| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2021-46005 | Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehi... | E | |
| CVE-2021-46006 | In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated.... | E | |
| CVE-2021-46007 | totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing... | E | |
| CVE-2021-46008 | In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official releas... | E | |
| CVE-2021-46009 | In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authenticati... | E | |
| CVE-2021-46010 | Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuratio... | E | |
| CVE-2021-46012 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-46013 | An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1... | E | |
| CVE-2021-46019 | An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to... | E | |
| CVE-2021-46020 | An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault o... | E | |
| CVE-2021-46021 | An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can ... | E | |
| CVE-2021-46022 | An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can... | E | |
| CVE-2021-46023 | An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. Th... | E | |
| CVE-2021-46024 | Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the... | E | |
| CVE-2021-46025 | A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the o... | E | |
| CVE-2021-46026 | mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag func... | E | |
| CVE-2021-46027 | mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. The attac... | E | |
| CVE-2021-46028 | In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker c... | E | |
| CVE-2021-46030 | There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuarkBBS <= v2. By entering specif... | E | |
| CVE-2021-46033 | In ForestBlog, as of 2021-12-28, File upload can bypass verification.... | E | |
| CVE-2021-46034 | A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be inject... | E | |
| CVE-2021-46036 | An arbitrary file upload vulnerability in the component /ms/file/uploadTemplate.do of MCMS v5.2.4 al... | E | |
| CVE-2021-46037 | MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulnerability via the component /te... | E | |
| CVE-2021-46038 | A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chunk.isra, which causes a Denial... | E | |
| CVE-2021-46039 | A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_chunk_offsets.part function, w... | E | |
| CVE-2021-46040 | A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finplace_shift_moov_meta_offsets fun... | E | |
| CVE-2021-46041 | A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_box_new function, which causes ... | E | |
| CVE-2021-46042 | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fseeko function, which causes a De... | E | |
| CVE-2021-46043 | A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list_count function, which causes ... | E | |
| CVE-2021-46044 | A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOffset.isra, which causes a Deni... | E | |
| CVE-2021-46045 | GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial of service (context-dependent... | E | |
| CVE-2021-46046 | A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause... | E | |
| CVE-2021-46047 | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.... | E S | |
| CVE-2021-46048 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBina... | E | |
| CVE-2021-46049 | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which cou... | E | |
| CVE-2021-46050 | A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.... | E | |
| CVE-2021-46051 | A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, whi... | E | |
| CVE-2021-46052 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::v... | E | |
| CVE-2021-46053 | A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL... | E | |
| CVE-2021-46054 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBina... | E | |
| CVE-2021-46055 | A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBina... | E | |
| CVE-2021-46058 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-46059 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-46060 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-46061 | An SQL Injection vulnerability exists in Sourcecodester Computer and Mobile Repair Shop Management s... | E | |
| CVE-2021-46062 | MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulnerability via the component old... | E | |
| CVE-2021-46063 | MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the ... | E | |
| CVE-2021-46064 | IrfanView 4.59 is vulnerable to buffer overflow via the function at address 0x413c70 (in 32bit versi... | | |
| CVE-2021-46065 | A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk... | E | |
| CVE-2021-46067 | In Vehicle Service Management System 1.0 an attacker can steal the cookies leading to Full Account T... | E | |
| CVE-2021-46068 | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi... | E | |
| CVE-2021-46069 | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi... | E | |
| CVE-2021-46070 | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi... | E | |
| CVE-2021-46071 | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi... | E | |
| CVE-2021-46072 | A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 vi... | E | |
| CVE-2021-46073 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Managemen... | E | |
| CVE-2021-46074 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Managemen... | E | |
| CVE-2021-46075 | A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0.... | E | |
| CVE-2021-46076 | Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can u... | E | |
| CVE-2021-46078 | An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System... | E | |
| CVE-2021-46079 | An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System... | E | |
| CVE-2021-46080 | A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. A... | E | |
| CVE-2021-46082 | Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2... | S | |
| CVE-2021-46083 | uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statis... | E | |
| CVE-2021-46084 | uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via "close registration informa... | E | |
| CVE-2021-46085 | OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-lev... | E | |
| CVE-2021-46086 | xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system ... | E | |
| CVE-2021-46087 | In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Becaus... | E | |
| CVE-2021-46088 | Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with th... | E | |
| CVE-2021-46089 | In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root pri... | E | |
| CVE-2021-46093 | eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.... | E | |
| CVE-2021-46097 | Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_l... | E | |
| CVE-2021-46101 | In Git for windows through 2.34.1 when using git pull to update the local warehouse, git.cmd can be ... | E | |
| CVE-2021-46102 | From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in the file src/elf.rs has an int... | E S | |
| CVE-2021-46104 | An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that c... | E | |
| CVE-2021-46107 | Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) whi... | E | |
| CVE-2021-46108 | D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in th... | | |
| CVE-2021-46109 | Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.3... | E | |
