| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-40000 | The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulne... | | |
| CVE-2021-40001 | The CaasKit module has a path traversal vulnerability. Successful exploitation of this vulnerability... | | |
| CVE-2021-40002 | The Bluetooth module has an out-of-bounds write vulnerability. Successful exploitation of this vulne... | | |
| CVE-2021-40003 | HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability may ... | | |
| CVE-2021-40004 | The cellular module has a vulnerability in permission management. Successful exploitation of this vu... | | |
| CVE-2021-40005 | The distributed data service component has a vulnerability in data access control. Successful exploi... | | |
| CVE-2021-40006 | Vulnerability of design defects in the security algorithm component. Successful exploitation of this... | | |
| CVE-2021-40007 | There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is cau... | | |
| CVE-2021-40008 | There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R0... | | |
| CVE-2021-40009 | There is an Out-of-bounds write vulnerability in the AOD module in smartphones. Successful exploitat... | | |
| CVE-2021-40010 | The bone voice ID TA has a heap overflow vulnerability.Successful exploitation of this vulnerability... | | |
| CVE-2021-40011 | There is an uncontrolled resource consumption vulnerability in the display module. Successful exploi... | | |
| CVE-2021-40012 | Vulnerability of pointers being incorrectly used during data transmission in the video framework. Su... | | |
| CVE-2021-40013 | Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vu... | | |
| CVE-2021-40014 | The bone voice ID trusted application (TA) has a heap overflow vulnerability. Successful exploitatio... | | |
| CVE-2021-40015 | There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful expl... | | |
| CVE-2021-40016 | Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vu... | | |
| CVE-2021-40017 | The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this ... | | |
| CVE-2021-40018 | The eID module has a null pointer reference vulnerability. Successful exploitation of this vulnerabi... | | |
| CVE-2021-40019 | Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Successful exploitation of this vu... | | |
| CVE-2021-40020 | There is an Out-of-bounds array read vulnerability in the security storage module in smartphones. Su... | | |
| CVE-2021-40021 | The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulne... | | |
| CVE-2021-40022 | The weaver module has a vulnerability in parameter type verification,Successful exploitation of this... | | |
| CVE-2021-40023 | Configuration defects in the secure OS module. Successful exploitation of this vulnerability will af... | | |
| CVE-2021-40024 | Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successfu... | | |
| CVE-2021-40025 | The eID module has a vulnerability that causes the memory to be used without being initialized,Succe... | | |
| CVE-2021-40026 | There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones. Successful exp... | | |
| CVE-2021-40027 | The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of... | | |
| CVE-2021-40028 | The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulne... | | |
| CVE-2021-40029 | There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m... | | |
| CVE-2021-40030 | The My HUAWEI app has a defect in the design. Successful exploitation of this vulnerability may affe... | | |
| CVE-2021-40031 | There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex... | | |
| CVE-2021-40032 | The bone voice ID TA has a vulnerability in information management,Successful exploitation of this v... | | |
| CVE-2021-40033 | There is an information exposure vulnerability on several Huawei Products. The vulnerability is due ... | | |
| CVE-2021-40034 | The video framework has the memory overwriting vulnerability caused by addition overflow. Successful... | | |
| CVE-2021-40035 | There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file m... | | |
| CVE-2021-40036 | The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerabi... | | |
| CVE-2021-40037 | There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the M... | | |
| CVE-2021-40038 | There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of th... | | |
| CVE-2021-40039 | There is a Null pointer dereference vulnerability in the camera module in smartphones. Successful ex... | | |
| CVE-2021-40040 | Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploit... | | |
| CVE-2021-40041 | There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network ... | | |
| CVE-2021-40042 | There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may ... | | |
| CVE-2021-40043 | The laser command injection vulnerability exists on AIS-BW80H-00 versions earlier than AIS-BW80H-00 ... | | |
| CVE-2021-40044 | There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of ... | | |
| CVE-2021-40045 | There is a vulnerability of signature verification mechanism failure in system upgrade through recov... | | |
| CVE-2021-40046 | PCManager versions 11.1.1.95 has a privilege escalation vulnerability. Successful exploit could allo... | | |
| CVE-2021-40047 | There is a vulnerability of memory not being released after effective lifetime in the Bastet module.... | | |
| CVE-2021-40048 | There is an incorrect buffer size calculation vulnerability in the video framework. Successful explo... | | |
| CVE-2021-40049 | There is a permission control vulnerability in the PMS module. Successful exploitation of this vulne... | | |
| CVE-2021-40050 | There is an out-of-bounds read vulnerability in the IFAA module. Successful exploitation of this vul... | | |
| CVE-2021-40051 | There is an unauthorized access vulnerability in system components. Successful exploitation of this ... | | |
| CVE-2021-40052 | There is an incorrect buffer size calculation vulnerability in the video framework.Successful exploi... | | |
| CVE-2021-40053 | There is a permission control vulnerability in the Nearby module.Successful exploitation of this vul... | | |
| CVE-2021-40054 | There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of th... | | |
| CVE-2021-40055 | There is a man-in-the-middle attack vulnerability during system update download in recovery mode. Su... | | |
| CVE-2021-40056 | There is a vulnerability of copying input buffer without checking its size in the video framework. S... | | |
| CVE-2021-40057 | There is a heap-based and stack-based buffer overflow vulnerability in the video framework. Successf... | | |
| CVE-2021-40058 | There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation ... | | |
| CVE-2021-40059 | There is a permission control vulnerability in the Wi-Fi module. Successful exploitation of this vul... | | |
| CVE-2021-40060 | There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation ... | | |
| CVE-2021-40061 | There is a vulnerability of accessing resources using an incompatible type (type confusion) in the B... | | |
| CVE-2021-40062 | There is a vulnerability of copying input buffer without checking its size in the video framework. S... | | |
| CVE-2021-40063 | There is an improper access control vulnerability in the video module. Successful exploitation of th... | | |
| CVE-2021-40064 | There is a heap-based buffer overflow vulnerability in system components. Successful exploitation of... | | |
| CVE-2021-40065 | The communication module has a service logic error vulnerability.Successful exploitation of this vul... | | |
| CVE-2021-40066 | The access controls on the Mobility read-only API improperly validate user access permissions. Attac... | | |
| CVE-2021-40067 | The access controls on the Mobility read-write API improperly validate user access permissions; this... | | |
