| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-42000 | Ping Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flows | S | |
| CVE-2021-42001 | PingID Desktop encryption libraries misconfiguration can lead to sensitive data exposure | S | |
| CVE-2021-42002 | Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upl... | | |
| CVE-2021-42006 | An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a... | E S | |
| CVE-2021-42008 | The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a sl... | E S | |
| CVE-2021-42009 | Apache Traffic Control Traffic Ops Email Injection Vulnerability | S | |
| CVE-2021-42010 | CRLF log injection | | |
| CVE-2021-42011 | An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service c... | S | |
| CVE-2021-42012 | A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry... | S | |
| CVE-2021-42013 | Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) | KEV E S | |
| CVE-2021-42015 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26),... | S | |
| CVE-2021-42016 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i80... | S | |
| CVE-2021-42017 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i80... | S | |
| CVE-2021-42018 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i... | S | |
| CVE-2021-42019 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i... | S | |
| CVE-2021-42020 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i... | S | |
| CVE-2021-42021 | A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DL... | S | |
| CVE-2021-42022 | A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3)... | | |
| CVE-2021-42023 | A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All ve... | S | |
| CVE-2021-42024 | A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The sta... | S | |
| CVE-2021-42025 | A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13),... | S | |
| CVE-2021-42026 | A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13),... | S | |
| CVE-2021-42027 | A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software d... | S | |
| CVE-2021-42028 | A vulnerability has been identified in syngo fastView (All versions). The affected application lacks... | | |
| CVE-2021-42029 | A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP ... | S | |
| CVE-2021-42040 | An issue was discovered in MediaWiki through 1.36.2. A parser function related to loop control allow... | S | |
| CVE-2021-42041 | An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message... | E S | |
| CVE-2021-42042 | An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki t... | S | |
| CVE-2021-42043 | An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.3... | S | |
| CVE-2021-42044 | An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki thro... | E S | |
| CVE-2021-42045 | An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple po... | S | |
| CVE-2021-42046 | An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-delete... | S | |
| CVE-2021-42047 | An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Me... | S | |
| CVE-2021-42048 | An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbit... | S | |
| CVE-2021-42049 | An issue was discovered in the Translate extension in MediaWiki through 1.36.2. Oversighters cannot ... | S | |
| CVE-2021-42050 | An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS.... | E | |
| CVE-2021-42051 | An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permiss... | E | |
| CVE-2021-42052 | IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the ... | E | |
| CVE-2021-42053 | The Unicorn framework through 0.35.3 for Django allows XSS via component.name.... | E S | |
| CVE-2021-42054 | ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule if the client exits after auth... | E | |
| CVE-2021-42055 | ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow att... | | |
| CVE-2021-42056 | Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure tem... | E | |
| CVE-2021-42057 | Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in execut... | E | |
| CVE-2021-42059 | An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, ... | | |
| CVE-2021-42060 | An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.41, Kernel 5.1 through 05.16.41... | | |
| CVE-2021-42061 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not suffic... | | |
| CVE-2021-42062 | SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the pay... | | |
| CVE-2021-42063 | A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7... | | |
| CVE-2021-42064 | If configured to use an Oracle database and if a query is created using the flexible search java api... | | |
| CVE-2021-42066 | SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the net... | S | |
| CVE-2021-42067 | In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 75... | | |
| CVE-2021-42068 | When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Ent... | | |
| CVE-2021-42069 | When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources i... | | |
| CVE-2021-42070 | When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP... | | |
| CVE-2021-42071 | In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution ... | E | |
| CVE-2021-42072 | An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side impleme... | E | |
| CVE-2021-42073 | An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with ... | E | |
| CVE-2021-42074 | An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentatio... | E | |
| CVE-2021-42075 | An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side impleme... | E | |
| CVE-2021-42076 | An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barr... | E | |
| CVE-2021-42077 | PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_... | E | |
| CVE-2021-42078 | PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated ... | E | |
| CVE-2021-42079 | SSRF vulnerability in OSNEXUS QuantaStor before 6.0.0.355 | S | |
| CVE-2021-42080 | Reflected XSS vulnerability in OSNEXUS QuantaStor before 6.0.0.355 | S | |
| CVE-2021-42081 | Authenticated Remote Command Execution vulnerability in OSNEXUS QuantaStor before 6.0.0.355 | S | |
