| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-43000 | Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzett... | E | |
| CVE-2021-43002 | Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPor... | E | |
| CVE-2021-43003 | Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzet... | E | |
| CVE-2021-43006 | AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amz... | E | |
| CVE-2021-43008 | Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attac... | E | |
| CVE-2021-43009 | A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search pa... | E | |
| CVE-2021-43010 | In Safedog Apache v4.0.30255, attackers can bypass this product for SQL injection. Attackers can byp... | | |
| CVE-2021-43011 | Adobe Prelude M4A file memory corruption vulnerability could lead to remote code execution | S | |
| CVE-2021-43012 | Adobe Prelude M4A file memory corruption vulnerability could lead to remote code execution | S | |
| CVE-2021-43013 | Adobe Media Encoder memory corruption vulnerability could lead to remote code execution | | |
| CVE-2021-43015 | Adobe InCopy GIF File Parsing Memory Corruption Arbitrary Code Execution | | |
| CVE-2021-43016 | Adobe InCopy NULL Pointer Dereference Application Denial of Service | S | |
| CVE-2021-43017 | Adobe Creative Cloud DLL Hijacking Local Application Denial of Service | S | |
| CVE-2021-43018 | Adobe Photoshop JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2021-43019 | Adobe Creative Cloud Incorrect Permission Assignment Privilege Escalation Vulnerability | S | |
| CVE-2021-43021 | Adobe Premiere Rush EXR File Memory Corruption Remote Code Execution | | |
| CVE-2021-43022 | Adobe Premiere Rush PNG File Memory Corruption Remote Code Execution | | |
| CVE-2021-43023 | Adobe Premiere Rush EPS/TIFF File Memory Corruption Remote Code Execution | | |
| CVE-2021-43024 | Adobe Premiere Rush WAV File Memory Corruption Remote Code Execution | | |
| CVE-2021-43025 | Adobe Premiere Rush SVG File Memory Corruption Remote Code Execution | | |
| CVE-2021-43026 | Adobe Premiere Rush MXF File Memory Corruption Remote Code Execution | | |
| CVE-2021-43027 | Adobe After Effects TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-43028 | Adobe Premiere Rush M4A File Memory Corruption Remote Code Execution | | |
| CVE-2021-43029 | Adobe Premiere Rush M4A File Memory Corruption Remote Code Execution | | |
| CVE-2021-43030 | Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability | | |
| CVE-2021-43032 | In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertiseme... | E | |
| CVE-2021-43033 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in th... | E | |
| CVE-2021-43034 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file al... | E | |
| CVE-2021-43035 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL ... | E | |
| CVE-2021-43036 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the Pos... | E | |
| CVE-2021-43037 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows ag... | E | |
| CVE-2021-43038 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could... | E | |
| CVE-2021-43039 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing s... | E | |
| CVE-2021-43040 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServ... | E | |
| CVE-2021-43041 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request c... | E | |
| CVE-2021-43042 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existe... | E | |
| CVE-2021-43043 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could re... | E | |
| CVE-2021-43044 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was conf... | E | |
| CVE-2021-43045 | Possible DOS vulnerabilities in C# Avro SDK | | |
| CVE-2021-43046 | TIBCO PartnerExpress Session Token in URL | S | |
| CVE-2021-43047 | TIBCO PartnerExpress Cross Site Scripting vulnerabilities | S | |
| CVE-2021-43048 | TIBCO PartnerExpress Click-Jacking vulnerability | S | |
| CVE-2021-43049 | TIBCO BusinessConnect Container Edition username and password leakage | S | |
| CVE-2021-43050 | TIBCO BusinessConnect Container Edition administrative username and passwords leakage | S | |
| CVE-2021-43051 | TIBCO Spotfire Server API Authorization Vulnerability | S | |
| CVE-2021-43052 | TIBCO FTL Secret Generation Vulnerability | S | |
| CVE-2021-43053 | TIBCO FTL Secret Exposure Vulnerability | S | |
| CVE-2021-43054 | TIBCO eFTL Token Generation Vulnerability | S | |
| CVE-2021-43055 | TIBCO eFTL Token Caching Vulnerability | S | |
| CVE-2021-43056 | An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM gu... | S | |
| CVE-2021-43057 | An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_tracem... | E S | |
| CVE-2021-43058 | An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead... | | |
| CVE-2021-43062 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | E | |
| CVE-2021-43063 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2021-43064 | A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, ... | S | |
| CVE-2021-43065 | A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version ... | E | |
| CVE-2021-43066 | A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, vers... | | |
| CVE-2021-43067 | A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version ... | | |
| CVE-2021-43068 | A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the sec... | S | |
| CVE-2021-43069 | Rejected reason: Not used... | R | |
| CVE-2021-43070 | Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and... | | |
| CVE-2021-43071 | A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below,... | S | |
| CVE-2021-43072 | A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer v... | S | |
| CVE-2021-43073 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | | |
| CVE-2021-43074 | An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all vers... | S | |
| CVE-2021-43075 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | | |
| CVE-2021-43076 | An improper privilege management vulnerability [CWE-269] in FortiADC versions 6.2.1 and below, 6.1.5... | | |
| CVE-2021-43077 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F... | | |
| CVE-2021-43078 | Rejected reason: Not used... | R | |
| CVE-2021-43079 | Rejected reason: Not used... | R | |
| CVE-2021-43080 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS ver... | | |
| CVE-2021-43081 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS ver... | | |
| CVE-2021-43082 | heap-buffer-overflow with stats-over-http plugin | S | |
| CVE-2021-43083 | Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response | | |
| CVE-2021-43084 | An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.... | E | |
| CVE-2021-43085 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-43086 | ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compression function of the astc-encode... | E | |
| CVE-2021-43090 | An XML External Entity (XXE) vulnerability exists in soa-model before 1.6.4 in the WSDLParser functi... | E S | |
| CVE-2021-43091 | An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the reg... | E S | |
| CVE-2021-43094 | An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and... | | |
| CVE-2021-43097 | A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.java... | E | |
| CVE-2021-43098 | A File Upload vulnerability exists in bbs v5.3 via QuestionManageAction.java in a getType function.... | E | |
| CVE-2021-43099 | An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 in the UpgradeNow function in ... | E | |