| CVE-2021-40083 | Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an ... | S | |
| CVE-2021-40084 | opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell meta... | E | |
| CVE-2021-40085 | An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1... | E S | |
| CVE-2021-40086 | An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases ... | | |
| CVE-2021-40087 | An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias conf... | | |
| CVE-2021-40088 | An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known... | | |
| CVE-2021-40089 | An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which ... | | |
| CVE-2021-40091 | An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.... | | |
| CVE-2021-40092 | A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows rem... | | |
| CVE-2021-40093 | A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.... | | |
| CVE-2021-40094 | A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this... | | |
| CVE-2021-40095 | An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maint... | | |
| CVE-2021-40096 | A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.... | | |
| CVE-2021-40097 | An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remo... | | |
| CVE-2021-40098 | An issue was discovered in Concrete CMS through 8.5.5. Path Traversal leading to RCE via external fo... | | |
| CVE-2021-40099 | An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP lea... | | |
| CVE-2021-40100 | An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when th... | | |
| CVE-2021-40101 | An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be c... | | |
| CVE-2021-40102 | An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR de... | | |
| CVE-2021-40103 | An issue was discovered in Concrete CMS through 8.5.5. Path Traversal can lead to Arbitrary File Rea... | | |
| CVE-2021-40104 | An issue was discovered in Concrete CMS through 8.5.5. There is an SVG sanitizer bypass.... | | |
| CVE-2021-40105 | An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments.... | | |
| CVE-2021-40106 | An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog c... | | |
| CVE-2021-40108 | An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token... | | |
| CVE-2021-40109 | A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their... | | |
| CVE-2021-40110 | Apache James IMAP vulnerable to a ReDoS | | |
| CVE-2021-40111 | Apache James IMAP parsing Denial Of Service | | |
| CVE-2021-40112 | Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities | S | |
| CVE-2021-40113 | Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities | S | |
| CVE-2021-40114 | Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability | | |
| CVE-2021-40115 | Cisco Webex Video Mesh Cross-Site Scripting Vulnerability | | |
| CVE-2021-40116 | Multiple Cisco Products Snort Rule Denial of Service Vulnerability | | |
| CVE-2021-40117 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability | | |
| CVE-2021-40118 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities | | |
| CVE-2021-40119 | Cisco Policy Suite Static SSH Keys Vulnerability | | |
| CVE-2021-40120 | Cisco Small Business RV Series Routers Command Injection Vulnerability | | |
| CVE-2021-40121 | Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities | | |
| CVE-2021-40122 | Cisco Meeting Server Call Bridge Denial of Service Vulnerability | | |
| CVE-2021-40123 | Cisco Identity Services Engine File Download Vulnerability | | |
| CVE-2021-40124 | Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability | | |
| CVE-2021-40125 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv2 Site-to-Site VPN Denial of Service Vulnerability | | |
| CVE-2021-40126 | Cisco Umbrella Email Enumeration Vulnerability | | |
| CVE-2021-40127 | Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability | | |
| CVE-2021-40128 | Cisco Webex Meetings Email Content Injection Vulnerability | | |
| CVE-2021-40129 | Cisco Common Services Platform Collector SQL Injection Vulnerability | | |
| CVE-2021-40130 | Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability | | |
| CVE-2021-40131 | Cisco Common Services Platform Collector Stored Cross-Site Scripting Vulnerability | | |
| CVE-2021-40142 | In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a den... | S | |
| CVE-2021-40143 | Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sendin... | S | |
| CVE-2021-40145 | gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NO... | E S | |
| CVE-2021-40146 | A Remote Code Execution (RCE) vulnerability exists in Apache Any23 YAMLExtractor.java | | |
| CVE-2021-40147 | EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerability than CVE-2021-32198.... | | |
| CVE-2021-40148 | In Modem EMM, there is a possible information disclosure due to a missing data encryption. This coul... | | |
| CVE-2021-40149 | The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root we... | E | |
| CVE-2021-40150 | The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ di... | E | |
| CVE-2021-40153 | squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; t... | E S | |
| CVE-2021-40154 | NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descript... | | |
| CVE-2021-40155 | A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read b... | | |
| CVE-2021-40156 | A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write ... | | |
| CVE-2021-40157 | A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Deref... | S | |
| CVE-2021-40158 | A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 and AutoCAD 2022 may be fo... | | |
| CVE-2021-40159 | An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 in ... | | |
| CVE-2021-40160 | PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a mali... | S | |
| CVE-2021-40161 | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files t... | S | |
| CVE-2021-40162 | A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image Processing component may be for... | | |
| CVE-2021-40163 | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files t... | | |
| CVE-2021-40164 | A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA, or RLC files. This vulnerabi... | | |
| CVE-2021-40165 | A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image Processing component may be use... | | |
| CVE-2021-40166 | A maliciously crafted PNG file in Autodesk Image Processing component may be used to attempt to free... | | |
| CVE-2021-40167 | A malicious crafted dwf or .pct file when consumed through DesignReview.exe application could lead t... | | |
| CVE-2021-40170 | An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F B... | E | |
| CVE-2021-40171 | The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm ... | | |
| CVE-2021-40172 | Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on proxy settings.... | | |
| CVE-2021-40173 | Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF attack on the server proxy set... | | |
| CVE-2021-40174 | Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for disabling the logon security set... | | |
| CVE-2021-40175 | Zoho ManageEngine Log360 before Build 5219 allows unrestricted file upload with resultant remote cod... | | |
| CVE-2021-40176 | Zoho ManageEngine Log360 before Build 5225 allows stored XSS.... | | |
| CVE-2021-40177 | Zoho ManageEngine Log360 before Build 5225 allows remote code execution via BCP file overwrite.... | | |
| CVE-2021-40178 | Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logo... | | |
| CVE-2021-40180 | In the WeChat application 8.0.10 for Android and iOS, a mini program can obtain sensitive informatio... | E M | |
| CVE-2021-40186 | DNN CMS Server-Side Request Forgery (SSRF) | E | |