| CVE-2021-42082 | Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355 | S | |
| CVE-2021-42083 | Authenticated Stored XSS in OSNEXUS QuantaStor 6.0.0.335 | S | |
| CVE-2021-42084 | An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a ... | | |
| CVE-2021-42085 | An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.... | | |
| CVE-2021-42086 | An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain a... | | |
| CVE-2021-42087 | An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the... | | |
| CVE-2021-42088 | An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard ... | | |
| CVE-2021-42089 | An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.... | | |
| CVE-2021-42090 | An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution ... | | |
| CVE-2021-42091 | An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.... | | |
| CVE-2021-42092 | An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition ... | | |
| CVE-2021-42093 | An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafte... | | |
| CVE-2021-42094 | An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.... | | |
| CVE-2021-42095 | Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title ba... | | |
| CVE-2021-42096 | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is deriv... | S | |
| CVE-2021-42097 | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific ... | S | |
| CVE-2021-42098 | An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 all... | | |
| CVE-2021-42099 | Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file-upload remote code execution.... | | |
| CVE-2021-42101 | An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Servic... | S | |
| CVE-2021-42102 | An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Servic... | S | |
| CVE-2021-42103 | An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Servic... | S | |
| CVE-2021-42104 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus... | S | |
| CVE-2021-42105 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus... | S | |
| CVE-2021-42106 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus... | S | |
| CVE-2021-42107 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Bus... | S | |
| CVE-2021-42108 | Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Serv... | S | |
| CVE-2021-42109 | VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.... | E | |
| CVE-2021-42110 | An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard us... | S | |
| CVE-2021-42111 | An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a... | | |
| CVE-2021-42112 | The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/... | E S | |
| CVE-2021-42113 | An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.1... | | |
| CVE-2021-42114 | Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices | E M | |
| CVE-2021-42115 | Missing HTTPOnly flag on sensitive cookie in TopEase | | |
| CVE-2021-42116 | Unauthorized Menu Item Access in TopEase | | |
| CVE-2021-42117 | UI Redressing in TopEase | | |
| CVE-2021-42118 | Stored XSS in TopEase | | |
| CVE-2021-42119 | Stored XSS in Search Function in TopEase | | |
| CVE-2021-42120 | Missing Character Length (Denial of Service) in TopEase | | |
| CVE-2021-42121 | Denial of Service via Invalid Date Format in TopEase | | |
| CVE-2021-42122 | Denial of Service via Invalid Object Attribute in TopEase | | |
| CVE-2021-42123 | Missing Upload Filter in TopEase | | |
| CVE-2021-42124 | An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker ... | | |
| CVE-2021-42125 | An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker... | | |
| CVE-2021-42126 | An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an at... | | |
| CVE-2021-42127 | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Info... | | |
| CVE-2021-42128 | An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail S... | | |
| CVE-2021-42129 | A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with ac... | | |
| CVE-2021-42130 | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an ... | | |
| CVE-2021-42131 | A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access ... | | |
| CVE-2021-42132 | A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with ac... | | |
| CVE-2021-42133 | An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attack... | | |
| CVE-2021-42134 | The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists b... | S | |
| CVE-2021-42135 | HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between ... | | |
| CVE-2021-42136 | A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap ... | E | |
| CVE-2021-42137 | An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the ... | | |
| CVE-2021-42138 | A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access... | | |
| CVE-2021-42139 | Deno Standard Modules before 0.107.0 allows Code Injection via an untrusted YAML file in certain con... | E | |
| CVE-2021-42141 | An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could com... | S | |
| CVE-2021-42142 | An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers mishandle... | S | |
| CVE-2021-42143 | An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug e... | | |
| CVE-2021-42144 | Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers... | | |
| CVE-2021-42145 | An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through mas... | | |
| CVE-2021-42146 | An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow rem... | | |
| CVE-2021-42147 | Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through mas... | | |
| CVE-2021-42165 | MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root a... | E | |
| CVE-2021-42168 | Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom... | E | |
| CVE-2021-42169 | The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom... | E | |
| CVE-2021-42171 | Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading a... | E | |
| CVE-2021-42183 | MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/.... | E | |
| CVE-2021-42185 | wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.... | E | |
| CVE-2021-42186 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-42192 | Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted req... | E | |