| CVE-2021-46110 | Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilit... | E | |
| CVE-2021-46113 | In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability ... | E | |
| CVE-2021-46114 | jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail. The a... | E | |
| CVE-2021-46115 | jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admi... | E | |
| CVE-2021-46116 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doIn... | E | |
| CVE-2021-46117 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEm... | E | |
| CVE-2021-46118 | jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKi... | E | |
| CVE-2021-46122 | Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 Rel.64328n) is vulnerable to ... | E | |
| CVE-2021-46141 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUri... | E S | |
| CVE-2021-46142 | An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormali... | E S | |
| CVE-2021-46143 | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_gro... | E S | |
| CVE-2021-46144 | Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Ca... | S | |
| CVE-2021-46145 | The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is rela... | | |
| CVE-2021-46146 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. ... | | |
| CVE-2021-46147 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. ... | | |
| CVE-2021-46148 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. ... | | |
| CVE-2021-46149 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. ... | | |
| CVE-2021-46150 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. ... | E | |
| CVE-2021-46151 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46152 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46153 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46154 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46155 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46156 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46157 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46158 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46159 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46160 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46161 | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021... | | |
| CVE-2021-46162 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected applicat... | S | |
| CVE-2021-46163 | Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.... | E | |
| CVE-2021-46164 | Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated u... | | |
| CVE-2021-46165 | Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from ... | | |
| CVE-2021-46166 | Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive inf... | | |
| CVE-2021-46167 | An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to acce... | E | |
| CVE-2021-46168 | Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.... | E S | |
| CVE-2021-46169 | Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache.... | E S | |
| CVE-2021-46170 | An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_i... | E | |
| CVE-2021-46171 | Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.... | E S | |
| CVE-2021-46174 | Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.... | E | |
| CVE-2021-46179 | Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service ... | S | |
| CVE-2021-46195 | GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-deman... | E | |
| CVE-2021-46198 | An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email p... | E | |
| CVE-2021-46200 | An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via ... | E | |
| CVE-2021-46201 | An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the ... | E | |
| CVE-2021-46203 | Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.... | E | |
| CVE-2021-46204 | Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.... | E | |
| CVE-2021-46225 | A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial... | E S | |
| CVE-2021-46226 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46227 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46228 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46229 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46230 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46231 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46232 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46233 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46234 | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister (... | E | |
| CVE-2021-46236 | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_poi... | E | |
| CVE-2021-46237 | An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregi... | E S | |
| CVE-2021-46238 | GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scene... | E S | |
| CVE-2021-46239 | The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the fun... | E S | |
| CVE-2021-46240 | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield... | E S | |
| CVE-2021-46242 | HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.... | E | |
| CVE-2021-46243 | An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_... | E | |
| CVE-2021-46244 | A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /h... | E | |
| CVE-2021-46247 | The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may... | E | |
| CVE-2021-46249 | An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2... | S | |
| CVE-2021-46250 | An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879bd58fa83b09283c0708a1864cdf067... | S | |
| CVE-2021-46251 | A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dc... | S | |
| CVE-2021-46252 | A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmacc... | S | |
| CVE-2021-46253 | A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows ... | E | |
| CVE-2021-46255 | eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the ... | E | |
| CVE-2021-46262 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in th... | E | |
| CVE-2021-46263 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in th... | E | |
| CVE-2021-46264 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in th... | E | |
| CVE-2021-46265 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in th... | E | |
| CVE-2021-46270 | JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user ... | | |
| CVE-2021-46279 | Session Fixation and Insufficient Session Expiration | | |
| CVE-2021-46283 | nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local us... | S | |
| CVE-2021-46304 | A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8... | | |
| CVE-2021-46307 | An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid par... | E | |
| CVE-2021-46308 | An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via t... | E | |
| CVE-2021-46309 | An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging Syste... | E | |
| CVE-2021-46310 | An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of s... | E | |
| CVE-2021-46311 | A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes... | E S | |
| CVE-2021-46312 | An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denia... | E | |
| CVE-2021-46313 | The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __m... | E S | |
| CVE-2021-46314 | A Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetNetworkTomographySettings.... | E | |
| CVE-2021-46315 | Remote Command Execution (RCE) vulnerability exists in HNAP1/control/SetWizardConfig.php in D-Link R... | E | |
| CVE-2021-46319 | Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR-846 DIR846A1_FW100A43.bin and ... | E | |