| CVE-2021-40188 | PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function ... | E | |
| CVE-2021-40189 | PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will ext... | E | |
| CVE-2021-40191 | Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of ... | E | |
| CVE-2021-40211 | An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of... | S | |
| CVE-2021-40212 | An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to cod... | E | |
| CVE-2021-40214 | Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.... | | |
| CVE-2021-40219 | Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticat... | E | |
| CVE-2021-40222 | Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected b... | E | |
| CVE-2021-40223 | Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parame... | E | |
| CVE-2021-40226 | xpdfreader 4.03 is vulnerable to Buffer Overflow.... | | |
| CVE-2021-40238 | A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP ... | | |
| CVE-2021-40239 | A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ... | E | |
| CVE-2021-40241 | xfig 3.2.7 is vulnerable to Buffer Overflow.... | E | |
| CVE-2021-40247 | SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, all... | E | |
| CVE-2021-40260 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 vi... | E | |
| CVE-2021-40261 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollme... | E | |
| CVE-2021-40262 | A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in Plug... | E | |
| CVE-2021-40263 | A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.... | E | |
| CVE-2021-40264 | NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag functio... | E | |
| CVE-2021-40265 | A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.... | E | |
| CVE-2021-40266 | FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer deref... | E | |
| CVE-2021-40272 | OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2021-40279 | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admi... | E | |
| CVE-2021-40280 | An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin... | E | |
| CVE-2021-40281 | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when regi... | E | |
| CVE-2021-40282 | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when ... | E | |
| CVE-2021-40284 | D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow which can cause a denial of servi... | S | |
| CVE-2021-40285 | htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \v... | E S | |
| CVE-2021-40288 | A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_... | S | |
| CVE-2021-40289 | mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS).... | E | |
| CVE-2021-40292 | A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew param... | E | |
| CVE-2021-40303 | perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clients/profile.... | E | |
| CVE-2021-40309 | A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. al... | E | |
| CVE-2021-40310 | OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in t... | E | |
| CVE-2021-40313 | Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in ... | E | |
| CVE-2021-40317 | Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.... | E | |
| CVE-2021-40323 | Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method... | S | |
| CVE-2021-40324 | Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.... | S | |
| CVE-2021-40325 | Cobbler before 3.3.0 allows authorization bypass for modification of settings.... | S | |
| CVE-2021-40326 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hid... | | |
| CVE-2021-40327 | Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE can ... | S | |
| CVE-2021-40329 | The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of exter... | | |
| CVE-2021-40330 | git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline char... | E S | |
| CVE-2021-40331 | Permissions problem in the Apache Ranger Hive Plugin | S | |
| CVE-2021-40333 | Weak default credential associated with TCP port 26 | S | |
| CVE-2021-40334 | SSH activation problem in the proprietary management protocol (port TCP 5558) | S | |
| CVE-2021-40335 | Cross Site Request Forgery (CSRF) in Hitachi Energy’s MSM Product | M | |
| CVE-2021-40336 | HTTP Response Splitting in Hitachi Energy’s MSM Product | M | |
| CVE-2021-40337 | OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product | S | |
| CVE-2021-40338 | OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product | S | |
| CVE-2021-40339 | OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product | S | |
| CVE-2021-40340 | OWASP Related Vulnerabilities in Hitachi Energy’s LinkOne Product | S | |
| CVE-2021-40341 | Weak DES encryption | M | |
| CVE-2021-40342 | Use of default key for encryption | M | |
| CVE-2021-40343 | An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py fil... | E | |
| CVE-2021-40344 | An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an ad... | E | |
| CVE-2021-40345 | An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an ad... | E | |
| CVE-2021-40346 | An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to per... | E S | |
| CVE-2021-40347 | An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged ... | E S | |
| CVE-2021-40348 | Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.p... | E S | |
| CVE-2021-40349 | e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack that results in information disc... | S | |
| CVE-2021-40350 | webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired... | E | |
| CVE-2021-40352 | OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via whic... | E | |
| CVE-2021-40353 | A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the ... | E | |
| CVE-2021-40354 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0... | S | |
| CVE-2021-40355 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0... | S | |
| CVE-2021-40356 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0... | S | |
| CVE-2021-40357 | A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Te... | S | |
| CVE-2021-40358 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All ve... | | |
| CVE-2021-40359 | A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions <... | | |
| CVE-2021-40360 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All ve... | S | |
| CVE-2021-40363 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All ve... | S | |
| CVE-2021-40364 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All ve... | | |
| CVE-2021-40365 | Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which... | S | |
| CVE-2021-40366 | A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climati... | | |
| CVE-2021-40367 | A vulnerability has been identified in syngo fastView (All versions). The affected application lacks... | | |
| CVE-2021-40368 | A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-4... | S | |
| CVE-2021-40369 | XSS vulnerability on Denounce plugin | M | |
| CVE-2021-40371 | Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for rem... | E | |
| CVE-2021-40373 | playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-p... | E | |
| CVE-2021-40374 | A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.... | E | |
| CVE-2021-40375 | Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patie... | E | |
| CVE-2021-40376 | otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls t... | E | |
| CVE-2021-40377 | SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize em... | | |
| CVE-2021-40378 | An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. /c... | E | |
| CVE-2021-40379 | An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. rs... | | |
| CVE-2021-40380 | An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. ca... | | |
| CVE-2021-40381 | An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. in... | | |