| CVE-2021-43100 | A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction.java in a GetType function, w... | E | |
| CVE-2021-43101 | A File Upload vulnerability exists in bbs 5.3 is via MembershipCardManageAction.java in a GetType fu... | E | |
| CVE-2021-43102 | A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction.java in a GetType function, wh... | E | |
| CVE-2021-43103 | A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction.java in a GetType function, w... | E | |
| CVE-2021-43105 | A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allo... | | |
| CVE-2021-43106 | A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzwar... | E | |
| CVE-2021-43109 | An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via t... | E | |
| CVE-2021-43110 | An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in a... | E | |
| CVE-2021-43113 | iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool... | E | |
| CVE-2021-43114 | FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. T... | S | |
| CVE-2021-43116 | An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and ... | E | |
| CVE-2021-43117 | fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution th... | E | |
| CVE-2021-43118 | A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.... | E | |
| CVE-2021-43129 | A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feat... | E | |
| CVE-2021-43130 | An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System (CRM... | E | |
| CVE-2021-43136 | An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication ... | E | |
| CVE-2021-43137 | Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel manag... | | |
| CVE-2021-43138 | In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues... | E S | |
| CVE-2021-43140 | SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login... | E | |
| CVE-2021-43141 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 vi... | E | |
| CVE-2021-43142 | An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in the readObject method in JOXSA... | E | |
| CVE-2021-43145 | With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access wit... | | |
| CVE-2021-43149 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-43154 | Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an A... | | |
| CVE-2021-43155 | Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" paramete... | E | |
| CVE-2021-43156 | In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote ... | E | |
| CVE-2021-43157 | Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in... | E | |
| CVE-2021-43158 | In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a re... | E | |
| CVE-2021-43159 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up... | | |
| CVE-2021-43160 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up... | | |
| CVE-2021-43161 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up... | | |
| CVE-2021-43162 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up... | | |
| CVE-2021-43163 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up... | | |
| CVE-2021-43164 | A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up... | E | |
| CVE-2021-43171 | Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lo... | | |
| CVE-2021-43172 | Infinite length chain of RRDP repositories | | |
| CVE-2021-43173 | Hanging RRDP request | | |
| CVE-2021-43174 | gzip transfer encoding caused out-of-memory crash | | |
| CVE-2021-43175 | The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that acc... | E | |
| CVE-2021-43176 | The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action”... | E | |
| CVE-2021-43177 | As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 ... | | |
| CVE-2021-43178 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43179 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43180 | In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible.... | | |
| CVE-2021-43181 | In JetBrains Hub before 2021.1.13690, stored XSS is possible.... | | |
| CVE-2021-43182 | In JetBrains Hub before 2021.1.13415, a DoS via user information is possible.... | | |
| CVE-2021-43183 | In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed.... | | |
| CVE-2021-43184 | In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.... | | |
| CVE-2021-43185 | JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection.... | | |
| CVE-2021-43186 | JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.... | | |
| CVE-2021-43187 | In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive inf... | | |
| CVE-2021-43188 | In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete.... | | |
| CVE-2021-43189 | In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete.... | | |
| CVE-2021-43190 | In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible.... | | |
| CVE-2021-43191 | JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS.... | | |
| CVE-2021-43192 | In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible.... | | |
| CVE-2021-43193 | In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is pos... | | |
| CVE-2021-43194 | In JetBrains TeamCity before 2021.1.2, user enumeration was possible.... | | |
| CVE-2021-43195 | In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing.... | | |
| CVE-2021-43196 | In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialo... | | |
| CVE-2021-43197 | In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.... | | |
| CVE-2021-43198 | In JetBrains TeamCity before 2021.1.2, stored XSS is possible.... | | |
| CVE-2021-43199 | In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insuf... | | |
| CVE-2021-43200 | In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insuff... | | |
| CVE-2021-43201 | In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already d... | | |
| CVE-2021-43202 | In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing in some cases.... | | |
| CVE-2021-43203 | In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is imple... | | |
| CVE-2021-43204 | A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 a... | S | |
| CVE-2021-43205 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient... | S | |
| CVE-2021-43206 | A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through ... | | |
| CVE-2021-43207 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-43208 | 3D Viewer Remote Code Execution Vulnerability | S | |
| CVE-2021-43209 | 3D Viewer Remote Code Execution Vulnerability | S | |
| CVE-2021-43211 | Windows 10 Update Assistant Elevation of Privilege Vulnerability | S | |
| CVE-2021-43214 | Web Media Extensions Remote Code Execution Vulnerability | S | |
| CVE-2021-43215 | iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution | S | |
| CVE-2021-43216 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability | S | |
| CVE-2021-43217 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability | S | |
| CVE-2021-43219 | DirectX Graphics Kernel File Denial of Service Vulnerability | S | |
| CVE-2021-43220 | Microsoft Edge for iOS Spoofing Vulnerability | S | |
| CVE-2021-43221 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | S | |
| CVE-2021-43222 | Microsoft Message Queuing Information Disclosure Vulnerability | S | |
| CVE-2021-43223 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | S | |
| CVE-2021-43224 | Windows Common Log File System Driver Information Disclosure Vulnerability | S | |
| CVE-2021-43225 | Bot Framework SDK Remote Code Execution Vulnerability | S | |
| CVE-2021-43226 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-43227 | Storage Spaces Controller Information Disclosure Vulnerability | S | |