| CVE-2021-42194 | The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's inp... | E | |
| CVE-2021-42195 | An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function ... | E | |
| CVE-2021-42196 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the funct... | E | |
| CVE-2021-42197 | An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfd... | E | |
| CVE-2021-42198 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the funct... | E | |
| CVE-2021-42199 | An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function ... | E | |
| CVE-2021-42200 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the funct... | E | |
| CVE-2021-42201 | An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function ... | E | |
| CVE-2021-42202 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the funct... | E | |
| CVE-2021-42203 | An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function s... | E | |
| CVE-2021-42204 | An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function ... | E | |
| CVE-2021-42205 | ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC hardware from multiple manufa... | | |
| CVE-2021-42216 | A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via VerificationController.php.... | E S | |
| CVE-2021-42218 | OMPL v1.5.2 contains a memory leak in VFRRT.cpp... | E | |
| CVE-2021-42219 | Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of s... | E | |
| CVE-2021-42220 | A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation ... | E | |
| CVE-2021-42223 | Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-b... | E | |
| CVE-2021-42224 | SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST param... | E | |
| CVE-2021-42227 | Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examp... | E | |
| CVE-2021-42228 | A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by exa... | E | |
| CVE-2021-42230 | Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to Remote Code Execution via the q... | E | |
| CVE-2021-42232 | TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/b... | | |
| CVE-2021-42233 | The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnera... | E | |
| CVE-2021-42235 | SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers... | S | |
| CVE-2021-42237 | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserializa... | KEV E | |
| CVE-2021-42242 | A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ue... | E | |
| CVE-2021-42244 | A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execu... | E | |
| CVE-2021-42245 | FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tag... | E S | |
| CVE-2021-42248 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42836. Reason: This candidat... | R | |
| CVE-2021-42250 | Possible log injection | M | |
| CVE-2021-42252 | An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux... | S | |
| CVE-2021-42254 | BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with ... | | |
| CVE-2021-42255 | AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Directory with Insecure Permissio... | | |
| CVE-2021-42257 | check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only chec... | E S | |
| CVE-2021-42258 | BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated r... | KEV E | |
| CVE-2021-42260 | TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the T... | E | |
| CVE-2021-42261 | Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successf... | | |
| CVE-2021-42262 | An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type di... | | |
| CVE-2021-42263 | Adobe Premiere Pro Null Pointer Dereference Application denial-of-service | | |
| CVE-2021-42264 | Adobe Premiere Pro Null Pointer Dereference Application denial-of-service | | |
| CVE-2021-42265 | Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-42266 | Adobe Animate FLA File Parsing Memory Corruption Arbitrary Code Execution | | |
| CVE-2021-42267 | Adobe Animate FLA File Parsing Memory Corruption Arbitrary Code Execution | | |
| CVE-2021-42268 | Adobe Animate FLA File Parsing Null Pointer Dereference Application Denial of Service | | |
| CVE-2021-42269 | Adobe Animate FLA File Parsing Use After Free Remote Code Execution | | |
| CVE-2021-42270 | Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-42271 | Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-42272 | Adobe Animate GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-42274 | Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability | S | |
| CVE-2021-42275 | Microsoft COM for Windows Remote Code Execution Vulnerability | S | |
| CVE-2021-42276 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | S | |
| CVE-2021-42277 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | S | |
| CVE-2021-42278 | Active Directory Domain Services Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-42279 | Chakra Scripting Engine Memory Corruption Vulnerability | S | |
| CVE-2021-42280 | Windows Feedback Hub Elevation of Privilege Vulnerability | S | |
| CVE-2021-42282 | Active Directory Domain Services Elevation of Privilege Vulnerability | S | |
| CVE-2021-42283 | NTFS Elevation of Privilege Vulnerability | S | |
| CVE-2021-42284 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2021-42285 | Windows Kernel Elevation of Privilege Vulnerability | S | |
| CVE-2021-42286 | Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability | S | |
| CVE-2021-42287 | Active Directory Domain Services Elevation of Privilege Vulnerability | KEV S | |
| CVE-2021-42288 | Windows Hello Security Feature Bypass Vulnerability | S | |
| CVE-2021-42291 | Active Directory Domain Services Elevation of Privilege Vulnerability | S | |
| CVE-2021-42292 | Microsoft Excel Security Feature Bypass Vulnerability | KEV S | |
| CVE-2021-42293 | Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability | S | |
| CVE-2021-42294 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2021-42295 | Visual Basic for Applications Information Disclosure Vulnerability | S | |
| CVE-2021-42296 | Microsoft Word Remote Code Execution Vulnerability | S | |