| CVE-2021-40382 | An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices. mj... | | |
| CVE-2021-40385 | An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. ... | | |
| CVE-2021-40386 | Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code.... | | |
| CVE-2021-40387 | An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. ... | | |
| CVE-2021-40388 | A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafte... | E | |
| CVE-2021-40389 | A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iEdge Server 1... | E | |
| CVE-2021-40390 | An authentication bypass vulnerability exists in the Web Application functionality of Moxa MXView Se... | E | |
| CVE-2021-40391 | An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of ... | E | |
| CVE-2021-40392 | An information disclosure vulnerability exists in the Web Application functionality of Moxa MXView S... | E | |
| CVE-2021-40393 | An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functio... | E | |
| CVE-2021-40394 | An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functio... | E | |
| CVE-2021-40395 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-40396 | A privilege escalation vulnerability exists in the installation of Advantech DeviceOn/iService 1.1.7... | E | |
| CVE-2021-40397 | A privilege escalation vulnerability exists in the installation of Advantech WISE-PaaS/OTA Server 3.... | E | |
| CVE-2021-40398 | An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft Image... | E | |
| CVE-2021-40399 | An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office,... | | |
| CVE-2021-40400 | An out-of-bounds read vulnerability exists in the RS-274X aperture macro outline primitive functiona... | E | |
| CVE-2021-40401 | A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality ... | E | |
| CVE-2021-40402 | An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives... | E | |
| CVE-2021-40403 | An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality ... | E | |
| CVE-2021-40404 | An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink RL... | E | |
| CVE-2021-40405 | A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink R... | E | |
| CVE-2021-40406 | A denial of service vulnerability exists in the cgiserver.cgi session creation functionality of reol... | E | |
| CVE-2021-40407 | An OS command injection vulnerability exists in the device network settings functionality of reolink... | KEV E | |
| CVE-2021-40408 | An OS command injection vulnerability exists in the device network settings functionality of reolink... | E | |
| CVE-2021-40409 | An OS command injection vulnerability exists in the device network settings functionality of reolink... | E | |
| CVE-2021-40410 | An OS command injection vulnerability exists in the device network settings functionality of reolink... | E | |
| CVE-2021-40411 | An OS command injection vulnerability exists in the device network settings functionality of reolink... | E | |
| CVE-2021-40412 | An OScommand injection vulnerability exists in the device network settings functionality of reolink ... | E | |
| CVE-2021-40413 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability function... | E | |
| CVE-2021-40414 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability function... | E | |
| CVE-2021-40415 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability function... | E | |
| CVE-2021-40416 | An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability function... | E | |
| CVE-2021-40417 | When parsing a file that is submitted to the DPDecoder service as a job, the service will use the co... | E | |
| CVE-2021-40418 | When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly... | E | |
| CVE-2021-40419 | A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_201211... | E | |
| CVE-2021-40420 | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, versi... | E | |
| CVE-2021-40422 | An authentication bypass vulnerability exists in the device password generation functionality of Swi... | E | |
| CVE-2021-40423 | A denial of service vulnerability exists in the cgiserver.cgi API command parser functionality of Re... | E | |
| CVE-2021-40424 | An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure... | E | |
| CVE-2021-40425 | An out-of-bounds read vulnerability exists in the IOCTL GetProcessCommand and B_03 of Webroot Secure... | E | |
| CVE-2021-40426 | A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Soun... | E | |
| CVE-2021-40438 | mod_proxy SSRF | KEV S | |
| CVE-2021-40439 | Billion Laughs | | |
| CVE-2021-40440 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | S | |
| CVE-2021-40441 | Windows Media Center Elevation of Privilege Vulnerability | S | |
| CVE-2021-40442 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-40443 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-40444 | Microsoft MSHTML Remote Code Execution Vulnerability | KEV E S | |
| CVE-2021-40447 | Windows Print Spooler Elevation of Privilege Vulnerability | S | |
| CVE-2021-40448 | Microsoft Accessibility Insights for Android Information Disclosure Vulnerability | S | |
| CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability | KEV E S | |
| CVE-2021-40450 | Win32k Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-40452 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-40453 | HEVC Video Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-40454 | Rich Text Edit Control Information Disclosure Vulnerability | S | |
| CVE-2021-40455 | Windows Installer Spoofing Vulnerability | S | |
| CVE-2021-40456 | Windows AD FS Security Feature Bypass Vulnerability | S | |
| CVE-2021-40457 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | S | |
| CVE-2021-40460 | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | S | |
| CVE-2021-40461 | Windows Hyper-V Remote Code Execution Vulnerability | S | |
| CVE-2021-40462 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | S | |
| CVE-2021-40463 | Windows Network Address Translation (NAT) Denial of Service Vulnerability | S | |
| CVE-2021-40464 | Windows Nearby Sharing Elevation of Privilege Vulnerability | S | |
| CVE-2021-40465 | Windows Text Shaping Remote Code Execution Vulnerability | S | |
| CVE-2021-40466 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-40467 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-40468 | Windows Bind Filter Driver Information Disclosure Vulnerability | S | |
| CVE-2021-40469 | Windows DNS Server Remote Code Execution Vulnerability | S | |
| CVE-2021-40470 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2021-40471 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-40472 | Microsoft Excel Information Disclosure Vulnerability | S | |
| CVE-2021-40473 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-40474 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-40475 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | S | |
| CVE-2021-40476 | Windows AppContainer Elevation Of Privilege Vulnerability | S | |
| CVE-2021-40477 | Windows Event Tracing Elevation of Privilege Vulnerability | S | |
| CVE-2021-40478 | Storage Spaces Controller Elevation of Privilege Vulnerability | S | |
| CVE-2021-40479 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-40480 | Microsoft Office Visio Remote Code Execution Vulnerability | S | |
| CVE-2021-40481 | Microsoft Office Visio Remote Code Execution Vulnerability | S | |
| CVE-2021-40482 | Microsoft SharePoint Server Information Disclosure Vulnerability | S | |
| CVE-2021-40483 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2021-40484 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2021-40485 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-40486 | Microsoft Word Remote Code Execution Vulnerability | S | |