| CVE-2021-43228 | SymCrypt Denial of Service Vulnerability | S | |
| CVE-2021-43229 | Windows NTFS Elevation of Privilege Vulnerability | S | |
| CVE-2021-43230 | Windows NTFS Elevation of Privilege Vulnerability | S | |
| CVE-2021-43231 | Windows NTFS Elevation of Privilege Vulnerability | S | |
| CVE-2021-43232 | Windows Event Tracing Remote Code Execution Vulnerability | S | |
| CVE-2021-43233 | Remote Desktop Client Remote Code Execution Vulnerability | S | |
| CVE-2021-43234 | Windows Fax Service Remote Code Execution Vulnerability | S | |
| CVE-2021-43235 | Storage Spaces Controller Information Disclosure Vulnerability | S | |
| CVE-2021-43236 | Microsoft Message Queuing Information Disclosure Vulnerability | S | |
| CVE-2021-43237 | Windows Setup Elevation of Privilege Vulnerability | S | |
| CVE-2021-43238 | Windows Remote Access Elevation of Privilege Vulnerability | S | |
| CVE-2021-43239 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability | S | |
| CVE-2021-43240 | NTFS Set Short Name Elevation of Privilege Vulnerability | S | |
| CVE-2021-43242 | Microsoft SharePoint Server Spoofing Vulnerability | S | |
| CVE-2021-43243 | VP9 Video Extensions Information Disclosure Vulnerability | S | |
| CVE-2021-43244 | Windows Kernel Information Disclosure Vulnerability | S | |
| CVE-2021-43245 | Windows Digital TV Tuner Elevation of Privilege Vulnerability | S | |
| CVE-2021-43246 | Windows Hyper-V Denial of Service Vulnerability | S | |
| CVE-2021-43247 | Windows TCP/IP Driver Elevation of Privilege Vulnerability | S | |
| CVE-2021-43248 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | S | |
| CVE-2021-43255 | Microsoft Office Trust Center Spoofing Vulnerability | S | |
| CVE-2021-43256 | Microsoft Excel Remote Code Execution Vulnerability | S | |
| CVE-2021-43257 | Lack of Neutralization of Formula Elements in the CSV API of MantisBT before 2.25.3 allows an unpriv... | E S | |
| CVE-2021-43258 | CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure ... | E S | |
| CVE-2021-43264 | In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page h... | E | |
| CVE-2021-43265 | In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, s... | E | |
| CVE-2021-43266 | In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting collections via PDF export could ... | E | |
| CVE-2021-43267 | An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Int... | E S | |
| CVE-2021-43268 | An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packe... | | |
| CVE-2021-43269 | In Code42 app before 8.8.0, eval injection allows an attacker to change a device’s proxy configurati... | | |
| CVE-2021-43270 | Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3.1.0-dev-00170, and 3.1.0-dev-0... | S | |
| CVE-2021-43271 | Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, ... | | |
| CVE-2021-43272 | An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA View... | | |
| CVE-2021-43273 | An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance... | | |
| CVE-2021-43274 | A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The s... | | |
| CVE-2021-43275 | A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Draw... | | |
| CVE-2021-43276 | An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted... | | |
| CVE-2021-43277 | An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance... | | |
| CVE-2021-43278 | An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance... | | |
| CVE-2021-43279 | An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Allianc... | | |
| CVE-2021-43280 | A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design ... | | |
| CVE-2021-43281 | MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permissi... | S | |
| CVE-2021-43282 | An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is adver... | E | |
| CVE-2021-43283 | An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability w... | E | |
| CVE-2021-43284 | An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets up... | E | |
| CVE-2021-43286 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker with privileges to create a ... | E S | |
| CVE-2021-43287 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. The business continuity add-on, which is... | E S | |
| CVE-2021-43288 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent c... | E S | |
| CVE-2021-43289 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD a... | E S | |
| CVE-2021-43290 | An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a GoCD a... | E S | |
| CVE-2021-43293 | Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potent... | S | |
| CVE-2021-43294 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products mod... | | |
| CVE-2021-43295 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts mod... | | |
| CVE-2021-43296 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an SSRF attack in ActionExecutor.... | | |
| CVE-2021-43297 | Dubbo Hessian cause RCE when parse error | | |
| CVE-2021-43298 | The code that performs password matching when using 'Basic' HTTP authentication does not use a const... | | |
| CVE-2021-43299 | Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argu... | S | |
| CVE-2021-43300 | Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' ar... | S | |
| CVE-2021-43301 | Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' ... | S | |
| CVE-2021-43302 | Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename... | S | |
| CVE-2021-43303 | Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument ... | S | |
| CVE-2021-43304 | Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is ... | E | |
| CVE-2021-43305 | Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is ... | E | |
| CVE-2021-43306 | Exponential ReDoS in jquery-validation | E | |
| CVE-2021-43307 | Exponential ReDoS in semver-regex | E | |
| CVE-2021-43308 | Exponential ReDoS in markdown-link-extractor | E | |
| CVE-2021-43309 | ReDoS in uri-template-lite URI.expand function | E | |
| CVE-2021-43310 | A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that rese... | E S | |
| CVE-2021-43311 | A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inac... | E S | |
| CVE-2021-43312 | A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inacce... | E S | |
| CVE-2021-43313 | A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inacce... | E S | |
| CVE-2021-43314 | A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an ina... | E S | |
| CVE-2021-43315 | A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an ina... | E S | |
| CVE-2021-43316 | A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inac... | E S | |
| CVE-2021-43317 | A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an ina... | E S | |
| CVE-2021-43319 | Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due... | | |
| CVE-2021-43320 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-41244. Reason: This candidat... | R | |
| CVE-2021-43323 | An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel 5.5 before 05.51.45, 5.4 befor... | | |
| CVE-2021-43324 | LibreNMS through 21.10.2 allows XSS via a widget title.... | S | |
| CVE-2021-43325 | Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue ... | | |
| CVE-2021-43326 | Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.... | E | |
| CVE-2021-43327 | An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extrac... | E | |
| CVE-2021-43329 | A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote u... | E | |
