whether an app is installed, without query per...
CVE-2021-39761 In Media, there is a possible way to determine whether an app is installed, without query permission...
CVE-2021-39762 In tremolo, there is a possible out of bounds read due to an integer overflow. This could lead to re...
CVE-2021-39763 In Settings, there is a possible way to make the user enable WiFi due to improper input validation. ...
CVE-2021-39764 In Settings, there is a possible way to display an incorrect app name due to improper input validati...
CVE-2021-39765 In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to local...
CVE-2021-39766 In Settings, there is a possible way to determine whether an app is installed, without query permiss...
CVE-2021-39767 In miniadb, there is a possible way to get read/write access to recovery system properties due to an...
CVE-2021-39768 In Settings, there is a possible way to add an auto-connect WiFi network without the user's consent ...
CVE-2021-39769 In Device Policy, there is a possible way to determine whether an app is installed, without query pe...
CVE-2021-39770 In Framework, there is a possible disclosure of the device owner package due to a missing permission...
CVE-2021-39771 In Settings, there is a possible way to misrepresent which app wants to add a wifi network due to im...
CVE-2021-39772 In Bluetooth, there is a possible way to access the a2dp audio control switch due to a missing permi...
CVE-2021-39773 In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel i...
CVE-2021-39774 In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead ...
CVE-2021-39775 In People, there is a possible way to determine whether an app is installed, without query permissio...
CVE-2021-39776 In NFC, there is a possible memory corruption due to a use after free. This could lead to local esca...
CVE-2021-39777 In Telephony, there is a possible way to determine whether an app is installed, without query permis...
CVE-2021-39778 In Telecomm, there is a possible way to determine whether an app is installed, without query permiss...
CVE-2021-39779 In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead...
CVE-2021-39780 In Traceur, there is a possible bypass of developer settings requirements for capturing system trace...
CVE-2021-39781 In SmsController, there is a possible information disclosure due to a permissions bypass. This could...
CVE-2021-39782 In Telephony, there is a possible unauthorized modification of the PLMN SIM file due to a missing pe...
CVE-2021-39783 In rcsservice, there is a possible way to modify TTY mode due to a missing permission check. This co...
CVE-2021-39784 In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a mis...
CVE-2021-39786 In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to lo...
CVE-2021-39787 In SystemUI, there is a possible arbitrary Activity launch due to a confused deputy. This could lead...
CVE-2021-39788 In TelecomManager, there is a possible way to check if a particular self managed phone account was r...
CVE-2021-39789 In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This coul...
CVE-2021-39790 In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permissi...
CVE-2021-39791 In WallpaperManagerService, there is a possible way to determine whether an app is installed, withou...
CVE-2021-39792 In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due ...
S
CVE-2021-39793 In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a...
KEV
CVE-2021-39794 In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell u...
CVE-2021-39795 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2021-39796 In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick vic...
CVE-2021-39797 In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a l...
CVE-2021-39798 In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a miss...
CVE-2021-39799 In AttributionSource of AttributionSource.java, there is a possible permission bypass due to imprope...
S
CVE-2021-39800 In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after fre...
S
CVE-2021-39801 In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could ...
S
CVE-2021-39802 In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a ...
S
CVE-2021-39803 In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This...
S
CVE-2021-39804 In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could ...
S
CVE-2021-39805 In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bou...
CVE-2021-39806 In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double fre...
CVE-2021-39807 In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Gu...
S
CVE-2021-39808 In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service t...
S
CVE-2021-39809 In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a mis...
S
CVE-2021-39810 In NFC, there is a possible way to setup a default contactless payment app without user consent due ...
CVE-2021-39812 In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to lo...
S
CVE-2021-39814 In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds write due to an incorrect bounds...
CVE-2021-39815 The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it...