| CVE-2021-40487 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2021-40488 | Storage Spaces Controller Elevation of Privilege Vulnerability | S | |
| CVE-2021-40489 | Storage Spaces Controller Elevation of Privilege Vulnerability | S | |
| CVE-2021-40490 | A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsys... | S | |
| CVE-2021-40491 | The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV respons... | S | |
| CVE-2021-40492 | A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that ... | | |
| CVE-2021-40493 | Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics ... | | |
| CVE-2021-40494 | A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to g... | | |
| CVE-2021-40495 | There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP an... | | |
| CVE-2021-40496 | SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 7... | | |
| CVE-2021-40497 | SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit c... | | |
| CVE-2021-40498 | A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions ... | | |
| CVE-2021-40499 | Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Se... | | |
| CVE-2021-40500 | SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an ... | | |
| CVE-2021-40501 | SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization... | | |
| CVE-2021-40502 | SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization ... | | |
| CVE-2021-40503 | An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 P... | | |
| CVE-2021-40504 | A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 70... | | |
| CVE-2021-40506 | An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 throu... | S | |
| CVE-2021-40507 | An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 1200) processor 2011-09-10 throu... | S | |
| CVE-2021-40509 | ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.... | E S | |
| CVE-2021-40510 | XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files v... | | |
| CVE-2021-40511 | OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowin... | | |
| CVE-2021-40516 | WeeChat before 3.2.1 allows remote attackers to cause a denial of service (crash) via a crafted WebS... | S | |
| CVE-2021-40517 | Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Paylo... | E | |
| CVE-2021-40518 | Airangel HSMX Gateway devices through 5.2.04 allow CSRF.... | E | |
| CVE-2021-40519 | Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials.... | E | |
| CVE-2021-40520 | Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.... | E | |
| CVE-2021-40521 | Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution.... | E | |
| CVE-2021-40523 | In Contiki 3.0, Telnet option negotiation is mishandled. During negotiation between a server and a c... | S | |
| CVE-2021-40524 | In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers... | E S | |
| CVE-2021-40525 | Sieve file storage vulnerable to path traversal attacks | M | |
| CVE-2021-40526 | Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allow... | | |
| CVE-2021-40527 | Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile appl... | | |
| CVE-2021-40528 | The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during inter... | E | |
| CVE-2021-40529 | The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allow... | E S | |
| CVE-2021-40530 | The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interac... | E | |
| CVE-2021-40531 | Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically ... | E S | |
| CVE-2021-40532 | Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.... | S | |
| CVE-2021-40537 | Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settin... | | |
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication... | KEV E S | |
| CVE-2021-40540 | ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info... | E S | |
| CVE-2021-40541 | PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag wi... | E | |
| CVE-2021-40542 | Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can i... | E | |
| CVE-2021-40543 | Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitizati... | E | |
| CVE-2021-40546 | Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) t... | E | |
| CVE-2021-40553 | piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor.... | E | |
| CVE-2021-40555 | Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrar... | E S | |
| CVE-2021-40556 | A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.3... | E | |
| CVE-2021-40559 | A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc fu... | E | |
| CVE-2021-40562 | A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box ... | S | |
| CVE-2021-40563 | A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the ... | S | |
| CVE-2021-40564 | A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 vi... | S | |
| CVE-2021-40565 | A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1... | S | |
| CVE-2021-40566 | A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via th... | S | |
| CVE-2021-40567 | Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor functio... | E S | |
| CVE-2021-40568 | A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_par... | E S | |
| CVE-2021-40569 | The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funcit... | E S | |
| CVE-2021-40570 | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in a... | E S | |
| CVE-2021-40571 | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box... | E S | |
| CVE-2021-40572 | The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1... | E S | |
| CVE-2021-40573 | The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.... | E S | |
| CVE-2021-40574 | The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text... | E S | |
| CVE-2021-40575 | The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_proces... | E S | |
| CVE-2021-40576 | The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt... | E S | |
| CVE-2021-40577 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Managem... | E | |
| CVE-2021-40578 | Authenticated Blind & Error-based SQL injection vulnerability was discovered in Online Enrollment Ma... | E | |
| CVE-2021-40579 | https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Co... | | |
| CVE-2021-40589 | ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c thro... | E | |
| CVE-2021-40592 | GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contain... | E S | |
| CVE-2021-40595 | SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows... | E | |
| CVE-2021-40596 | SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, a... | E | |
| CVE-2021-40597 | The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.... | E | |
| CVE-2021-40604 | A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote... | | |
| CVE-2021-40606 | The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a craf... | E S | |
| CVE-2021-40607 | The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted... | E S | |
| CVE-2021-40608 | The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service vi... | E S | |
| CVE-2021-40609 | The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted... | E S | |
| CVE-2021-40610 | Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management.... | E | |
| CVE-2021-40612 | An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability ... | S | |
| CVE-2021-40616 | thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the admin... | E | |
| CVE-2021-40617 | An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserNam... | E M | |
| CVE-2021-40618 | An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT... | E | |
| CVE-2021-40633 | A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers t... | E | |
| CVE-2021-40635 | OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An at... | E | |
| CVE-2021-40636 | OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract informat... | E | |
