Security Bulletin 29 Dec 2021

Published on 29 Dec 2021

Updated on 29 Dec 2021

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-44228Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0, this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.10https://nvd.nist.gov/vuln/detail/CVE-2021-44228
CVE-2018-7750transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-7750
CVE-2019-7653The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is specific to use of the debian/scripts directory.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-7653
CVE-2021-3756libmysofa is vulnerable to Heap-based Buffer Overflow9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3756
CVE-2021-43466In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43466
CVE-2021-42377An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42377
CVE-2021-44077Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44077
CVE-2021-44280attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44280
CVE-2021-43451SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43451
CVE-2021-44677An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14078).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44677
CVE-2021-44678An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14076).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44678
CVE-2021-44679An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14074).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44679
CVE-2021-44680An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14075).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44680
CVE-2021-44681An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14080).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44681
CVE-2021-44682An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14079).9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44682
CVE-2021-44847A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44847
CVE-2021-43214Web Media Extensions Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43214
CVE-2021-43217Windows Encrypting File System (EFS) Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43217
CVE-2021-43225Bot Framework SDK Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43225
CVE-2021-43882Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43882
CVE-2021-43899Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43899
CVE-2021-44653Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44653
CVE-2021-44655Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44655
CVE-2021-4119bookstack is vulnerable to Improper Access Control9.8https://nvd.nist.gov/vuln/detail/CVE-2021-4119
CVE-2021-34141Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-34141
CVE-2021-23450All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23450
CVE-2021-23797All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23797
CVE-2021-23803This affects the package latte/latte before 2.10.6. There is a way to bypass allowFunctions that will affect the security of the application. When the template is set to allow/disallow the use of certain functions, adding control characters (x00-x08) after the function will bypass these restrictions.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23803
CVE-2021-44164Chain Sea ai chatbot system’s file upload function has insufficient filtering for special characters in URLs, which allows a remote attacker to by-pass file type validation, upload malicious script and execute arbitrary code without authentication, in order to take control of the system or terminate service.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44164
CVE-2021-44790A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44790
CVE-2021-43439RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43439
CVE-2021-24849The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections9.8https://nvd.nist.gov/vuln/detail/CVE-2021-24849
CVE-2021-45252Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45252
CVE-2021-45253The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-45253
CVE-2021-36336Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-36336
CVE-2021-44031An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44031
CVE-2021-43155Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43155
CVE-2021-43157Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43157
CVE-2021-43628Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43628
CVE-2021-43629Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43629
CVE-2021-43631Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43631
CVE-2021-44659Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF)9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44659
CVE-2021-21916An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21916
CVE-2020-20601An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-20601
CVE-2021-43857Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-43857
CVE-2021-43905Microsoft Office app Remote Code Execution Vulnerability9.6https://nvd.nist.gov/vuln/detail/CVE-2021-43905
CVE-2021-41244Grafana is an open-source platform for monitoring and observability. In affected versions when the fine-grained access control beta feature is enabled and there is more than one organization in the Grafana instance admins are able to access users from other organizations. Grafana 8.0 introduced a mechanism which allowed users with the Organization Admin role to list, add, remove, and update users’ roles in other organizations in which they are not an admin. With fine-grained access control enabled, organization admins can list, add, remove and update users' roles in another organization, where they do not have organization admin role. All installations between v8.0 and v8.2.3 that have fine-grained access control beta enabled and more than one organization should be upgraded as soon as possible. If you cannot upgrade, you should turn off the fine-grained access control using a feature flag.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-41244
CVE-2021-23732This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.9https://nvd.nist.gov/vuln/detail/CVE-2021-23732
CVE-2021-45046It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.9https://nvd.nist.gov/vuln/detail/CVE-2021-45046

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2018-1000805Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-1000805
CVE-2020-11978An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-11978
CVE-2021-30934A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30934
CVE-2021-30935A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30935
CVE-2017-5123Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-5123
CVE-2021-29756IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202167.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29756
CVE-2021-41365Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-41365
CVE-2021-42309Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42294.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-42309
CVE-2021-42315Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-43882, CVE-2021-43889.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-42315
CVE-2021-45102An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-45102