| CVE-2021-43331 | In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbi... | S | |
| CVE-2021-43332 | In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypt... | S | |
| CVE-2021-43333 | The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for conf... | M | |
| CVE-2021-43334 | BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.... | E M | |
| CVE-2021-43336 | An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Allianc... | | |
| CVE-2021-43337 | SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new Accounting... | S | |
| CVE-2021-43338 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43339. Reason: This candidat... | R | |
| CVE-2021-43339 | In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inje... | E | |
| CVE-2021-43350 | LDAP filter injection vulnerability in Traffic Ops | | |
| CVE-2021-43351 | Rejected reason: This is unused.... | R | |
| CVE-2021-43353 | Crisp Live Chat <= 0.31 Cross-Site Request Forgery to Stored Cross-Site Scripting | S | |
| CVE-2021-43355 | Fresenius Kabi Agilia Connect Infusion System use of client side authentication | S | |
| CVE-2021-43358 | Sunnet eHRD - Path Traversal | S | |
| CVE-2021-43359 | Sunnet eHRD - Broken Access Control | S | |
| CVE-2021-43360 | Sunnet eHRD - Insecure Deserialization | S | |
| CVE-2021-43361 | MedData HBYS 1.0 Remote SQL Injection Vulnerability | | |
| CVE-2021-43362 | MedData HBYS 1.0 Remote SQL Injection Vulnerability | | |
| CVE-2021-43388 | Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which m... | | |
| CVE-2021-43389 | An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds fl... | E S | |
| CVE-2021-43390 | An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawi... | | |
| CVE-2021-43391 | An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawin... | | |
| CVE-2021-43392 | STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain inf... | | |
| CVE-2021-43393 | STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse sign... | | |
| CVE-2021-43394 | Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorre... | | |
| CVE-2021-43395 | An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community... | E S | |
| CVE-2021-43396 | In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv... | E S | |
| CVE-2021-43397 | LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Adm... | E | |
| CVE-2021-43398 | Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a c... | E | |
| CVE-2021-43399 | The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell project, does not properl... | E | |
| CVE-2021-43400 | An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client d... | S | |
| CVE-2021-43403 | An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authe... | S | |
| CVE-2021-43404 | An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters.... | S | |
| CVE-2021-43405 | An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it ... | E S | |
| CVE-2021-43406 | An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it ... | S | |
| CVE-2021-43408 | Duplicate Post WordPress Plugin SQL Injection Vulnerability | E | |
| CVE-2021-43409 | WPO365 | LOGIN - Wordpress Plugin Persistent Cross-Site Scripting | E | |
| CVE-2021-43410 | airavata-django-portal allows CRLF log injection because of the lack of escaping in the log statements | | |
| CVE-2021-43411 | An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, ... | E S | |
| CVE-2021-43412 | An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messag... | E | |
| CVE-2021-43413 | An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among every... | E | |
| CVE-2021-43414 | An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in ... | E | |
| CVE-2021-43415 | HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabl... | M | |
| CVE-2021-43419 | An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be high... | E | |
| CVE-2021-43420 | SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allow... | E | |
| CVE-2021-43421 | A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1.59 via connector.minimal.php, ... | E | |
| CVE-2021-43429 | A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7/2021 via the mempool_destroy ... | E | |
| CVE-2021-43430 | An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, w... | E | |
| CVE-2021-43432 | A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via th... | S | |
| CVE-2021-43436 | MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field duri... | | |
| CVE-2021-43437 | In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host head... | | |
| CVE-2021-43438 | Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME... | | |
| CVE-2021-43439 | RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely... | | |
| CVE-2021-43440 | Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execu... | | |
| CVE-2021-43441 | An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML c... | | |
| CVE-2021-43442 | A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46)... | | |
| CVE-2021-43444 | ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document do... | M | |
| CVE-2021-43445 | ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can au... | M | |
| CVE-2021-43446 | ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" f... | E M | |
| CVE-2021-43447 | ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication ... | E M | |
| CVE-2021-43448 | ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input... | E M | |
| CVE-2021-43449 | ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The do... | E M | |
| CVE-2021-43451 | SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email... | E | |
| CVE-2021-43453 | A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out... | E | |
| CVE-2021-43454 | An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted fil... | E | |
| CVE-2021-43455 | An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the Fre... | E | |
| CVE-2021-43456 | An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially c... | E | |
| CVE-2021-43457 | An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the wase... | | |
| CVE-2021-43458 | An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in th... | E | |
| CVE-2021-43459 | A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain... | E | |
| CVE-2021-43460 | An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted f... | E | |
| CVE-2021-43461 | Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername p... | E | |
| CVE-2021-43462 | A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username p... | E | |
| CVE-2021-43463 | An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the E... | E | |
| CVE-2021-43464 | A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a backg... | E | |
| CVE-2021-43466 | In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template in... | E | |
| CVE-2021-43469 | VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead compone... | E | |
| CVE-2021-43471 | In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN.... | E | |
| CVE-2021-43474 | An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter ... | E | |
| CVE-2021-43478 | A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php... | E | |
| CVE-2021-43479 | A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.... | E | |
| CVE-2021-43481 | An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter... | E | |
| CVE-2021-43483 | An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, whi... | E | |
| CVE-2021-43484 | A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.... | | |