| CVE-2021-40637 | OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can... | E | |
| CVE-2021-40639 | Improper access control in Jfinal CMS 5.1.0 allows attackers to access sensitive information via /cl... | E | |
| CVE-2021-40642 | Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session With... | S | |
| CVE-2021-40643 | EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options config... | S | |
| CVE-2021-40644 | An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-... | E | |
| CVE-2021-40645 | An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter g... | E | |
| CVE-2021-40647 | In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in t... | E | |
| CVE-2021-40648 | In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chu... | E | |
| CVE-2021-40649 | In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the H... | E | |
| CVE-2021-40650 | In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the s... | E | |
| CVE-2021-40651 | OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.php (mo... | E | |
| CVE-2021-40654 | An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user nam... | E | |
| CVE-2021-40655 | An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker ca... | KEV E | |
| CVE-2021-40656 | libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.... | E | |
| CVE-2021-40658 | Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.... | E | |
| CVE-2021-40660 | An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can b... | E | |
| CVE-2021-40661 | A remote, unauthenticated, directory traversal vulnerability was identified within the web interface... | E | |
| CVE-2021-40662 | A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary com... | E S | |
| CVE-2021-40663 | deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object ... | E | |
| CVE-2021-40668 | The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path trave... | E | |
| CVE-2021-40669 | SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe... | E | |
| CVE-2021-40670 | SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords iparameter under the /corefra... | E | |
| CVE-2021-40674 | An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/ap... | E | |
| CVE-2021-40678 | In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through... | E | |
| CVE-2021-40680 | There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and V... | | |
| CVE-2021-40683 | In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x bef... | E | |
| CVE-2021-40684 | Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has a... | S | |
| CVE-2021-40690 | Bypass of the secureValidation property | S | |
| CVE-2021-40691 | A session hijack risk was identified in the Shibboleth authentication plugin.... | | |
| CVE-2021-40692 | Insufficient capability checks made it possible for teachers to download users outside of their cour... | | |
| CVE-2021-40693 | An authentication bypass risk was identified in the external database authentication functionality, ... | | |
| CVE-2021-40694 | Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files a... | | |
| CVE-2021-40695 | It was possible for a student to view their quiz grade before it had been released, using a quiz web... | | |
| CVE-2021-40696 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-40697 | Adobe FrameMaker PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-40698 | ColdFusion Use of Inherently Dangerous Function Leads To Security feature bypass | | |
| CVE-2021-40699 | ColdFusion CFIDE Improper Access Control Leads To Privilege Escalation | | |
| CVE-2021-40700 | Adobe Premiere Elements TIFF Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-40701 | Adobe Premiere Elements m4a Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-40702 | Adobe Premiere Elements psd Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-40703 | Adobe Premiere Elements m4a Memory Corruption Vulnerability Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-40708 | Adobe Genuine Service Installer Privilege Escalation Vulnerability | | |
| CVE-2021-40709 | Adobe Photoshop Buffer Overflow leads to Arbitrary Code Execution | | |
| CVE-2021-40710 | Adobe Premiere Pro 2021 SVG File Parsing Leads to Memory Corruption | S | |
| CVE-2021-40711 | Adobe Experience Manager Stored Cross-Site Scripting Could Lead to Arbitrary Code Execution | S | |
| CVE-2021-40712 | Adobe Experience Manager Path parameter Improper Input Validation Could Lead To DOS | S | |
| CVE-2021-40713 | Adobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle Attack | S | |
| CVE-2021-40714 | Adobe Experience Manager Reflected Cross Site Scripting via accesskey parameter | S | |
| CVE-2021-40715 | Adobe Premiere Pro 2021 EXR File Parsing Leads to Memory Corruption | S | |
| CVE-2021-40716 | XMP Toolkit SDK SVG_Adapter Out-of-bounds Read Information Disclosure | | |
| CVE-2021-40719 | Adobe Connect Deserialization of Untrusted Data Remote Code Execution | | |
| CVE-2021-40720 | Ops CLI Deserialization of Untrusted Data leads to Abritrary Code Execution | S | |
| CVE-2021-40721 | Adobe Connect Reflected Cross Site Scripting | S | |
| CVE-2021-40722 | AEM Forms Improper Restriction of XML External Entity Reference | | |
| CVE-2021-40723 | Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-40724 | Adobe Acrobat Reader Android Abritrary Code Execution Vulnerability | S | |
| CVE-2021-40725 | Adobe Acrobat Reader DC AcroForm listbox Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2021-40726 | Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability | | |
| CVE-2021-40727 | Adobe InDesign crashes when parsing the TIF file | | |
| CVE-2021-40728 | Adobe Acrobat Reader DC Use After Free Arbitrary Code Execution | | |
| CVE-2021-40729 | Adobe Acrobat Reader DC PDF Out-of-Bound Read Vulnerability Information Disclosure | | |
| CVE-2021-40730 | Adobe Acrobat Reader DC JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2021-40731 | Adobe Acrobat Reader DC JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-40732 | XMP Toolkit SDK Null Pointer Dereference | | |
| CVE-2021-40733 | Adobe Animate Memory Corruption Could Lead To Arbitrary Code Execution | S | |
| CVE-2021-40734 | Adobe Audition Memory Corruption could lead to Arbitrary code execution | | |
| CVE-2021-40735 | Adobe Audition Memory Corruption could lead to Arbitrary code execution | | |
| CVE-2021-40736 | Adobe Audition Memory Corruption could lead to Arbitrary code execution | | |
| CVE-2021-40737 | Adobe Audition NULL Pointer Dereference Application denial-of-service | | |
| CVE-2021-40738 | Adobe Audition WAV file Memory corruption could lead to Arbitrary code execution | | |
| CVE-2021-40739 | Adobe Audition Memory Corruption could lead to Arbitrary code execution | | |
| CVE-2021-40740 | Adobe Audition Memory Corruption could lead to Arbitrary code execution | | |
| CVE-2021-40741 | Adobe Audition Memory Corruption could lead to Application denial-of-service | | |
| CVE-2021-40742 | Adobe Audition NULL Pointer Dereference Application denial-of-service | | |
| CVE-2021-40745 | Adobe Campaign Path Traversal Leads to Information Exposure | | |
| CVE-2021-40750 | Adobe Bridge NULL Pointer Dereference could lead to Application denial-of-service | | |
| CVE-2021-40751 | Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40752 | Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40753 | Adobe After Effects SVG File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40754 | Adobe After Effects WAV File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40755 | Adobe After Effects SGI File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40756 | Adobe After Effects NULL Pointer Dereference Application Denial of Service | S | |