| CVE-2021-46320 | In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (th... | | |
| CVE-2021-46321 | Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain a stack buffer overflow in th... | E | |
| CVE-2021-46322 | Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in d... | E S | |
| CVE-2021-46323 | Espruino 2v11.251 was discovered to contain a SEGV vulnerability via src/jsinteractive.c in jsiGetDe... | E S | |
| CVE-2021-46324 | Espruino 2v11.251 was discovered to contain a stack buffer overflow via src/jsvar.c in jsvNewFromStr... | E | |
| CVE-2021-46325 | Espruino 2v10.246 was discovered to contain a stack buffer overflow via src/jsutils.c in vcbprintf.... | E S | |
| CVE-2021-46326 | Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __asan_memcp... | E S | |
| CVE-2021-46327 | Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsArray.c in fx_A... | E S | |
| CVE-2021-46328 | Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via the component __libc_start... | E S | |
| CVE-2021-46329 | Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via the component _fini.... | E S | |
| CVE-2021-46330 | Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsDataView.c in f... | E S | |
| CVE-2021-46331 | Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsProxy.c in fxPr... | E S | |
| CVE-2021-46332 | Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via xs/sources/xsDataView.c in... | E | |
| CVE-2021-46333 | Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the compon... | E S | |
| CVE-2021-46334 | Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow via the component __intercept... | E | |
| CVE-2021-46335 | Moddable SDK v11.5.0 was discovered to contain a NULL pointer dereference in the component fx_Functi... | E S | |
| CVE-2021-46336 | There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at /parser/js/js-parser-expr... | E S | |
| CVE-2021-46337 | There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser-mem.c(parser_list_get) in Jerr... | E S | |
| CVE-2021-46338 | There is an Assertion 'ecma_is_lexical_environment (object_p)' failed at /base/ecma-helpers.c(ecma_g... | E S | |
| CVE-2021-46339 | There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at /base/ecma-helpe... | E S | |
| CVE-2021-46340 | There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p->stack_to... | E S | |
| CVE-2021-46342 | There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op_object_is_fast_array (obj_p)'... | E S | |
| CVE-2021-46343 | There is an Assertion 'context_p->token.type == LEXER_LITERAL' failed at /jerry-core/parser/js/js-pa... | E S | |
| CVE-2021-46344 | There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' failed at /jerry-core/parser/js/js-p... | E S | |
| CVE-2021-46345 | There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry-core/lit/lit-strings.c in Jer... | E S | |
| CVE-2021-46346 | There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /je... | E S | |
| CVE-2021-46347 | There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' failed at /jerry-core/ecma/op... | E S | |
| CVE-2021-46348 | There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' failed at /jerry-core/ecma/base/... | E S | |
| CVE-2021-46349 | There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY' failed at... | E S | |
| CVE-2021-46350 | There is an Assertion 'ecma_is_value_object (value)' failed at jerryscript/jerry-core/ecma/base/ecma... | E S | |
| CVE-2021-46351 | There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /je... | E S | |
| CVE-2021-46353 | An information disclosure in web interface in D-Link DIR-X1860 before 1.03 RevA1 allows a remote una... | S | |
| CVE-2021-46354 | Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an informa... | | |
| CVE-2021-46355 | OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the att... | | |
| CVE-2021-46359 | FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not b... | E | |
| CVE-2021-46360 | Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers... | E | |
| CVE-2021-46361 | An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass securit... | E | |
| CVE-2021-46362 | A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password for... | E | |
| CVE-2021-46363 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Inj... | E | |
| CVE-2021-46364 | A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execut... | E | |
| CVE-2021-46365 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML Externa... | E | |
| CVE-2021-46366 | An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open... | E | |
| CVE-2021-46367 | RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin pane... | E | |
| CVE-2021-46368 | TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to... | E | |
| CVE-2021-46371 | antd-admin 5.5.0 is affected by an incorrect access control vulnerability. Unauthorized access to so... | E | |
| CVE-2021-46372 | Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown edi... | E S | |
| CVE-2021-46377 | There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#v... | E | |
| CVE-2021-46378 | DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an una... | E | |
| CVE-2021-46379 | DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL re... | E | |
| CVE-2021-46380 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: This is a duplicate to CVE-20... | R | |
| CVE-2021-46381 | Local File Inclusion due to path traversal in D-Link DAP-1620 leads to unauthorized internal files r... | E | |
| CVE-2021-46382 | Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple at... | E | |
| CVE-2021-46383 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain se... | E | |
| CVE-2021-46384 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The impact is: execute arbitrary c... | E | |
| CVE-2021-46385 | https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain se... | E | |
| CVE-2021-46386 | File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitra... | E | |
| CVE-2021-46387 | ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure ... | E | |
| CVE-2021-46388 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: The issue is not a vulnerabil... | R | |
| CVE-2021-46389 | IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c... | S | |
| CVE-2021-46390 | An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access... | E | |
| CVE-2021-46393 | There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router... | E | |
| CVE-2021-46394 | There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router... | E | |
| CVE-2021-46398 | A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to c... | E S | |
| CVE-2021-46408 | Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overflow in the function sub_422CE4... | E | |
| CVE-2021-46416 | Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthori... | E | |
| CVE-2021-46417 | Insecure handling of a download function leads to disclosure of internal files due to path traversal... | E | |
| CVE-2021-46418 | An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creat... | E | |
| CVE-2021-46419 | An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow de... | E | |
| CVE-2021-46420 | Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory trav... | E | |
| CVE-2021-46421 | Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traver... | E | |
| CVE-2021-46422 | Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote... | E | |
| CVE-2021-46423 | Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allo... | E | |