CVE-2021-39816 Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
S
CVE-2021-39817 Adobe Bridge Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
S
CVE-2021-39818 Adobe InCopy Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
S
CVE-2021-39819 Adobe InCopy Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
S
CVE-2021-39820 Adobe InDesign Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
CVE-2021-39821 Adobe InDesign TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
CVE-2021-39822 Adobe InDesign BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
CVE-2021-39823 svg-native-viewer Heap Buffer overflow Vulnerability
S
CVE-2021-39824 Adobe Premiere Elements png Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution
S
CVE-2021-39825 Adobe Photoshop Elements Edit 2021 TTF Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2021-39826 Adobe Digital Editions Command Execution Vulnerability
S
CVE-2021-39827 Adobe Digital Editions Installer flaw leads to Arbitrary File System Write
S
CVE-2021-39828 Adobe Digital Editions Installer flaw leads to Local Privilege Escalation
S
CVE-2021-39829 Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2021-39830 Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
S
CVE-2021-39831 Adobe FrameMaker PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
S
CVE-2021-39832 Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability
S
CVE-2021-39833 Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2021-39834 Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2021-39835 Adobe FrameMaker PDF File Parsing Use-After-Free Information Disclosure Vulnerability
S
CVE-2021-39836 Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulnerability
CVE-2021-39837 Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability
CVE-2021-39838 Adobe Acrobat Reader DC AcroForm buttonGetCaption Use-After-Free Remote Code Execution Vulnerability
CVE-2021-39839 Adobe Acrobat Reader DC AcroForm getItemAt Use-After-Free Remote Code Execution Vulnerability
CVE-2021-39840 Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability
CVE-2021-39841 Adobe Acrobat Pro DC DocMedia Type Confusion Remote Code Execution Vulnerability
CVE-2021-39842 Adobe Acrobat Reader DC messageHandler.OnMessage Use-After-Free Vulnerability
CVE-2021-39843 Adobe Acrobat Reader XObject Out-of-Bound Write Vulnerability
CVE-2021-39844 Adobe Acrobat Reader CalRGB Out-of-Bounds Read Vulnerability
CVE-2021-39845 Adobe Acrobat Reader Page Tree Node Recursive Stack Overflow
CVE-2021-39846 Adobe Acrobat Reader /Parent Property Recursive Stack Overflow
CVE-2021-39847 XMP Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution
S
CVE-2021-39849 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service
CVE-2021-39850 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service
CVE-2021-39851 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service
CVE-2021-39852 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service
CVE-2021-39853 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service
CVE-2021-39854 Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service
CVE-2021-39855 Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via src Parameter
CVE-2021-39856 Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via LoadFile
CVE-2021-39857 Adobe Acrobat Reader DC Information Disclosure via ActiveX LoadFile
CVE-2021-39858 Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
CVE-2021-39859 Use After Free Adobe Acrobat Pro DC [HB-21-0339]
CVE-2021-39860 Adobe Acrobat Reader DC Search Plugin Null Pointer Dereference
CVE-2021-39861 Adobe Acrobat Reader DC Catalog Plugin Out-of-Bounds Read Bug
CVE-2021-39862 Adobe FrameMaker PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2021-39863 Adobe Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution
CVE-2021-39864 Adobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart Addition
CVE-2021-39865 Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
S
CVE-2021-39866 A business logic error in the project deletion process in GitLab 13.6 and later allows persistent ac...
CVE-2021-39867 In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer ...
CVE-2021-39868 In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user m...
CVE-2021-39869 In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configu...
CVE-2021-39870 In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Rep...
CVE-2021-39871 In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitb...
CVE-2021-39872 In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows ...
CVE-2021-39873 In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leverage...
CVE-2021-39874 In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored wh...
CVE-2021-39875 In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any...
CVE-2021-39876 In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee disclo...
E
CVE-2021-39877 A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause...
CVE-2021-39878 A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0...
CVE-2021-39879 Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with ...
CVE-2021-39880 A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions ...
CVE-2021-39881 In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create a...
CVE-2021-39882 In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retr...
CVE-2021-39883 Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all ve...
CVE-2021-39884 In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that ...
CVE-2021-39885 A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 1...
E
CVE-2021-39886 Permissions rules were not applied while issues were moved between projects of the same group in Git...
CVE-2021-39887 A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version ...
CVE-2021-39888 In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 befo...
E
CVE-2021-39889 In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerab...
CVE-2021-39890 It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authenticatio...
CVE-2021-39891 In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's imperson...
CVE-2021-39892 In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from pr...
E
CVE-2021-39893 A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsin...
CVE-2021-39894 In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz i...
CVE-2021-39895 In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be ...
CVE-2021-39896 In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice ...
CVE-2021-39897 Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherit...
CVE-2021-39898 In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook toke...
CVE-2021-39899 In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute forc...
CVE-2021-39900 Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of a...
CVE-2021-39901 In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of t...
CVE-2021-39902 Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a proje...
CVE-2021-39903 In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can chan...
CVE-2021-39904 An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting...
E
CVE-2021-39905 An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to...
CVE-2021-39906 Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to exec...
CVE-2021-39907 A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The strippi...
CVE-2021-39908 In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 b...
CVE-2021-39909 Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE ...
CVE-2021-39910 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6...
CVE-2021-39911 An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, al...
CVE-2021-39912 A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a mal...
CVE-2021-39913 Accidental logging of system root password in the migration log in all versions of GitLab CE/EE befo...