CVE-2021-42912FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-42912
CVE-2021-41260Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 do not check for Cross Site Request Forgery attacks. All users are advised to upgrade to 0.9.6 as soon as possible. There are no known workarounds for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-41260
CVE-2021-45041SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-45041
CVE-2020-19316OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-19316
CVE-2021-24750The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24750
CVE-2021-24846The get_query() function of the Ni WooCommerce Custom Order Status WordPress plugin before 1.9.7, used by the niwoocos_ajax AJAX action, available to all authenticated users, does not properly sanitise the sort parameter before using it in a SQL statement, leading to an SQL injection, exploitable by any authenticated users, such as subscriber8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24846
CVE-2021-44874Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. The bi report module exposes direct SQL commands via POST data in order to select data for report generation. A malicious actor can use the bi report endpoint as a direct SQL prompt under the authenticated user.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-44874
CVE-2021-43851Anuko Time Tracker is an open source, web-based time tracking application written in PHP. SQL injection vulnerability exist in multiple files in Time Tracker version 1.19.33.5606 and prior due to not properly checking of the "group" and "status" parameters in POST requests. Group parameter is posted along when navigating between organizational subgroups (groups.php file). Status parameter is used in multiple files to change a status of an entity such as making a project, task, or user inactive. This issue has been patched in version 1.19.33.5607. An upgrade is highly recommended. If an upgrade is not practical, introduce ttValidStatus function as in the latest version and start using it user input check blocks wherever status field is used. For groups.php fix, introduce ttValidInteger function as in the latest version and use it in the access check block in the file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43851
CVE-2021-43630Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43630
CVE-2021-21915An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21915
CVE-2021-21917An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21917
CVE-2021-21918A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21918
CVE-2021-21919A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21919
CVE-2021-21920A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘surname_filter’ parameter with the administrative account or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21920
CVE-2021-21921A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter with the administrative account or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21921
CVE-2021-21922A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘username_filter’ parameter with the administrative account or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21922
CVE-2021-21923A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘company_filter’ parameter with the administrative account or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21923
CVE-2021-21924A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21924
CVE-2021-21925A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21925
CVE-2021-21927A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21927
CVE-2021-21928A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21928
CVE-2021-21929A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘prod_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21929
CVE-2021-21930A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘sn_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21930
CVE-2021-21931A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at‘ stat_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21931
CVE-2021-21932A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘name_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21932
CVE-2021-21933A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘esn_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21933
CVE-2021-21934A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this at ‘imei_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21934
CVE-2021-21935A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter2’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21935
CVE-2021-21936A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘health_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21936
CVE-2021-21937A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘host_alt_filter’ parameter. This can be done as any authenticated user or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-21937
CVE-2021-36886Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.5.9).8.8https://nvd.nist.gov/vuln/detail/CVE-2021-36886
CVE-2021-38005Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38005
CVE-2021-38006Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38006
CVE-2021-38007Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38007
CVE-2021-38008Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38008
CVE-2021-38011Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38011
CVE-2021-38012Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38012
CVE-2021-38013Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox escape via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38013
CVE-2021-38014Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38014
CVE-2021-38015Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38015
CVE-2021-38016Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38016
CVE-2021-38017Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-38017
CVE-2021-4052Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4052
CVE-2021-4053Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4053
CVE-2021-4055Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4055
CVE-2021-4056Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4056
CVE-2021-4057Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4057
CVE-2021-4058Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4058
CVE-2021-4061Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4061
CVE-2021-4062Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4062
CVE-2021-4063Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4063
CVE-2021-4064Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4064
CVE-2021-4065Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4065
CVE-2021-4066Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4066
CVE-2021-4067Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4067
CVE-2021-4078Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4078
CVE-2021-4079Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4079
CVE-2021-43858MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit `Deny` rule to disable the API for users.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-43858