| CVE-2021-46424 | Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a r... | E | |
| CVE-2021-46426 | phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of t... | E S | |
| CVE-2021-46427 | An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the messa... | E | |
| CVE-2021-46428 | A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ... | E | |
| CVE-2021-46433 | In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode(... | | |
| CVE-2021-46434 | EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a ... | E | |
| CVE-2021-46436 | An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.... | E | |
| CVE-2021-46437 | An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_man... | E | |
| CVE-2021-46439 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-46440 | Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6... | E S | |
| CVE-2021-46441 | In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attacker... | E | |
| CVE-2021-46442 | In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters ... | E | |
| CVE-2021-46443 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2021-46444 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin... | E | |
| CVE-2021-46445 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin... | E | |
| CVE-2021-46446 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin... | E M | |
| CVE-2021-46447 | A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to ... | E | |
| CVE-2021-46448 | H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin... | E | |
| CVE-2021-46451 | An SQL Injection vulnerabilty exists in Sourcecodester Online Project Time Management System 1.0 via... | E | |
| CVE-2021-46452 | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46453 | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46454 | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability ... | E | |
| CVE-2021-46455 | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46456 | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46457 | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability ... | | |
| CVE-2021-46458 | Victor CMS v1.0 was discovered to contain a SQL injection vulnerability in the component admin/posts... | E | |
| CVE-2021-46459 | Victor CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component ad... | E | |
| CVE-2021-46461 | njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njs_vm... | E S | |
| CVE-2021-46462 | njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_... | E S | |
| CVE-2021-46463 | njs through 0.7.1, used in NGINX, was discovered to contain a control flow hijack caused by a Type C... | E S | |
| CVE-2021-46474 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. T... | E S | |
| CVE-2021-46475 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.... | E S | |
| CVE-2021-46477 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegex... | E S | |
| CVE-2021-46478 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. Th... | E S | |
| CVE-2021-46480 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c... | E S | |
| CVE-2021-46481 | Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.... | E S | |
| CVE-2021-46482 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber... | E S | |
| CVE-2021-46483 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.... | E S | |
| CVE-2021-46484 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c.... | E | |
| CVE-2021-46485 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c.... | E | |
| CVE-2021-46486 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c... | E | |
| CVE-2021-46487 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18... | E | |
| CVE-2021-46488 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArrayConcatCmd at src/jsiArray.c... | E | |
| CVE-2021-46489 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c.... | E | |
| CVE-2021-46490 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c... | E | |
| CVE-2021-46491 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c.... | E | |
| CVE-2021-46492 | Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_FunctionInvoke at src/jsiFunc.c.... | E | |
| CVE-2021-46494 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue... | E | |
| CVE-2021-46495 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. Th... | E | |
| CVE-2021-46496 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This v... | E | |
| CVE-2021-46497 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj... | E | |
| CVE-2021-46498 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWe... | E | |
| CVE-2021-46499 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c... | E | |
| CVE-2021-46500 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. ... | E | |
| CVE-2021-46501 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This ... | E | |
| CVE-2021-46502 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.s... | E | |
| CVE-2021-46503 | Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.s... | E | |
| CVE-2021-46504 | There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5.0.... | E | |
| CVE-2021-46505 | Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0... | E | |
| CVE-2021-46506 | There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsish v3.5.0.... | E | |
| CVE-2021-46507 | Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c.... | E | |
| CVE-2021-46508 | There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0.... | E S | |
| CVE-2021-46509 | Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snquote at mjs/src/mjs_json.c.... | E S | |
| CVE-2021-46510 | There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings.len' failed at src/mjs_gc.c i... | E S | |
| CVE-2021-46511 | There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c in Cesanta MJS v2.20.0.... | E S | |
| CVE-2021-46512 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_apply at src/mjs_exec.c. ... | E S | |
| CVE-2021-46513 | Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via mjs_mk_string at mjs/src/... | E S | |
| CVE-2021-46514 | There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at src/mjs_core.c in Cesanta MJS... | E S | |
| CVE-2021-46515 | There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' failed at src/mjs_exec.c in Cesan... | E S | |
| CVE-2021-46516 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_stack_size at mjs/src/mjs... | E S | |
| CVE-2021-46517 | There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src/mjs_exec.c in Cesanta MJS v2.... | E S | |
| CVE-2021-46518 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_disown at src/mjs_core.... | E | |
| CVE-2021-46519 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_array_length at src/mjs... | E | |
| CVE-2021-46520 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_jprintf at src/mjs_util... | E | |
| CVE-2021-46521 | Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/co... | E | |
| CVE-2021-46522 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via /usr/lib/x86_64-linux-gnu/l... | E | |
| CVE-2021-46523 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via to_json_or_debug at mjs/src... | E | |
| CVE-2021-46524 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via snquote at mjs/src/mjs_json... | E S | |
| CVE-2021-46525 | Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free via mjs_apply at src/mjs_exec.c.... | E S | |
| CVE-2021-46526 | Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c... | E S | |