| CVE-2021-43492 | AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directo... | E | |
| CVE-2021-43493 | ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by ... | E | |
| CVE-2021-43494 | OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a... | E | |
| CVE-2021-43495 | AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directo... | E | |
| CVE-2021-43496 | Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a dire... | E | |
| CVE-2021-43498 | An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, f... | E | |
| CVE-2021-43503 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-43505 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Managemen... | E | |
| CVE-2021-43506 | An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the ... | E | |
| CVE-2021-43509 | SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id ... | E | |
| CVE-2021-43510 | SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the use... | E | |
| CVE-2021-43512 | An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, all... | | |
| CVE-2021-43515 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in K... | S | |
| CVE-2021-43517 | FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that o... | E | |
| CVE-2021-43518 | Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate... | E | |
| CVE-2021-43519 | Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a D... | E S | |
| CVE-2021-43521 | A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/... | E | |
| CVE-2021-43522 | An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 2021-11-08, 5.2 through 2021-11-... | | |
| CVE-2021-43523 | In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names retu... | E S | |
| CVE-2021-43527 | NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overfl... | S | |
| CVE-2021-43528 | Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution contex... | | |
| CVE-2021-43529 | Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527... | | |
| CVE-2021-43530 | A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitizatio... | | |
| CVE-2021-43531 | When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect U... | | |
| CVE-2021-43532 | The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embeddi... | | |
| CVE-2021-43533 | When parsing internationalized domain names, high bits of the characters in the URLs were sometimes ... | | |
| CVE-2021-43534 | Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firef... | | |
| CVE-2021-43535 | A use-after-free could have occured when an HTTP2 session object was released on a different thread,... | | |
| CVE-2021-43536 | Under certain circumstances, asynchronous functions could have caused a navigation to fail but expos... | | |
| CVE-2021-43537 | An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt me... | | |
| CVE-2021-43538 | By misusing a race in our notification code, an attacker could have forcefully hidden the notificati... | | |
| CVE-2021-43539 | Failure to correctly record the location of live pointers across wasm instance calls resulted in a G... | | |
| CVE-2021-43540 | WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-... | | |
| CVE-2021-43541 | When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces w... | | |
| CVE-2021-43542 | Using XMLHttpRequest, an attacker could have identified installed applications by probing error mess... | | |
| CVE-2021-43543 | Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction ... | | |
| CVE-2021-43544 | When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent... | | |
| CVE-2021-43545 | Using the Location API in a loop could have caused severe application hangs and crashes. This vulner... | | |
| CVE-2021-43546 | It was possible to recreate previous cursor spoofing attacks against users with a zoomed native curs... | | |
| CVE-2021-43547 | TwinOaks Computing CoreDX DDS Secure Network Amplification | S | |
| CVE-2021-43548 | Philips Patient Information Center iX (PIC iX) and Efficia CM Series Improper Input Validation | | |
| CVE-2021-43549 | OSIsoft PI Web API | M | |
| CVE-2021-43550 | Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of a Broken or Risky Cryptographic Algorithm | | |
| CVE-2021-43551 | OSIsoft PI Vision | M | |
| CVE-2021-43552 | Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of Hard-coded Cryptographic Key | | |
| CVE-2021-43553 | OSIsoft PI Vision | M | |
| CVE-2021-43554 | FATEK Automation WinProladder | S | |
| CVE-2021-43555 | mySCADA myDESIGNER | S | |
| CVE-2021-43556 | FATEK Automation WinProladder | S | |
| CVE-2021-43557 | Path traversal in request_uri variable | E M | |
| CVE-2021-43558 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier uns... | S | |
| CVE-2021-43559 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier uns... | S | |
| CVE-2021-43560 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier uns... | S | |
| CVE-2021-43561 | An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and ... | S | |
| CVE-2021-43562 | An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TY... | S | |
| CVE-2021-43563 | An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TY... | S | |
| CVE-2021-43564 | An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 f... | S | |
| CVE-2021-43565 | The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an a... | | |
| CVE-2021-43566 | All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS rac... | E S | |
| CVE-2021-43568 | The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that ... | E | |
| CVE-2021-43569 | The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that th... | E | |
| CVE-2021-43570 | The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the ... | E | |
| CVE-2021-43571 | The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that t... | E | |
| CVE-2021-43572 | The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) be... | E S | |
| CVE-2021-43573 | A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client... | | |
| CVE-2021-43574 | WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parame... | | |
| CVE-2021-43575 | KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev... | E | |
| CVE-2021-43576 | Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external ... | | |
| CVE-2021-43577 | Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent... | | |
| CVE-2021-43578 | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-control... | | |
| CVE-2021-43579 | A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execut... | E S | |
| CVE-2021-43581 | An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SD... | | |
| CVE-2021-43582 | A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Draw... | | |
| CVE-2021-43584 | DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagio... | E | |
| CVE-2021-43587 | Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded crypto... | S | |
| CVE-2021-43588 | Dell EMC Data Protection Central version 19.5 contains an Improper Input Validation Vulnerability. A... | S | |
| CVE-2021-43589 | Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an o... | | |
| CVE-2021-43590 | Dell EMC Enterprise Storage Analytics for vRealize Operations, versions 4.0.1 to 6.2.1, contain a Pl... | S | |
| CVE-2021-43608 | Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the... | S | |
| CVE-2021-43609 | An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection v... | E | |
| CVE-2021-43610 | Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From heade... | S | |
| CVE-2021-43611 | Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display ... | S | |