| CVE-2021-42297 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | E S | |
| CVE-2021-42298 | Microsoft Defender Remote Code Execution Vulnerability | S | |
| CVE-2021-42299 | Microsoft Surface Pro 3 Security Feature Bypass Vulnerability | S | |
| CVE-2021-42300 | Azure Sphere Tampering Vulnerability | S | |
| CVE-2021-42301 | Azure RTOS Information Disclosure Vulnerability | S | |
| CVE-2021-42302 | Azure RTOS Elevation of Privilege Vulnerability | S | |
| CVE-2021-42303 | Azure RTOS Elevation of Privilege Vulnerability | S | |
| CVE-2021-42304 | Azure RTOS Elevation of Privilege Vulnerability | S | |
| CVE-2021-42305 | Microsoft Exchange Server Spoofing Vulnerability | S | |
| CVE-2021-42306 | Azure Active Directory Information Disclosure Vulnerability | S | |
| CVE-2021-42307 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | S | |
| CVE-2021-42308 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2021-42309 | Microsoft SharePoint Server Remote Code Execution Vulnerability | S | |
| CVE-2021-42310 | Microsoft Defender for IoT Remote Code Execution Vulnerability | S | |
| CVE-2021-42311 | Microsoft Defender for IoT Remote Code Execution Vulnerability | E S | |
| CVE-2021-42312 | Microsoft Defender for IoT Elevation of Privilege Vulnerability | S | |
| CVE-2021-42313 | Microsoft Defender for IoT Remote Code Execution Vulnerability | S | |
| CVE-2021-42314 | Microsoft Defender for IoT Remote Code Execution Vulnerability | S | |
| CVE-2021-42315 | Microsoft Defender for IoT Remote Code Execution Vulnerability | S | |
| CVE-2021-42316 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | S | |
| CVE-2021-42319 | Visual Studio Elevation of Privilege Vulnerability | S | |
| CVE-2021-42320 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2021-42321 | Microsoft Exchange Server Remote Code Execution Vulnerability | KEV E S | |
| CVE-2021-42322 | Visual Studio Code Elevation of Privilege Vulnerability | S | |
| CVE-2021-42323 | Azure RTOS Information Disclosure Vulnerability | S | |
| CVE-2021-42324 | An issue was discovered on DCN (Digital China Networks) S4600-10P-SI devices before R0241.0470. Due ... | E | |
| CVE-2021-42325 | Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom D... | S | |
| CVE-2021-42326 | Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to... | S | |
| CVE-2021-42327 | dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux ker... | | |
| CVE-2021-42329 | ShinHer Information Co., LTD. ShinHer StudyOnline System - Stored XSS | S | |
| CVE-2021-42330 | ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-1 | S | |
| CVE-2021-42331 | ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-2 | S | |
| CVE-2021-42332 | ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-3 | S | |
| CVE-2021-42333 | Huachu Digital Technology Co.,Ltd. Easytest - SQL Injection-1 | S | |
| CVE-2021-42334 | Huachu Digital Technology Co.,Ltd. Easytest - SQL Injection-2 | S | |
| CVE-2021-42335 | Huachu Digital Technology Co.,Ltd. Easytest - Stored XSS | S | |
| CVE-2021-42336 | Huachu Digital Technology Co.,Ltd. Easytest - Improper Authorization | S | |
| CVE-2021-42337 | TVN-202110009 | S | |
| CVE-2021-42338 | 4MOSAn GCB Doctor - Improper Authorization | S | |
| CVE-2021-42340 | DoS via memory leak with WebSocket connections | S | |
| CVE-2021-42341 | checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does... | E S | |
| CVE-2021-42342 | An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form va... | | |
| CVE-2021-42343 | An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine ... | | |
| CVE-2021-42357 | DOM based XSS Vulnerability in Apache Knox | M | |
| CVE-2021-42358 | Contact Form With Captcha <= 1.6.2 Cross-Site Request Forgery to Reflected Cross-Site Scripting | S | |
| CVE-2021-42359 | WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion | E | |
| CVE-2021-42360 | Starter Templates — Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 Authenticated Block Import to Stored XSS | E | |
| CVE-2021-42361 | Contact Form Email <= 1.3.24 Authenticated Stored Cross-Site Scripting | S | |
| CVE-2021-42362 | WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload | E S | |
| CVE-2021-42363 | Preview E-Mails for WooCommerce <= 1.6.8 Reflected Cross-Site Scripting | E S | |
| CVE-2021-42364 | Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting | S | |
| CVE-2021-42365 | Asgaros Forums <= 1.15.13 Authenticated Stored XSS | S | |
| CVE-2021-42367 | Variation Swatches for WooCommerce <= 2.1.1 Authenticated Stored Cross-Site Scripting | S | |
| CVE-2021-42369 | Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privilege... | | |
| CVE-2021-42370 | A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because clearte... | | |
| CVE-2021-42371 | lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.... | | |
| CVE-2021-42372 | A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30... | E | |
| CVE-2021-42373 | A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is... | | |
| CVE-2021-42374 | An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of servic... | E | |
| CVE-2021-42375 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when p... | | |
| CVE-2021-42376 | A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a cra... | | |
| CVE-2021-42377 | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible... | | |
| CVE-2021-42378 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when... | | |
| CVE-2021-42379 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when... | | |
| CVE-2021-42380 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when... | | |
| CVE-2021-42381 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when... | | |
| CVE-2021-42382 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when... | | |
| CVE-2021-42383 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when... | | |
| CVE-2021-42384 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when... | | |
| CVE-2021-42385 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when... | | |
| CVE-2021-42386 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when... | | |
| CVE-2021-42387 | Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As par... | E | |