| CVE-2021-40757 | Adobe After Effects MXF File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40758 | Adobe After Effects WAV File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40759 | Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40760 | Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40761 | Adobe After Effects NULL Pointer Dereference Application Denial of Service | S | |
| CVE-2021-40762 | Adobe Character Animator NULL Pointer Dereference Application denial-of-service | | |
| CVE-2021-40763 | Adobe Character Animator Memory Corruption could lead to Arbitrary code execution | | |
| CVE-2021-40764 | Adobe Character Animator Memory Corruption could lead to Arbitrary code execution | | |
| CVE-2021-40765 | Adobe Character Animator Memory Corruption could lead to Arbitrary code execution | | |
| CVE-2021-40766 | Adobe Character Animator SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-40767 | Adobe Character Animator Memory Corruption could lead to Application denial-of-service | | |
| CVE-2021-40768 | Adobe Character Animator NULL Pointer Dereference Application denial-of-service | | |
| CVE-2021-40769 | Adobe Character Animator SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-40770 | Adobe Prelude M4A File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40771 | Adobe Prelude WAV File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40772 | Adobe Prelude M4A File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40773 | Adobe Prelude NULL Pointer Dereference Application Denial of Service | S | |
| CVE-2021-40774 | Adobe Prelude NULL Pointer Dereference Application Denial of Service | S | |
| CVE-2021-40775 | Adobe Prelude SVG File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-40776 | Adobe Lightroom Classic DLL Hijacking Local Privilege Escalation Vulnerability | S | |
| CVE-2021-40777 | Adobe Media Encoder WAV file memory corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-40778 | Adobe Media Encoder Null Pointer Dereference Application denial-of-service | | |
| CVE-2021-40779 | Adobe Media Encoder WAV file memory corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-40780 | Adobe Media Encoder MXF file memory corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-40781 | Adobe Media Encoder Null Pointer Dereference Application denial-of-service | | |
| CVE-2021-40782 | Adobe Media Encoder Null Pointer Dereference Application denial-of-service | | |
| CVE-2021-40783 | Adobe Premiere Rush WAV File Memory Corruption Remote Code Execution | S | |
| CVE-2021-40784 | Adobe Premiere Rush WAV File Memory Corruption Remote Code Execution | S | |
| CVE-2021-40785 | Adobe Premiere Elements Null Pointer Dereference Application denial-of-service | | |
| CVE-2021-40786 | Adobe Premiere Elements M4A file memory corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-40787 | Adobe Premiere Elements M4A file memory corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-40788 | Adobe Premiere Elements Null Pointer Dereference Application denial-of-service | | |
| CVE-2021-40789 | Adobe Premiere Elements Null Pointer Dereference Application denial-of-service | | |
| CVE-2021-40790 | Adobe Premiere Pro MOV File Parsing Use-After-Free Information Disclosure Vulnerability | S | |
| CVE-2021-40791 | Adobe Premiere Pro JPEG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-40792 | Adobe Premiere Pro WAV file memory corruption vulnerability could lead to arbitrary code execution | S | |
| CVE-2021-40793 | Adobe Premiere Pro WAV file memory corruption vulnerability could lead to arbitrary code execution | S | |
| CVE-2021-40794 | Adobe Premiere Pro MOV file memory corruption vulnerability could lead to arbitrary code execution | S | |
| CVE-2021-40795 | Adobe Premiere Pro 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | S | |
| CVE-2021-40796 | Adobe Premiere Pro Null Pointer Dereference Application denial-of-service | S | |
| CVE-2021-40797 | An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.... | E S | |
| CVE-2021-40809 | An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorre... | E | |
| CVE-2021-40812 | The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of c... | S | |
| CVE-2021-40813 | A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander... | E | |
| CVE-2021-40814 | The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection.... | | |
| CVE-2021-40818 | scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature ... | S | |
| CVE-2021-40822 | GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy ho... | S | |
| CVE-2021-40823 | A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) bef... | | |
| CVE-2021-40824 | A logic error in the room key sharing functionality of Element Android before 1.2.2 and matrix-andro... | S | |
| CVE-2021-40825 | nLight ECLYPSE (nECY) system Controllers running software prior to 1.17.21245.754 contain a default ... | | |
| CVE-2021-40826 | Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting... | E | |
| CVE-2021-40827 | Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access... | E | |
| CVE-2021-40828 | TLS hostname validation issues within AWS IoT Device SDKs on Windows | S | |
| CVE-2021-40829 | TLS hostname validation issues within AWS IoT Device SDKs on macOS | S | |
| CVE-2021-40830 | Inconsistent CA override function behavior within AWS IoT Device SDKs on Unix systems | S | |
| CVE-2021-40831 | Missing SNI validation and inconsistent CA override function behavior within AWS IoT Device SDKs on Apple devices | S | |
| CVE-2021-40832 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2021-40833 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2021-40834 | User interface Spoofing in F-Secure SAFE browser for Android | S | |
| CVE-2021-40835 | URL Address Bar Spoofing in F-Secure SAFE Browser for iOS | S | |
| CVE-2021-40836 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2021-40837 | Denial-of-Service (DoS) Vulnerability | S | |
| CVE-2021-40839 | The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as v... | S | |
| CVE-2021-40840 | A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2.... | | |
| CVE-2021-40841 | A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 allows authenticated attackers to... | | |
| CVE-2021-40842 | Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Consol... | | |
| CVE-2021-40843 | Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the ... | | |
| CVE-2021-40845 | The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not res... | E | |
| CVE-2021-40846 | An issue was discovered in Rhinode Trading Paints through 2.0.36. TP Updater.exe uses cleartext HTTP... | E | |
| CVE-2021-40847 | The update process of the Circle Parental Control Service on various NETGEAR routers allows remote a... | E | |
| CVE-2021-40848 | In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV files could contain characters... | | |
| CVE-2021-40849 | In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account associated with a web services ... | | |
| CVE-2021-40850 | TCMAN GIM SQL injection vulnerability | S | |
| CVE-2021-40851 | TCMAN GIM SQL injection vulnerability | S | |
| CVE-2021-40852 | TCMAN GIM open redirect vulnerability | S | |
| CVE-2021-40853 | TCMAN GIM missing authorization vulnerability | S | |
| CVE-2021-40854 | AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges b... | | |
| CVE-2021-40855 | The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate gove... | | |
| CVE-2021-40856 | Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /abo... | E | |
| CVE-2021-40857 | Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.... | E | |
| CVE-2021-40858 | Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read th... | E | |
| CVE-2021-40859 | Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers wit... | E | |