| CVE-2021-43612 | In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to t... | S | |
| CVE-2021-43615 | An issue was discovered in HddPassword in Insyde InsydeH2O with kernel 5.1 before 05.16.23, 5.2 befo... | | |
| CVE-2021-43616 | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency... | E S | |
| CVE-2021-43617 | Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content be... | S | |
| CVE-2021-43618 | GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow ... | E S | |
| CVE-2021-43619 | Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition.... | E S | |
| CVE-2021-43620 | An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of ... | E S | |
| CVE-2021-43628 | Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter... | E | |
| CVE-2021-43629 | Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters... | E | |
| CVE-2021-43630 | Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters... | E | |
| CVE-2021-43631 | Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no ... | E | |
| CVE-2021-43633 | Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid ... | | |
| CVE-2021-43635 | A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field... | E | |
| CVE-2021-43636 | Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_re... | | |
| CVE-2021-43637 | Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpa... | E | |
| CVE-2021-43638 | Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon... | E | |
| CVE-2021-43650 | WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during... | E | |
| CVE-2021-43657 | A Stored Cross-site scripting (XSS) vulnerability via MAster.php in Sourcecodetester Simple Client M... | | |
| CVE-2021-43659 | In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as upload... | E | |
| CVE-2021-43661 | totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (... | E | |
| CVE-2021-43662 | totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue whi... | E | |
| CVE-2021-43663 | totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2021-43664 | totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2021-43666 | A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivat... | E | |
| CVE-2021-43667 | A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leve... | E S | |
| CVE-2021-43668 | Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot b... | | |
| CVE-2021-43669 | A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easil... | S | |
| CVE-2021-43673 | dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.p... | E | |
| CVE-2021-43674 | ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. NOTE: This... | E | |
| CVE-2021-43675 | Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. ... | | |
| CVE-2021-43676 | matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php.... | E | |
| CVE-2021-43677 | Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.... | | |
| CVE-2021-43678 | Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php.... | E | |
| CVE-2021-43679 | ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.ph... | E | |
| CVE-2021-43681 | SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostH... | E | |
| CVE-2021-43682 | thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability ... | E | |
| CVE-2021-43683 | pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit f... | E | |
| CVE-2021-43685 | libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/a... | | |
| CVE-2021-43686 | nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The ex... | E | |
| CVE-2021-43687 | chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/a... | E S | |
| CVE-2021-43689 | manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Appli... | E | |
| CVE-2021-43690 | YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The ex... | E | |
| CVE-2021-43691 | tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load... | E | |
| CVE-2021-43692 | youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerab... | E | |
| CVE-2021-43693 | vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.... | E | |
| CVE-2021-43695 | issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.back... | E | |
| CVE-2021-43696 | twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the e... | E | |
| CVE-2021-43697 | Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vuln... | E | |
| CVE-2021-43698 | phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In fil... | E | |
| CVE-2021-43700 | An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /ind... | E | |
| CVE-2021-43701 | CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/... | E | |
| CVE-2021-43702 | ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin pa... | E | |
| CVE-2021-43703 | An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. ... | E | |
| CVE-2021-43707 | Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.... | E | |
| CVE-2021-43708 | The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation o... | | |
| CVE-2021-43711 | The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection v... | E | |
| CVE-2021-43712 | Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allo... | E | |
| CVE-2021-43721 | Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to r... | E | |
| CVE-2021-43722 | D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handle... | E | |
| CVE-2021-43724 | A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page fun... | E | |
| CVE-2021-43725 | There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below... | E S | |
| CVE-2021-43728 | Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting... | E | |
| CVE-2021-43729 | Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting... | E | |
| CVE-2021-43734 | kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead... | E | |
| CVE-2021-43735 | CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.... | E | |
| CVE-2021-43736 | CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule... | E | |
| CVE-2021-43737 | An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify a... | E | |
| CVE-2021-43738 | An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can... | E | |
| CVE-2021-43741 | CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the ... | E | |
| CVE-2021-43742 | CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.... | E | |
| CVE-2021-43745 | A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function... | E | |
| CVE-2021-43746 | Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability | | |
| CVE-2021-43747 | Adobe Premiere Rush WAV File Memory Corruption Remote Code Execution | | |
| CVE-2021-43748 | Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service | | |
| CVE-2021-43749 | Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service | | |
| CVE-2021-43750 | Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service | | |
| CVE-2021-43751 | Adobe Premiere Pro MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-43752 | Adobe Illustrator TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-43753 | Adobe Lightroom TIF File Parsing Use-After-Free Information Disclosure Vulnerability | | |
| CVE-2021-43754 | Adobe Prelude Corruption could lead to Arbitrary code execution | S | |
| CVE-2021-43755 | Adobe After Effects Memory Corruption could lead to Arbitrary Code Execution | S | |
| CVE-2021-43756 | Adobe Media Encoder Memory Corruption Vulnerability could lead to Remote Code Execution | | |