| CVE-2021-42388 | Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As par... | E | |
| CVE-2021-42389 | Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byt... | E | |
| CVE-2021-42390 | Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The fir... | E | |
| CVE-2021-42391 | Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first b... | E | |
| CVE-2021-42392 | The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name... | E S | |
| CVE-2021-42521 | There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtk... | E | |
| CVE-2021-42522 | There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.... | | |
| CVE-2021-42523 | There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device... | E S | |
| CVE-2021-42524 | Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-42525 | Adobe Animate SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-42526 | Adobe Premiere Elements WAV file memory corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-42527 | Adobe Premiere Elements PSD file memory corruption vulnerability could lead to arbitrary code execution | | |
| CVE-2021-42528 | XMP-Toolkit Null Pointer Dereference Application denial-of-service | | |
| CVE-2021-42529 | XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution | | |
| CVE-2021-42530 | XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution | | |
| CVE-2021-42531 | XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution | | |
| CVE-2021-42532 | XMP-Toolkit SDK Stack-based Buffer Overflow Could Lead To Arbitrary Code Execution | | |
| CVE-2021-42533 | Adobe Bridge DCM File Parsing Double Free Remote Code Execution Vulnerability | S | |
| CVE-2021-42534 | Trane Building Automation Controllers Cross-site Scripting | S | |
| CVE-2021-42535 | VISAM VBASE Editor Cross Site Scripting | S | |
| CVE-2021-42536 | Emerson WirelessHART Gateway | S | |
| CVE-2021-42537 | VISAM VBASE Editor Improper Restriction of XML | S | |
| CVE-2021-42538 | Emerson WirelessHART Gateway | S | |
| CVE-2021-42539 | Emerson WirelessHART Gateway | S | |
| CVE-2021-42540 | Emerson WirelessHART Gateway | S | |
| CVE-2021-42542 | Emerson WirelessHART Gateway | S | |
| CVE-2021-42543 | AzeoTech DAQFactory | M | |
| CVE-2021-42544 | Lack of Rate limiting in Authentication in TopEase | | |
| CVE-2021-42545 | Insufficient Session Expiration in TopEase | | |
| CVE-2021-42546 | Reflected XSS in search functionality of WP Cloud Plugins - Use-Your-Drive | | |
| CVE-2021-42547 | reflected XSS in search functionality of WP Cloud Plugins - Out-of-the-Box | | |
| CVE-2021-42548 | reflected XSS in search functionality of WP Cloud Plugins - Share-one-Drive | | |
| CVE-2021-42549 | reflected XSS in search functionality of WP Cloud Plugins - Lets-Box | | |
| CVE-2021-42550 | RCE from attacker with configuration edit priviledges through JNDI lookup | E S | |
| CVE-2021-42551 | Reflected XSS in NetBiblio WebOPAC search functionality | E S | |
| CVE-2021-42552 | Reflected XSS in Archivista | E S | |
| CVE-2021-42553 | STM32 USB Host Library Buffer Overflow | S | |
| CVE-2021-42554 | An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05.08.42, Kernel 5.1 before 05.16... | | |
| CVE-2021-42555 | Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call... | | |
| CVE-2021-42556 | Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that... | | |
| CVE-2021-42557 | In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users cre... | E | |
| CVE-2021-42558 | An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulne... | E | |
| CVE-2021-42559 | An issue was discovered in CALDERA 2.8.1. It contains multiple startup "requirements" that execute c... | E | |
| CVE-2021-42560 | An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives base64 encoded "SVG" parameter... | E | |
| CVE-2021-42561 | An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized na... | E | |
| CVE-2021-42562 | An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting ... | E | |
| CVE-2021-42563 | There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on ... | S | |
| CVE-2021-42564 | An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows r... | E | |
| CVE-2021-42565 | myfactory.FMS before 7.1-912 allows XSS via the UID parameter.... | E | |
| CVE-2021-42566 | myfactory.FMS before 7.1-912 allows XSS via the Error parameter.... | E | |
| CVE-2021-42567 | Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints.... | S | |
| CVE-2021-42568 | Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates... | | |
| CVE-2021-42574 | An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It... | E M | |
| CVE-2021-42575 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with t... | E S | |
| CVE-2021-42576 | The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does n... | E | |
| CVE-2021-42577 | An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort pack... | | |
| CVE-2021-42580 | Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in ad... | E | |
| CVE-2021-42581 | Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compro... | E S | |
| CVE-2021-42583 | A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unne... | | |
| CVE-2021-42584 | A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32.... | E S | |
| CVE-2021-42585 | A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0... | E | |
| CVE-2021-42586 | A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a... | E S | |
| CVE-2021-42597 | A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management S... | | |
| CVE-2021-42612 | A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentati... | E | |
| CVE-2021-42613 | A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of ser... | E | |
| CVE-2021-42614 | A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a se... | E | |
| CVE-2021-42624 | A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through... | E | |
| CVE-2021-42627 | The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed d... | | |
| CVE-2021-42631 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes attacker controlled leading to ... | E | |