| CVE-2021-46527 | Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow via mjs_get_cstring at src/mjs_... | E S | |
| CVE-2021-46528 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x5361e. T... | E S | |
| CVE-2021-46529 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8814e. T... | E S | |
| CVE-2021-46530 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_execute at src/mjs_exec.c... | E S | |
| CVE-2021-46531 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x8d28e. T... | E S | |
| CVE-2021-46532 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via exec_expr at src/mjs_exec.c. ... | E S | |
| CVE-2021-46534 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via getprop_builtin_foreign at sr... | E S | |
| CVE-2021-46535 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0xe533e. T... | E S | |
| CVE-2021-46537 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x9a30e. T... | E S | |
| CVE-2021-46538 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_compact_strings at src/mjs... | E S | |
| CVE-2021-46539 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so... | E S | |
| CVE-2021-46540 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_get_mjs at src/mjs_builti... | E S | |
| CVE-2021-46541 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c6ae. T... | E S | |
| CVE-2021-46542 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_print at src/mjs_builtin.... | E S | |
| CVE-2021-46543 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so... | E S | |
| CVE-2021-46544 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x86_64-linux-gnu/lib... | E S | |
| CVE-2021-46545 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so... | E S | |
| CVE-2021-46546 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_next at src/mjs_object.c.... | E S | |
| CVE-2021-46547 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. T... | E S | |
| CVE-2021-46548 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mj... | E S | |
| CVE-2021-46549 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ff... | E S | |
| CVE-2021-46550 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_js... | E S | |
| CVE-2021-46553 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_o... | E S | |
| CVE-2021-46554 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs... | E S | |
| CVE-2021-46556 | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at sr... | E S | |
| CVE-2021-46557 | Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the inpu... | E | |
| CVE-2021-46558 | Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 a... | E | |
| CVE-2021-46559 | The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to def... | | |
| CVE-2021-46560 | The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device ... | | |
| CVE-2021-46561 | controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3b... | S | |
| CVE-2021-46562 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46563 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46564 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46565 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46566 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46567 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46568 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46569 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46570 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46571 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46572 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46573 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46574 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46575 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46576 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46577 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46578 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46579 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46580 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46581 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46582 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46583 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46584 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46585 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46586 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46587 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46588 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46589 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46590 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46591 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46592 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46593 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46594 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46595 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46596 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46597 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46598 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46599 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46600 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46601 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46602 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46603 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46604 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46605 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46606 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46607 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46608 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46609 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46610 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46611 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46612 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46613 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46614 | Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds Read Remote Code Execution Vu... | | |
| CVE-2021-46615 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46616 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46617 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46618 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46619 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46620 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46621 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46622 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46623 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46624 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46625 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46626 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46627 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46628 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46629 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46630 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46631 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46632 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46633 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46634 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46635 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46636 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46637 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46638 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46639 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46640 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46641 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46642 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46643 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46644 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46645 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46646 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46647 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46648 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46649 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46650 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46651 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46652 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46653 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46654 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2021-46655 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46656 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Be... | | |