| CVE-2021-43757 | Adobe Media Encoder 3GP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2021-43758 | Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-43759 | Adobe Media Encoder MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-43760 | Adobe Media Encoder MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2021-43761 | Adobe Experience Manager Stored XSS on Edit Tag page via Localization input | | |
| CVE-2021-43762 | Adobe Experience Manager Unicode normalization leads to dispatcher bypass | | |
| CVE-2021-43763 | Adobe Dimension TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | S | |
| CVE-2021-43764 | Adobe Experience Manager Stored XSS in the Spin Set | | |
| CVE-2021-43765 | Adobe Experience Manager Stored XSS in the Carousel Set | | |
| CVE-2021-43766 | Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use ... | | |
| CVE-2021-43767 | Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured... | | |
| CVE-2021-43771 | Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privil... | | |
| CVE-2021-43772 | Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the pro... | | |
| CVE-2021-43774 | A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that... | E | |
| CVE-2021-43775 | Arbitrary file reading vulnerability in Aim | E S | |
| CVE-2021-43776 | XSS vulnerability in @backstage/plugin-auth-backend | | |
| CVE-2021-43777 | Vulnerability in Redash OAuth2 flows due to misuse of state field (should be a nonce) | S | |
| CVE-2021-43778 | Path traversal in GLPI barcode plugin | E S | |
| CVE-2021-43779 | Remote Command Execution vulnerability | E S | |
| CVE-2021-43780 | Server-Side Request Forgery (SSRF) in Redash | S | |
| CVE-2021-43781 | Permissions not properly checked in Invenio-Drafts-Resources | E S | |
| CVE-2021-43782 | Indirect LDAP injection in Tuleap | S | |
| CVE-2021-43783 | Path Traversal in @backstage/plugin-scaffolder-backend | S | |
| CVE-2021-43784 | Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration | E S | |
| CVE-2021-43785 | Cross Site Scripting Vulnerability in @joeattardi/emoji-button | S | |
| CVE-2021-43786 | API token verification can be bypassed | E S | |
| CVE-2021-43787 | XSS via prototype pollution | E S | |
| CVE-2021-43788 | Path traversal in translator module of NobeBB | E S | |
| CVE-2021-43789 | Blind SQLi using Search filters in PrestaShop | | |
| CVE-2021-43790 | Use After Free in lucet | E S | |
| CVE-2021-43791 | Ineffective expiration validation for invitation links in Zulip | S | |
| CVE-2021-43792 | Notifications leak in Discourse | S | |
| CVE-2021-43793 | Bypass of Poll voting limits in Discourse | S | |
| CVE-2021-43794 | Anonymous user cache poisoning via development-mode header in Discourse | S | |
| CVE-2021-43795 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in com.linecorp.armeria:armeria | S | |
| CVE-2021-43797 | HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling | S | |
| CVE-2021-43798 | Grafana path traversal | E S | |
| CVE-2021-43799 | RabbitMQ exposes ports with weak default secrets in Zulip Server | S | |
| CVE-2021-43800 | Asset directory traversal with some storage modules on Windows | S | |
| CVE-2021-43801 | Uncaught Exception in mercurius | S | |
| CVE-2021-43802 | Admin privilege escalation and arbitrary code execution via malicious *.etherpad imports | S | |
| CVE-2021-43803 | Unexpected server crash in Next.js | S | |
| CVE-2021-43804 | Out-of-bounds read when parsing RTCP BYE message in PJSIP | S | |
| CVE-2021-43805 | ReDos vulnerability on guest checkout email validation | E S | |
| CVE-2021-43806 | SQL injection in Tuleap | S | |
| CVE-2021-43807 | HTTP Method Spoofing in Opencast | E S | |
| CVE-2021-43808 | Blade `@parent` Exploitation Leading To Possible XSS in Laravel | E S | |
| CVE-2021-43809 | Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile | E S | |
| CVE-2021-43810 | Cross-site Scripting (XSS) when redirect an url | S | |
| CVE-2021-43811 | Code injection via unsafe YAML loading | S | |
| CVE-2021-43812 | Open redirect in nextjs-auth0 | S | |
| CVE-2021-43813 | Directory Traversal in Grafana | S | |
| CVE-2021-43814 | Heap-based OOB write when parsing dwarf DIE info in Rizin | S | |
| CVE-2021-43815 | Grafana directory traversal for `.cvs` files | S | |
| CVE-2021-43816 | Improper Preservation of Permissions in containerd | E S | |
| CVE-2021-43817 | Reflected Cross-Site-Scripting vulnerability in Collabora Online | | |
| CVE-2021-43818 | HTML Cleaner allows crafted and SVG embedded scripts to pass through | S | |
| CVE-2021-43819 | Stargate-Bukkit improperly handles vehicles causing data duplication. | | |
| CVE-2021-43820 | Permissions check bypass in Seafile | S | |
| CVE-2021-43821 | Files Accessible to External Parties in Opencast | E S | |
| CVE-2021-43822 | SQL injection in jackalope/jackalope-doctrine-dbal | S | |
| CVE-2021-43823 | Side-channel attack in Sourcegraph | S | |
| CVE-2021-43824 | Null pointer dereference in envoy | S | |
| CVE-2021-43825 | Use-after-free in Envoy | S | |
| CVE-2021-43826 | Crash when tunneling TCP over HTTP in Envoy | S | |
| CVE-2021-43827 | Inline footnotes wrapped in tags can cause errors in discourse-footnotes | S | |
| CVE-2021-43828 | Improper Privilege Management in Patrowl | E S | |
| CVE-2021-43829 | Unrestricted Upload of Files in Patrowl | E S | |
| CVE-2021-43830 | SQL injection in OpenProject | S | |
| CVE-2021-43831 | Files on the host computer can be accessed from the Gradio interface | E S | |
| CVE-2021-43832 | Improper Access Control in spinnaker | | |
| CVE-2021-43833 | Account takeover in eLabFTW | | |
| CVE-2021-43834 | Incorrect Authentication in elabftw | | |
| CVE-2021-43835 | Privilege escalation in the Sulu Admin panel | S | |
| CVE-2021-43836 | PHP file inclusion in the Sulu admin panel | S | |
| CVE-2021-43837 | Template injection in vault-cli | E S | |
| CVE-2021-43838 | Regular Expression Denial of Service (ReDoS) in jsx-slack | E S | |
| CVE-2021-43839 | Drainage of FeeCollector's Block Transaction Fees | S | |
| CVE-2021-43840 | Path traversal in message_bus | S | |
| CVE-2021-43841 | XSS by SVG upload in xwiki-platform | E S | |
| CVE-2021-43842 | Stored XSS via SVG file upload in Wiki.js | S | |
| CVE-2021-43843 | Insufficient patch for Regular Expression Denial of Service (ReDoS) to jsx-slack v4.5.1 | E S | |
| CVE-2021-43844 | Externally Controlled Reference to a Resource in Another Sphere in MSEdgeRedirect | E | |
| CVE-2021-43845 | Prevent out-of-bounds read in PJSIP | E S | |
| CVE-2021-43846 | CSRF forgery protection bypass for Spree::OrdersController#populate | E S | |
| CVE-2021-43847 | Authorization Bypass in Space Invite in HumHub | E S | |
| CVE-2021-43848 | Unititialized memory access in h2o | S | |
| CVE-2021-43849 | DoS vulnerability | S | |
| CVE-2021-43850 | Denial of Service in discourse | E S | |
| CVE-2021-43851 | SQL injection vulnerability in anuko timetracker | S | |
| CVE-2021-43852 | JavaScript Prototype Pollution in oro/platform | S | |
| CVE-2021-43853 | Cross-Site Scripting in AjaxNetProfessional | S | |
| CVE-2021-43854 | Inefficient Regular Expression Complexity in nltk | E S | |
| CVE-2021-43855 | Stored XSS via SVG in Requarks/wiki | E S | |
| CVE-2021-43856 | Stored XSS in non-image uploads in Requarks/wiki | E S | |
| CVE-2021-43857 | Gerapy may contain remote code execution vulnerability | E S | |
| CVE-2021-43858 | User privilege escalation in MinIO | S | |
| CVE-2021-43859 | Denial of Service by injecting highly recursive collections or maps in XStream | E S | |
| CVE-2021-43860 | Permissions granted to applications can be hidden from the user at install time | S | |
| CVE-2021-43861 | Incorrect sanitisation function leads to `XSS` | S | |