| CVE-2021-42633 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to SQL Injection, which may a... | E | |
| CVE-2021-42635 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pr... | E | |
| CVE-2021-42637 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, re... | E | |
| CVE-2021-42638 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-... | E | |
| CVE-2021-42639 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross s... | E | |
| CVE-2021-42640 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object ... | E | |
| CVE-2021-42641 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object ... | E | |
| CVE-2021-42642 | PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object ... | E | |
| CVE-2021-42643 | cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerabi... | E | |
| CVE-2021-42644 | cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the config... | E | |
| CVE-2021-42645 | CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulner... | E | |
| CVE-2021-42646 | XML External Entity (XXE) vulnerability in the file based service provider creation feature of the M... | S | |
| CVE-2021-42648 | Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers... | E S | |
| CVE-2021-42650 | Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in C... | S | |
| CVE-2021-42651 | A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allo... | S | |
| CVE-2021-42654 | SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell)... | S | |
| CVE-2021-42655 | SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.... | E | |
| CVE-2021-42656 | SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.... | E S | |
| CVE-2021-42659 | There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devic... | E | |
| CVE-2021-42662 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and ... | E | |
| CVE-2021-42663 | An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System... | E | |
| CVE-2021-42664 | A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal ... | E | |
| CVE-2021-42665 | An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login... | E | |
| CVE-2021-42666 | A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id par... | E | |
| CVE-2021-42667 | A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System i... | E | |
| CVE-2021-42668 | A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id par... | E | |
| CVE-2021-42669 | A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_te... | E | |
| CVE-2021-42670 | A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id par... | E | |
| CVE-2021-42671 | An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in... | E | |
| CVE-2021-42675 | Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can uploa... | E | |
| CVE-2021-42681 | A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105. The IOCTL Ha... | E | |
| CVE-2021-42682 | An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 .The IOCTL ... | E | |
| CVE-2021-42683 | A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IO... | E | |
| CVE-2021-42685 | An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools prior to v3.3.1.105 . The IOCTL... | E | |
| CVE-2021-42686 | An Integer Overflow exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IOCTL Handler ... | E | |
| CVE-2021-42687 | A Buffer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The IO... | E | |
| CVE-2021-42688 | An Integer Overflow vulnerability exists in Accops HyWorks Windows Client prior to v 3.2.8.200. The ... | E | |
| CVE-2021-42692 | There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS.... | E | |
| CVE-2021-42694 | An issue was discovered in the character definitions of the Unicode Specification through 14.0. The ... | E | |
| CVE-2021-42697 | Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsin... | E | |
| CVE-2021-42698 | AzeoTech DAQFactory | M | |
| CVE-2021-42699 | AzeoTech DAQFactory | M | |
| CVE-2021-42700 | Inkscape Out-of-bounds Read | E S | |
| CVE-2021-42701 | AzeoTech DAQFactory | M | |
| CVE-2021-42702 | Inkscape Access of Uninitialized Pointer | E S | |
| CVE-2021-42703 | AzeoTech DAQFactory | M | |
| CVE-2021-42704 | Inkscape Out-of-bounds Write | E S | |
| CVE-2021-42705 | WECON PLC Editor | M | |
| CVE-2021-42706 | AzeoTech DAQFactory | M | |
| CVE-2021-42707 | WECON PLC Editor | M | |
| CVE-2021-42711 | Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure P... | | |
| CVE-2021-42712 | Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Directory with Insecure Permissions... | | |
| CVE-2021-42713 | Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a Temporary File in a Directory w... | | |
| CVE-2021-42714 | Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a Temporary File in a Directory w... | E | |
| CVE-2021-42715 | An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of... | | |
| CVE-2021-42716 | An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM f... | E | |
| CVE-2021-42717 | ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with ... | E S | |
| CVE-2021-42718 | Sensitive data unnecessarily returned from authenticated API | | |
| CVE-2021-42719 | Adobe Bridge Out-of-bounds read could lead to Arbitrary Code Execution | S | |
| CVE-2021-42720 | Adobe Bridge Out-of-bounds read could lead to Arbitrary Code Execution | S | |
| CVE-2021-42721 | Adobe Bridge Use After Free could lead to Arbitrary code execution | | |
| CVE-2021-42722 | Adobe Bridge Out-of-bounds read could lead to Arbitrary Code Execution | S | |
| CVE-2021-42723 | Adobe Bridge Out-of-bounds read could lead to Arbitrary Code Execution | | |
| CVE-2021-42724 | Adobe Bridge Memory Corruption could lead to Arbitrary code execution | S | |
| CVE-2021-42725 | Adobe Bridge Memory Corruption could lead to Arbitrary code execution | S | |
| CVE-2021-42726 | Adobe Bridge Memory Corruption could lead to Arbitrary code execution | | |
| CVE-2021-42727 | Adobe Bridge Buffer Overflow Arbitrary code execution | | |
| CVE-2021-42728 | Adobe Bridge Buffer Overflow Arbitrary code execution | S | |
| CVE-2021-42729 | Adobe Bridge Memory Corruption could lead to Arbitrary code execution | S | |
| CVE-2021-42730 | Adobe Bridge Memory Corruption could lead to Arbitrary code execution | S | |