| CVE-2021-40860 | A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (I... | E S | |
| CVE-2021-40861 | A SQL Injection in the custom filter query component in Genesys intelligent Workload Distribution (I... | E S | |
| CVE-2021-40862 | HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed ... | | |
| CVE-2021-40864 | The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape... | S | |
| CVE-2021-40865 | Unsafe Pre-Authentication Deserialization In Workers | M | |
| CVE-2021-40866 | Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated ... | E | |
| CVE-2021-40867 | Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerabil... | E | |
| CVE-2021-40868 | In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.... | E | |
| CVE-2021-40870 | An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a fi... | KEV E | |
| CVE-2021-40871 | An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attacker... | | |
| CVE-2021-40872 | An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote atta... | | |
| CVE-2021-40873 | An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit E... | | |
| CVE-2021-40874 | An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-i... | E S | |
| CVE-2021-40875 | Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information e... | E | |
| CVE-2021-40881 | An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.... | E | |
| CVE-2021-40882 | A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and des... | E | |
| CVE-2021-40883 | A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.... | E | |
| CVE-2021-40884 | Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking a... | E | |
| CVE-2021-40886 | Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader r... | E | |
| CVE-2021-40887 | Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking san... | E | |
| CVE-2021-40888 | Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when... | E | |
| CVE-2021-40889 | CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in {webroot... | E | |
| CVE-2021-40892 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0... | E | |
| CVE-2021-40893 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 ... | E | |
| CVE-2021-40894 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.... | E | |
| CVE-2021-40895 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 whe... | E | |
| CVE-2021-40896 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 whe... | E | |
| CVE-2021-40897 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v... | E | |
| CVE-2021-40898 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.... | E | |
| CVE-2021-40899 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v... | E | |
| CVE-2021-40900 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when v... | E | |
| CVE-2021-40901 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0... | E | |
| CVE-2021-40902 | flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option... | E | |
| CVE-2021-40903 | A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a s... | E | |
| CVE-2021-40904 | The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguratio... | E S | |
| CVE-2021-40905 | The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not proper... | E | |
| CVE-2021-40906 | CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service ... | | |
| CVE-2021-40907 | SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23,... | E | |
| CVE-2021-40908 | SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by or... | E | |
| CVE-2021-40909 | Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Aja... | E | |
| CVE-2021-40910 | There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.... | E | |
| CVE-2021-40921 | Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version... | E | |
| CVE-2021-40922 | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows r... | E | |
| CVE-2021-40923 | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows r... | E | |
| CVE-2021-40924 | Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows r... | E | |
| CVE-2021-40925 | Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and ... | E | |
| CVE-2021-40926 | Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allo... | E | |
| CVE-2021-40927 | Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allo... | E | |
| CVE-2021-40928 | Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remo... | | |
| CVE-2021-40940 | Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerabil... | E S | |
| CVE-2021-40941 | In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array | E | |
| CVE-2021-40942 | In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args functio... | E S | |
| CVE-2021-40943 | In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::... | E | |
| CVE-2021-40944 | In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet fun... | E S | |
| CVE-2021-40954 | Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to e... | E | |
| CVE-2021-40955 | SQL injection exists in LaiKetui v3.5.0 the background administrator list.... | E | |
| CVE-2021-40956 | LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensit... | E | |
| CVE-2021-40959 | A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Fir... | | |
| CVE-2021-40960 | Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal informat... | E | |
| CVE-2021-40961 | CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php... | E | |
| CVE-2021-40964 | A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that ... | E | |
| CVE-2021-40965 | A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and in... | | |
| CVE-2021-40966 | A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php... | | |
| CVE-2021-40968 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an... | E | |
| CVE-2021-40969 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an... | E | |
| CVE-2021-40970 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an... | E | |
| CVE-2021-40971 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an... | E | |
| CVE-2021-40972 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an... | E | |
| CVE-2021-40973 | Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 an... | E | |
| CVE-2021-40975 | Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php i... | E | |
| CVE-2021-40978 | The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote... | E | |
| CVE-2021-40981 | ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain privileges by placing a Trojan ... | E | |
| CVE-2021-40985 | A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of serv... | E S | |
| CVE-2021-40986 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager ... | | |
| CVE-2021-40987 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager ... | | |
| CVE-2021-40988 | A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(... | | |
| CVE-2021-40989 | A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager versi... | | |
| CVE-2021-40990 | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy ... | | |
| CVE-2021-40991 | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy ... | | |
| CVE-2021-40992 | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Cl... | | |
| CVE-2021-40993 | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Cl... | | |
| CVE-2021-40994 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager ... | | |
| CVE-2021-40995 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager ... | | |
| CVE-2021-40996 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio... | | |
| CVE-2021-40997 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager versio... | | |
| CVE-2021-40998 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager ... | | |
| CVE-2021-40999 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager ... | |