| CVE-2021-46657 | get_sort_by_table in MariaDB before 10.6.2 allows an application crash via certain subquery uses of ... | E S | |
| CVE-2021-46658 | save_window_function_values in MariaDB before 10.6.3 allows an application crash because of incorrec... | E S | |
| CVE-2021-46659 | MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nes... | E | |
| CVE-2021-46660 | Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) attacks.... | | |
| CVE-2021-46661 | MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list vi... | E S | |
| CVE-2021-46662 | MariaDB through 10.5.9 allows a set_var.cc application crash via certain uses of an UPDATE statement... | E S | |
| CVE-2021-46663 | MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements.... | E S | |
| CVE-2021-46664 | MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of a... | E S | |
| CVE-2021-46665 | MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expe... | E S | |
| CVE-2021-46666 | MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING... | E S | |
| CVE-2021-46667 | MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.... | E S | |
| CVE-2021-46668 | MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that ... | E S | |
| CVE-2021-46669 | MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BI... | E S | |
| CVE-2021-46671 | options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-si... | E S | |
| CVE-2021-46676 | Vulnerability XSS in Transaction Map name field | S | |
| CVE-2021-46677 | Vulnerability XSS in Event filter name field | S | |
| CVE-2021-46678 | Vulnerability XSS in service form name field | S | |
| CVE-2021-46679 | Vulnerability XSS in service elements | S | |
| CVE-2021-46680 | Vulnerability XSS in module form name field | S | |
| CVE-2021-46681 | Vulnerability XSS in module mass operation name field | S | |
| CVE-2021-46686 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exi... | | |
| CVE-2021-46687 | JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure thro... | S | |
| CVE-2021-46699 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected applicat... | S | |
| CVE-2021-46700 | In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in enc... | E | |
| CVE-2021-46701 | PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events fr... | E S | |
| CVE-2021-46702 | Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allo... | | |
| CVE-2021-46703 | In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can ... | E | |
| CVE-2021-46704 | In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command inj... | S | |
| CVE-2021-46705 | grub2-once uses fixed file name in /var/tmp | E | |
| CVE-2021-46708 | The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the cli... | S | |
| CVE-2021-46709 | phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).... | E | |
| CVE-2021-46740 | The device authentication service module has a defect vulnerability introduced in the design process... | | |
| CVE-2021-46741 | The basic framework and setting module have defects, which were introduced during the design. Succes... | | |
| CVE-2021-46742 | The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secu... | | |
| CVE-2021-46743 | In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the ... | E | |
| CVE-2021-46744 | An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV gue... | | |
| CVE-2021-46746 | Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may... | | |
| CVE-2021-46748 | Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memor... | | |
| CVE-2021-46749 | Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SM... | | |
| CVE-2021-46753 | Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers ma... | | |
| CVE-2021-46754 | Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker wit... | | |
| CVE-2021-46755 | Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader... | | |
| CVE-2021-46756 | Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader... | | |
| CVE-2021-46757 | Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to... | | |
| CVE-2021-46758 | Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allo... | | |
| CVE-2021-46759 | Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker w... | | |
| CVE-2021-46760 | A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may... | | |
| CVE-2021-46761 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-46762 | Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leadi... | | |
| CVE-2021-46763 | Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intend... | | |
| CVE-2021-46764 | Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory loc... | | |
| CVE-2021-46765 | Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-b... | | |
| CVE-2021-46766 | Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged att... | | |
| CVE-2021-46767 | Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized wr... | | |
| CVE-2021-46768 | Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory ... | | |
| CVE-2021-46769 | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execu... | | |
| CVE-2021-46771 | Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentia... | | |
| CVE-2021-46772 | Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS men... | | |
| CVE-2021-46773 | Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potenti... | | |
| CVE-2021-46774 | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/w... | | |
| CVE-2021-46775 | Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary m... | | |
| CVE-2021-46778 | Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microa... | | |
| CVE-2021-46779 | Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ... | | |
| CVE-2021-46780 | Easy Google Maps < 1.9.32 - Reflected Cross-Site Scripting | E | |
| CVE-2021-46781 | Coming Soon by Supsystic < 1.7.6 - Reflected Cross-Site Scripting | E | |
| CVE-2021-46782 | Pricing Table by Supsystic < 1.9.5 - Reflected Cross-Site Scripting | E | |
| CVE-2021-46784 | In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management... | S | |
| CVE-2021-46785 | The Property module has a vulnerability in permission control.This vulnerability can be exploited to... | | |
| CVE-2021-46786 | The audio module has a vulnerability in verifying the parameters passed by the application space.Suc... | | |
| CVE-2021-46787 | The AMS module has a vulnerability of improper permission control.Successful exploitation of this vu... | | |
| CVE-2021-46788 | Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of t... | | |