| CVE-2021-42731 | Adobe Indesign Buffer Overflow Could Lead to Remote Code Execution | | |
| CVE-2021-42732 | Adobe InDesign crashes when parsing the GIF file | | |
| CVE-2021-42733 | Adobe Bridge NULL Pointer Dereference could lead to Application denial-of-service | S | |
| CVE-2021-42734 | Adobe Photoshop TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-42735 | Adobe Photoshop Memory Corruption could lead to Arbitrary code execution | | |
| CVE-2021-42737 | Adobe Prelude WAV File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-42738 | Adobe Prelude MXF File Parsing Memory Corruption Arbitrary Code Execution | S | |
| CVE-2021-42739 | The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/... | S | |
| CVE-2021-42740 | The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject un... | S | |
| CVE-2021-42743 | Local privilege escalation via a default path in Splunk Enterprise Windows | | |
| CVE-2021-42744 | Philips MRI 1.5T and 3T Information Exposure | M | |
| CVE-2021-42748 | In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism... | E S | |
| CVE-2021-42749 | In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing ... | E S | |
| CVE-2021-42750 | A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attacke... | E | |
| CVE-2021-42751 | A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attacke... | E | |
| CVE-2021-42752 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2021-42753 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE... | | |
| CVE-2021-42754 | An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 ... | | |
| CVE-2021-42755 | An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and b... | S | |
| CVE-2021-42756 | Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x a... | S | |
| CVE-2021-42757 | A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 thr... | | |
| CVE-2021-42758 | An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenti... | S | |
| CVE-2021-42759 | A violation of secure design principles in Fortinet Meru AP version 8.6.1 and below, version 8.5.5 a... | | |
| CVE-2021-42760 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F... | S | |
| CVE-2021-42761 | A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versi... | S | |
| CVE-2021-42762 | BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass tha... | E | |
| CVE-2021-42763 | Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The is... | | |
| CVE-2021-42764 | The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause... | | |
| CVE-2021-42765 | The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to lever... | | |
| CVE-2021-42766 | The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause... | | |
| CVE-2021-42767 | A directory traversal vulnerability in the apoc plugins in Neo4J Graph database before 4.4.0.1 allow... | | |
| CVE-2021-42770 | A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP att... | E | |
| CVE-2021-42771 | Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing ... | E S | |
| CVE-2021-42772 | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not i... | E | |
| CVE-2021-42773 | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not i... | | |
| CVE-2021-42774 | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not i... | | |
| CVE-2021-42775 | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not i... | | |
| CVE-2021-42776 | CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import.... | | |
| CVE-2021-42777 | Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker... | E | |
| CVE-2021-42778 | A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.... | S | |
| CVE-2021-42779 | A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.... | S | |
| CVE-2021-42780 | A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could... | S | |
| CVE-2021-42781 | Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that cou... | S | |
| CVE-2021-42782 | Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could... | S | |
| CVE-2021-42783 | Missing Authentication in debug_post_set.cgi in D-Link DWR-932C E1 Firmware 1.0.0.4 | S | |
| CVE-2021-42784 | OS Command Injection in debug_fcgi in D-Link DWR-932C E1 Firmware 1.0.0.4 | S | |
| CVE-2021-42785 | Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59 | | |
| CVE-2021-42786 | Remote Code Execution at AgentControllerServlet | | |
| CVE-2021-42787 | Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet | | |
| CVE-2021-42791 | An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notificat... | | |
| CVE-2021-42792 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-42793 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-42794 | An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior. The a... | E | |
| CVE-2021-42796 | An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2... | | |
| CVE-2021-42797 | Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior a... | | |
| CVE-2021-42808 | The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions. | S | |
| CVE-2021-42809 | The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library | S | |
| CVE-2021-42810 | Safenet Authentication Service Remote Desktop Gateway prior to 2.0.3 may allow privilege escilation to authenticated users | S | |
| CVE-2021-42811 | Vulnerability in SafeNet KeySecure | S | |
| CVE-2021-42833 | Use of hardcoded credentials impacting AquaView versions 1.60, 7.x, 8.x | S | |
| CVE-2021-42835 | An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee. An attacker (with a foot... | E | |
| CVE-2021-42836 | GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.... | E S | |
| CVE-2021-42837 | An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, aut... | | |
| CVE-2021-42838 | Grand Vice info Co. webopac7 - Reflected XSS | S | |
| CVE-2021-42839 | Grand Vice info Co. webopac7 - Arbitrary File Upload | S | |
| CVE-2021-42840 | SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. ... | E | |
| CVE-2021-42841 | Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input ... | | |
| CVE-2021-42847 | Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary file... | | |