CVE-2021-39914 A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and...
CVE-2021-39915 Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0...
CVE-2021-39916 Lack of an access control check in the External Status Check feature allowed any authenticated user ...
CVE-2021-39917 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6...
CVE-2021-39918 Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all ve...
CVE-2021-39919 In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4...
CVE-2021-39920 NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service ...
E
CVE-2021-39921 NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allow...
E S
CVE-2021-39922 Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denia...
E S
CVE-2021-39923 Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of se...
S
CVE-2021-39924 Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows den...
E S
CVE-2021-39925 Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allow...
E S
CVE-2021-39926 Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of serv...
E S
CVE-2021-39927 Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14....
CVE-2021-39928 NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 ...
E
CVE-2021-39929 Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.1...
E S
CVE-2021-39930 Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and ...
CVE-2021-39931 An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6...
CVE-2021-39932 An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6...
CVE-2021-39933 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3....
CVE-2021-39934 Improper access control allows any project member to retrieve the service desk email address in GitL...
CVE-2021-39935 An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6...
CVE-2021-39936 Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all...
CVE-2021-39937 A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions ...
CVE-2021-39938 A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versio...
CVE-2021-39939 An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting ...
CVE-2021-39940 An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6...
CVE-2021-39941 An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and...
CVE-2021-39942 A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 1...
CVE-2021-39943 An authorization logic error in the External Status Check API in GitLab EE affecting all versions st...
CVE-2021-39944 An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6...
CVE-2021-39945 Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3...
CVE-2021-39946 Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 1...
CVE-2021-39947 In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2...
S
CVE-2021-39966 There is an Uninitialized AOD driver structure in Smartphones.Successful exploitation of this vulner...
CVE-2021-39967 There is a Vulnerability of obtaining broadcast information improperly due to improper broadcast per...
CVE-2021-39968 Changlian Blocklist has a Business Logic Errors vulnerability .Successful exploitation of this vulne...
CVE-2021-39969 There is an Unauthorized file access vulnerability in Smartphones.Successful exploitation of this vu...
CVE-2021-39970 HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this vulnerab...
CVE-2021-39971 Password vault has a External Control of System or Configuration Setting vulnerability.Successful ex...
CVE-2021-39972 MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability.Successf...
CVE-2021-39973 There is a Null pointer dereference in Smartphones.Successful exploitation of this vulnerability may...
CVE-2021-39974 There is an Out-of-bounds read in Smartphones.Successful exploitation of this vulnerability may affe...
CVE-2021-39975 Hilinksvc has a Data Processing Errors vulnerability.Successful exploitation of this vulnerability m...
CVE-2021-39976 There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of ...
CVE-2021-39977 The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this...
CVE-2021-39978 Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerabilit...
CVE-2021-39979 HHEE system has a Code Injection vulnerability.Successful exploitation of this vulnerability may aff...
CVE-2021-39980 Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability...
CVE-2021-39981 Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling nu...
CVE-2021-39982 Phone Manager application has a Improper Privilege Management vulnerability.Successful exploitation ...
CVE-2021-39983 The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this v...
CVE-2021-39984 Huawei idap module has a Out-of-bounds Read vulnerability.Successful exploitation of this vulnerabil...
CVE-2021-39985 The HwNearbyMain module has a Improper Validation of Array Index vulnerability.Successful exploitati...
CVE-2021-39986 There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Su...
CVE-2021-39987 The HwNearbyMain module has a Data Processing Errors vulnerability.Successful exploitation of this v...
CVE-2021-39988 The HwNearbyMain module has a NULL Pointer Dereference vulnerability.Successful exploitation of this...
CVE-2021-39989 The HwNearbyMain module has a Exposure of Sensitive Information to an Unauthorized Actor vulnerabili...
CVE-2021-39990 The screen lock module has a Stack-based Buffer Overflow vulnerability.Successful exploitation of th...
CVE-2021-39991 There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Su...
CVE-2021-39992 There is an improper security permission configuration vulnerability on ACPU.Successful exploitation...
CVE-2021-39993 There is an Integer overflow vulnerability with ACPU in smartphones. Successful exploitation of this...
CVE-2021-39994 There is an arbitrary address access vulnerability with the product line test code.Successful exploi...
CVE-2021-39995 Some Huawei products use the OpenHpi software for hardware management. A function that parses data r...
CVE-2021-39996 There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones. Successful e...
CVE-2021-39997 There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful e...
CVE-2021-39998 There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExServi...
CVE-2021-39999 There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SPC200 and V100R001C20SPC200. An...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.