| CVE-2021-46789 | Configuration defects in the secure OS module. Successful exploitation of this vulnerability can aff... | | |
| CVE-2021-46790 | ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE:... | E | |
| CVE-2021-46791 | Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a ... | | |
| CVE-2021-46792 | Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BI... | | |
| CVE-2021-46793 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-46794 | Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SM... | | |
| CVE-2021-46795 | A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised... | | |
| CVE-2021-46796 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-46799 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2021-46811 | HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnera... | | |
| CVE-2021-46812 | The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this ... | | |
| CVE-2021-46813 | Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful... | | |
| CVE-2021-46814 | The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of... | | |
| CVE-2021-46815 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-46789. Reason: This candidat... | R | |
| CVE-2021-46816 | Adobe Premiere Pro M4A file memory corruption vulnerability could lead to remote code execution | | |
| CVE-2021-46817 | Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution | | |
| CVE-2021-46818 | Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution | | |
| CVE-2021-46820 | Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_ima... | E | |
| CVE-2021-46822 | The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit bi... | S | |
| CVE-2021-46823 | python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted... | | |
| CVE-2021-46824 | Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the... | | |
| CVE-2021-46825 | Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. ... | | |
| CVE-2021-46827 | An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 buil... | S | |
| CVE-2021-46828 | In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that u... | | |
| CVE-2021-46829 | GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing ... | E S | |
| CVE-2021-46830 | A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registrat... | M | |
| CVE-2021-46834 | A permission bypass vulnerability in Huawei cross device task management could allow an attacker to ... | | |
| CVE-2021-46835 | There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this v... | | |
| CVE-2021-46836 | Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successfu... | | |
| CVE-2021-46837 | res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, a... | | |
| CVE-2021-46839 | The HW_KEYMASTER module has a vulnerability of missing bounds check on length.Successful exploitatio... | | |
| CVE-2021-46840 | The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification.Succ... | | |
| CVE-2021-46841 | This issue was addressed by using HTTPS when sending information over the network. This issue is fix... | | |
| CVE-2021-46846 | Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5. ... | | |
| CVE-2021-46848 | GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simp... | E S | |
| CVE-2021-46849 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-29421. Reason: This candidat... | R | |
| CVE-2021-46850 | myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to c... | E S | |
| CVE-2021-46851 | The DRM module has a vulnerability in verifying the secure memory attributes. Successful exploitatio... | | |
| CVE-2021-46852 | The memory management module has the logic bypass vulnerability. Successful exploitation of this vul... | | |
| CVE-2021-46853 | Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIS... | | |
| CVE-2021-46854 | mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blo... | E | |
| CVE-2021-46856 | The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of... | | |
| CVE-2021-46867 | The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerabil... | S | |
| CVE-2021-46868 | The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerabil... | S | |
| CVE-2021-46871 | tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes.... | S | |
| CVE-2021-46872 | An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in N... | S | |
| CVE-2021-46873 | WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an ad... | | |
| CVE-2021-46875 | An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because ... | S | |
| CVE-2021-46876 | An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can ... | S | |
| CVE-2021-46877 | jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to ca... | E | |
| CVE-2021-46878 | An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_... | E S | |
| CVE-2021-46879 | An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpa... | E S | |
| CVE-2021-46880 | x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authenticatio... | S | |
| CVE-2021-46881 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of t... | | |
| CVE-2021-46882 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of t... | | |
| CVE-2021-46883 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of t... | | |
| CVE-2021-46884 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of t... | | |
| CVE-2021-46885 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of t... | | |
| CVE-2021-46886 | The video framework has memory overwriting caused by addition overflow. Successful exploitation of t... | | |
| CVE-2021-46887 | Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulne... | | |
| CVE-2021-46888 | An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability ex... | E S | |
| CVE-2021-46889 | The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend... | E | |
| CVE-2021-46890 | Vulnerability of incomplete read and write permission verification in the GPU module. Successful exp... | | |
| CVE-2021-46891 | Vulnerability of incomplete read and write permission verification in the GPU module. Successful exp... | | |
| CVE-2021-46892 | Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability m... | | |
| CVE-2021-46893 | Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vul... | | |
| CVE-2021-46894 | Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerabilit... | | |
| CVE-2021-46895 | Vulnerability of defects introduced in the design process in the Multi-Device Task Center. Successfu... | | |
| CVE-2021-46896 | Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via han... | E | |
| CVE-2021-46897 | views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows... | E S | |
| CVE-2021-46898 | views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent externa... | E S | |
| CVE-2021-46899 | SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local atta... | | |
| CVE-2021-46900 | Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensur... | M | |
| CVE-2021-46901 | examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based bu... | E S | |
| CVE-2021-46902 | An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-934... | | |
| CVE-2021-46903 | An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-934... | | |
| CVE-2021-46904 | net: hso: fix null-ptr-deref during tty device unregistration | S | |
| CVE-2021-46905 | net: hso: fix NULL-deref on disconnect regression | S | |
| CVE-2021-46906 | HID: usbhid: fix info leak in hid_submit_ctrl | S | |
| CVE-2021-46907 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2021-46908 | bpf: Use correct permission flag for mixed signed bounds arithmetic | S | |