| CVE-2021-42848 | An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices t... | S | |
| CVE-2021-42849 | A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devic... | S | |
| CVE-2021-42850 | A weak default administrator password for the web interface and serial port was reported in some Len... | S | |
| CVE-2021-42851 | A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unaut... | S | |
| CVE-2021-42852 | A command injection vulnerability was reported in some Lenovo Personal Cloud Storage devices that co... | S | |
| CVE-2021-42853 | Directory Traversal Delete/Read at AgentDiagnosticServlet | | |
| CVE-2021-42854 | Directory Traversal Read/Write/Delete at PluginServlet | | |
| CVE-2021-42855 | Local privilege escalation due to misconfigured write permission on .debug_command.config file | | |
| CVE-2021-42856 | Reflected Cross-site Scripting at DsaDataTest | | |
| CVE-2021-42857 | Directory Traversal Partial Write at AgentDaServlet | | |
| CVE-2021-42859 | A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: test... | E | |
| CVE-2021-42860 | A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLo... | E | |
| CVE-2021-42863 | A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allow... | E S | |
| CVE-2021-42866 | A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixel... | E | |
| CVE-2021-42867 | A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field i... | E | |
| CVE-2021-42868 | A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in t... | E | |
| CVE-2021-42869 | A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via ... | E | |
| CVE-2021-42870 | ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing a call_clear_request.... | E S | |
| CVE-2021-42872 | TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely ex... | E | |
| CVE-2021-42875 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function set... | E | |
| CVE-2021-42877 | TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem o... | E | |
| CVE-2021-42884 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDevi... | E | |
| CVE-2021-42885 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDevi... | E | |
| CVE-2021-42886 | TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker ca... | E | |
| CVE-2021-42887 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request throug... | E | |
| CVE-2021-42888 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLang... | E | |
| CVE-2021-42889 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, ... | E | |
| CVE-2021-42890 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSync... | E | |
| CVE-2021-42891 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) with... | E | |
| CVE-2021-42892 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the de... | E | |
| CVE-2021-42893 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) with... | E | |
| CVE-2021-42897 | A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/data... | E | |
| CVE-2021-42911 | A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3... | E | |
| CVE-2021-42912 | FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vul... | | |
| CVE-2021-42913 | The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list o... | | |
| CVE-2021-42917 | Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service... | E S | |
| CVE-2021-42923 | ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If an attacker overwrites the file... | | |
| CVE-2021-42940 | A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachm... | E | |
| CVE-2021-42943 | Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attacker... | E | |
| CVE-2021-42945 | A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php... | | |
| CVE-2021-42946 | A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /adm... | E | |
| CVE-2021-42948 | HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens ... | | |
| CVE-2021-42949 | The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a pr... | | |
| CVE-2021-42950 | Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before Octo... | | |
| CVE-2021-42951 | A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL all versions before October 1... | | |
| CVE-2021-42952 | Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vulnerability. Upon launching Remo... | | |
| CVE-2021-42954 | Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrec... | E | |
| CVE-2021-42955 | Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an u... | E | |
| CVE-2021-42956 | Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitiv... | E | |
| CVE-2021-42966 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-42967 | Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.... | E | |
| CVE-2021-42969 | Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an at... | E | |
| CVE-2021-42970 | Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ cont... | E | |
| CVE-2021-42972 | NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Server abov... | E | |
| CVE-2021-42973 | NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server abo... | E | |
| CVE-2021-42976 | NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine... | E | |
| CVE-2021-42977 | NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachin... | E | |
| CVE-2021-42979 | NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Clou... | E | |
| CVE-2021-42980 | NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud... | E | |
| CVE-2021-42983 | NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine ... | E | |
| CVE-2021-42986 | NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine... | E | |
| CVE-2021-42987 | Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler 0x22001B in the USB Network G... | E | |
| CVE-2021-42988 | Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler 0x22001B in the USB Network Ga... | E | |
| CVE-2021-42990 | FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Wind... | E | |
| CVE-2021-42993 | FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Win... | E | |
| CVE-2021-42994 | Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 belo... | E | |
| CVE-2021-42996 | Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 bel... | E |