| CVE-2021-43862 | Self XSS on user input | E S | |
| CVE-2021-43863 | SQL Injection in FileContentProvider (GHSL-2021-1007) | S | |
| CVE-2021-43864 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43865 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43866 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43867 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43868 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43869 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43870 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43871 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43872 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43873 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43874 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2021-43875 | Microsoft Office Graphics Remote Code Execution Vulnerability | S | |
| CVE-2021-43876 | Microsoft SharePoint Elevation of Privilege Vulnerability | S | |
| CVE-2021-43877 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | S | |
| CVE-2021-43880 | Windows Mobile Device Management Elevation of Privilege Vulnerability | S | |
| CVE-2021-43882 | Microsoft Defender for IoT Remote Code Execution Vulnerability | S | |
| CVE-2021-43883 | Windows Installer Elevation of Privilege Vulnerability | S | |
| CVE-2021-43888 | Microsoft Defender for IoT Information Disclosure Vulnerability | S | |
| CVE-2021-43889 | Microsoft Defender for IoT Remote Code Execution Vulnerability | S | |
| CVE-2021-43890 | Windows AppX Installer Spoofing Vulnerability | KEV E S | |
| CVE-2021-43891 | Visual Studio Code Remote Code Execution Vulnerability | S | |
| CVE-2021-43892 | Microsoft BizTalk ESB Toolkit Spoofing Vulnerability | S | |
| CVE-2021-43893 | Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability | S | |
| CVE-2021-43896 | Microsoft PowerShell Spoofing Vulnerability | S | |
| CVE-2021-43899 | Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability | S | |
| CVE-2021-43905 | Microsoft Office app Remote Code Execution Vulnerability | S | |
| CVE-2021-43907 | Visual Studio Code WSL Extension Remote Code Execution Vulnerability | S | |
| CVE-2021-43908 | Visual Studio Code Spoofing Vulnerability | S | |
| CVE-2021-43925 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2021-43926 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2021-43927 | Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability i... | | |
| CVE-2021-43928 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabi... | | |
| CVE-2021-43929 | Improper neutralization of special elements in output used by a downstream component ('Injection') v... | | |
| CVE-2021-43930 | Elcomplus SmartPtt Path Traversal | S | |
| CVE-2021-43931 | Distributed Data Systems WebHM | S | |
| CVE-2021-43932 | Elcomplus SmartPtt Cross-site Scripting | S | |
| CVE-2021-43933 | ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform | S | |
| CVE-2021-43934 | Elcomplus SmartPtt Unrestricted Upload of File with Dangerous Type | S | |
| CVE-2021-43935 | ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products | S | |
| CVE-2021-43936 | Distributed Data Systems WebHM | E S | |
| CVE-2021-43937 | Elcomplus SmartPTT SCADA Server Cross-site Request Forgery | S | |
| CVE-2021-43938 | Elcomplus SmartPTT SCADA Server Information Exposure | S | |
| CVE-2021-43939 | Elcomplus SmartPtt Improper Authorization | S | |
| CVE-2021-43940 | Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers... | | |
| CVE-2021-43941 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several ... | | |
| CVE-2021-43942 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrar... | | |
| CVE-2021-43943 | Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with a... | S | |
| CVE-2021-43944 | This issue exists to document that a security improvement in the way that Jira Server and Data Cente... | | |
| CVE-2021-43945 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers with Roadmaps Admi... | | |
| CVE-2021-43946 | Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to a... | | |
| CVE-2021-43947 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator... | | |
| CVE-2021-43948 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated re... | | |
| CVE-2021-43949 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated re... | | |
| CVE-2021-43950 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated re... | | |
| CVE-2021-43951 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated re... | | |
| CVE-2021-43952 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to... | | |
| CVE-2021-43953 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to... | | |
| CVE-2021-43954 | The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote ... | | |
| CVE-2021-43955 | The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed auth... | | |
| CVE-2021-43956 | The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers... | | |
| CVE-2021-43957 | Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via... | | |
| CVE-2021-43958 | Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brut... | | |
| CVE-2021-43959 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated re... | | |
| CVE-2021-43960 | Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires admi... | E | |
| CVE-2021-43961 | Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.... | | |
| CVE-2021-43963 | An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used t... | | |
| CVE-2021-43969 | The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection wit... | E | |
| CVE-2021-43970 | An arbitrary file upload vulnerability exists in albumimages.jsp in Quicklert for Digium 10.0.0 (104... | E | |
| CVE-2021-43971 | A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote ... | E | |
| CVE-2021-43972 | An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 a... | S | |
| CVE-2021-43973 | An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a r... | S | |
| CVE-2021-43974 | An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end... | E | |
| CVE-2021-43975 | In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlant... | E S | |
| CVE-2021-43976 | In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c a... | S | |
| CVE-2021-43977 | SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.... | | |
| CVE-2021-43978 | Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files... | S | |
| CVE-2021-43979 | Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting i... | S | |
| CVE-2021-43980 | Apache Tomcat: Information disclosure | | |
| CVE-2021-43981 | mySCADA myPRO | S | |
| CVE-2021-43982 | Delta Electronics CNCSoft | S | |
| CVE-2021-43983 | WECON LeviStudioU | M | |
| CVE-2021-43984 | mySCADA myPRO | S | |
| CVE-2021-43985 | mySCADA myPRO | S | |
| CVE-2021-43986 | ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform | S | |
| CVE-2021-43987 | mySCADA myPRO | S | |
| CVE-2021-43988 | ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform | S | |
| CVE-2021-43989 | mySCADA myPRO | S | |
| CVE-2021-43990 | ICSA-22-109-03 FANUC ROBOGUIDE Simulation Platform | S | |
| CVE-2021-43991 | Persistent XSS via Avatar Upload in Kentico Xperience CMS | E | |
| CVE-2021-43996 | The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names... | S | |
| CVE-2021-43997 | FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePr... | | |
| CVE-2021-43998 | HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would alway... | | |
| CVE-2021-43999 | Improper validation of SAML responses | |