| CVE-2021-46909 | ARM: footbridge: fix PCI interrupt mapping | S | |
| CVE-2021-46910 | ARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled | S | |
| CVE-2021-46911 | ch_ktls: Fix kernel panic | S | |
| CVE-2021-46912 | net: Make tcp_allowed_congestion_control readonly in non-init netns | S | |
| CVE-2021-46913 | netfilter: nftables: clone set element expression template | S | |
| CVE-2021-46914 | ixgbe: fix unbalanced device enable/disable in suspend/resume | S | |
| CVE-2021-46915 | netfilter: nft_limit: avoid possible divide error in nft_limit_init | S | |
| CVE-2021-46916 | ixgbe: Fix NULL pointer dereference in ethtool loopback test | S | |
| CVE-2021-46917 | dmaengine: idxd: fix wq cleanup of WQCFG registers | S | |
| CVE-2021-46918 | dmaengine: idxd: clear MSIX permission entry on shutdown | S | |
| CVE-2021-46919 | dmaengine: idxd: fix wq size store permission state | S | |
| CVE-2021-46920 | dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback | S | |
| CVE-2021-46921 | locking/qrwlock: Fix ordering in queued_write_lock_slowpath() | S | |
| CVE-2021-46922 | KEYS: trusted: Fix TPM reservation for seal/unseal | S | |
| CVE-2021-46923 | fs/mount_setattr: always cleanup mount_kattr | S | |
| CVE-2021-46924 | NFC: st21nfca: Fix memory leak in device probe and remove | S | |
| CVE-2021-46925 | net/smc: fix kernel panic caused by race of smc_sock | S | |
| CVE-2021-46926 | ALSA: hda: intel-sdw-acpi: harden detection of controller | S | |
| CVE-2021-46927 | nitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert | S | |
| CVE-2021-46928 | parisc: Clear stale IIR value on instruction access rights trap | S | |
| CVE-2021-46929 | sctp: use call_rcu to free endpoint | S | |
| CVE-2021-46930 | usb: mtu3: fix list_head check warning | S | |
| CVE-2021-46931 | net/mlx5e: Wrap the tx reporter dump callback to extract the sq | S | |
| CVE-2021-46932 | Input: appletouch - initialize work before device registration | S | |
| CVE-2021-46933 | usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. | S | |
| CVE-2021-46934 | i2c: validate user data in compat ioctl | S | |
| CVE-2021-46935 | binder: fix async_free_space accounting for empty parcels | S | |
| CVE-2021-46936 | net: fix use-after-free in tw_timer_handler | S | |
| CVE-2021-46937 | mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()' | S | |
| CVE-2021-46938 | dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails | S | |
| CVE-2021-46939 | tracing: Restructure trace_clock_global() to never block | S | |
| CVE-2021-46940 | tools/power turbostat: Fix offset overflow issue in index converting | S | |
| CVE-2021-46941 | usb: dwc3: core: Do core softreset when switch mode | S | |
| CVE-2021-46942 | io_uring: fix shared sqpoll cancellation hangs | S | |
| CVE-2021-46943 | media: staging/intel-ipu3: Fix set_fmt error handling | S | |
| CVE-2021-46944 | media: staging/intel-ipu3: Fix memory leak in imu_fmt | S | |
| CVE-2021-46945 | ext4: always panic when errors=panic is specified | S | |
| CVE-2021-46946 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2021-46947 | sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues | S | |
| CVE-2021-46948 | sfc: farch: fix TX queue lookup in TX event handling | S | |
| CVE-2021-46949 | sfc: farch: fix TX queue lookup in TX flush done handling | S | |
| CVE-2021-46950 | md/raid1: properly indicate failure when ending a failed write request | S | |
| CVE-2021-46951 | tpm: efi: Use local variable for calculating final log size | S | |
| CVE-2021-46952 | NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds | S | |
| CVE-2021-46953 | ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure | S | |
| CVE-2021-46954 | net/sched: sch_frag: fix stack OOB read while fragmenting IPv4 packets | S | |
| CVE-2021-46955 | openvswitch: fix stack OOB read while fragmenting IPv4 packets | S | |
| CVE-2021-46956 | virtiofs: fix memory leak in virtio_fs_probe() | S | |
| CVE-2021-46957 | riscv/kprobe: fix kernel panic when invoking sys_read traced by kprobe | S | |
| CVE-2021-46958 | btrfs: fix race between transaction aborts and fsyncs leading to use-after-free | S | |
| CVE-2021-46959 | spi: Fix use-after-free with devm_spi_alloc_* | S | |
| CVE-2021-46960 | cifs: Return correct error code from smb2_get_enc_key | S | |
| CVE-2021-46961 | irqchip/gic-v3: Do not enable irqs when handling spurious interrups | S | |
| CVE-2021-46962 | mmc: uniphier-sd: Fix a resource leak in the remove function | S | |
| CVE-2021-46963 | scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() | S | |
| CVE-2021-46964 | scsi: qla2xxx: Reserve extra IRQ vectors | S | |
| CVE-2021-46965 | mtd: physmap: physmap-bt1-rom: Fix unintentional stack access | S | |
| CVE-2021-46966 | ACPI: custom_method: fix potential use-after-free issue | S | |
| CVE-2021-46967 | vhost-vdpa: fix vm_flags for virtqueue doorbell mapping | S | |
| CVE-2021-46968 | s390/zcrypt: fix zcard and zqueue hot-unplug memleak | S | |
| CVE-2021-46969 | bus: mhi: core: Fix invalid error returning in mhi_queue | S | |
| CVE-2021-46970 | bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue | S | |
| CVE-2021-46971 | perf/core: Fix unconditional security_locked_down() call | S | |
| CVE-2021-46972 | ovl: fix leaked dentry | S | |
| CVE-2021-46973 | net: qrtr: Avoid potential use after free in MHI send | S | |
| CVE-2021-46974 | bpf: Fix masking negation logic upon negative dst register | S | |
| CVE-2021-46975 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2021-46976 | drm/i915: Fix crash in auto_retire | S | |
| CVE-2021-46977 | KVM: VMX: Disable preemption when probing user return MSRs | S | |
| CVE-2021-46978 | KVM: nVMX: Always make an attempt to map eVMCS after migration | S | |
| CVE-2021-46979 | iio: core: fix ioctl handlers removal | S | |
| CVE-2021-46980 | usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4 | S | |
| CVE-2021-46981 | nbd: Fix NULL pointer in flush_workqueue | S | |
| CVE-2021-46982 | f2fs: compress: fix race condition of overwrite vs truncate | S | |
| CVE-2021-46983 | nvmet-rdma: Fix NULL deref when SEND is completed with error | S | |
| CVE-2021-46984 | kyber: fix out of bounds access when preempted | S | |
| CVE-2021-46985 | ACPI: scan: Fix a memory leak in an error handling path | S | |
| CVE-2021-46986 | usb: dwc3: gadget: Free gadget structure only after freeing endpoints | S | |
| CVE-2021-46987 | btrfs: fix deadlock when cloning inline extents and using qgroups | S | |
| CVE-2021-46988 | userfaultfd: release page in error path to avoid BUG_ON | S | |
| CVE-2021-46989 | hfsplus: prevent corruption in shrinking truncate | S | |
| CVE-2021-46990 | powerpc/64s: Fix crashes when toggling entry flush barrier | S | |
| CVE-2021-46991 | i40e: Fix use-after-free in i40e_client_subtask() | S | |
| CVE-2021-46992 | netfilter: nftables: avoid overflows in nft_hash_buckets() | S | |
| CVE-2021-46993 | sched: Fix out-of-bound access in uclamp | S | |
| CVE-2021-46994 | can: mcp251x: fix resume from sleep before interface was brought up | S | |
| CVE-2021-46995 | can: mcp251xfd: mcp251xfd_probe(): fix an error pointer dereference in probe | S | |
| CVE-2021-46996 | netfilter: nftables: Fix a memleak from userdata error path in new objects | S | |
| CVE-2021-46997 | arm64: entry: always set GIC_PRIO_PSR_I_SET during entry | S | |
| CVE-2021-46998 | ethernet:enic: Fix a use after free bug in enic_hard_start_xmit | S | |
| CVE-2021-46999 | sctp: do asoc update earlier in sctp_sf_do_dupcook_a | S |