CVE-2021-43853Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Affected versions of this package are vulnerable to JavaScript object injection which may result in cross site scripting when leveraged by a malicious user. The affected core relates to JavaScript object creation when parsing json input. Releases before version 21.12.22.1 are affected. A workaround exists that replaces one of the core JavaScript files embedded in the library. See the GHSA-5q7q-qqw2-hjq7 for workaround details.8.7https://nvd.nist.gov/vuln/detail/CVE-2021-43853
CVE-2021-32497SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-32497
CVE-2021-32498SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable will be started instead of the emulator8.6https://nvd.nist.gov/vuln/detail/CVE-2021-32498
CVE-2020-6059An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.8.2https://nvd.nist.gov/vuln/detail/CVE-2020-6059
CVE-2020-11987Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.8.2https://nvd.nist.gov/vuln/detail/CVE-2020-11987
CVE-2021-44224A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).8.2https://nvd.nist.gov/vuln/detail/CVE-2021-44224
CVE-2021-43855Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users.8.2https://nvd.nist.gov/vuln/detail/CVE-2021-43855
CVE-2021-43856Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/8.2https://nvd.nist.gov/vuln/detail/CVE-2021-43856
CVE-2019-11455A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 allows a remote authenticated attacker to retrieve the contents of adjacent memory via manipulation of GET or POST parameters. The attacker can also cause a denial of service (application outage).8.1https://nvd.nist.gov/vuln/detail/CVE-2019-11455
CVE-2021-4104JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-4104
CVE-2021-45101An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-45101
CVE-2021-24739The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature8.1https://nvd.nist.gov/vuln/detail/CVE-2021-24739
CVE-2020-20593A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authenticated attacker to arbitrarily add an administrator account.8https://nvd.nist.gov/vuln/detail/CVE-2020-20593
CVE-2019-13333This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8773.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-13333
CVE-2020-11202Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P7.8https://nvd.nist.gov/vuln/detail/CVE-2020-11202
CVE-2021-30926Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30926
CVE-2021-30927A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30927
CVE-2021-30983A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-30983
CVE-2021-3903vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3903
CVE-2021-3927vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3927
CVE-2021-3928vim is vulnerable to Stack-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3928
CVE-2021-43814Rizin is a UNIX-like reverse engineering framework and command-line toolset. In versions up to and including 0.3.1 there is a heap-based out of bounds write in parse_die() when reversing an AMD64 ELF binary with DWARF debug info. When a malicious AMD64 ELF binary is opened by a victim user, Rizin may crash or execute unintended actions. No workaround are known and users are advised to upgrade.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43814
CVE-2021-43207Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43226.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43207
CVE-2021-43223Windows Remote Access Connection Manager Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43223
CVE-2021-43226Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43207.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43226
CVE-2021-43229Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43230, CVE-2021-43231.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43229
CVE-2021-43230Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43231.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43230
CVE-2021-43231Windows NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43229, CVE-2021-43230.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43231
CVE-2021-43232Windows Event Tracing Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43232
CVE-2021-43234Windows Fax Service Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43234
CVE-2021-43237Windows Setup Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43237
CVE-2021-43238Windows Remote Access Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43238
CVE-2021-43239Windows Recovery Environment Agent Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43239
CVE-2021-43240NTFS Set Short Name Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43240
CVE-2021-43245Windows Digital TV Tuner Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43245
CVE-2021-43247Windows TCP/IP Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43247
CVE-2021-43248Windows Digital Media Receiver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43248
CVE-2021-43256Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43256
CVE-2021-43518Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43518
CVE-2021-43875Microsoft Office Graphics Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43875
CVE-2021-43877ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43877
CVE-2021-43883Windows Installer Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43883
CVE-2021-43891Visual Studio Code Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43891
CVE-2021-45078stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-45078
CVE-2021-44035Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44035
CVE-2021-0673In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05977326; Issue ID: ALPS05977326.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-0673
CVE-2021-4008A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcRenderCompositeGlyphs function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4008
CVE-2021-4009A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcXFixesCreatePointerBarrier function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4009
CVE-2021-4010A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SProcScreenSaverSuspend function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4010
CVE-2021-4011A flaw was found in xorg-x11-server in versions before 21.1.2 and before 1.20.14. An out-of-bounds access can occur in the SwapCreateRegister function. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4011
CVE-2021-4136vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4136
CVE-2021-38401Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an untrusted pointer dereference, which may allow an attacker to execute arbitrary code and cause the application to crash.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-38401
CVE-2021-38409Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an access of uninitialized pointer, which may allow an attacker read from or write to unexpected memory locations, leading to a denial-of-service.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-38409
CVE-2021-38413Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to a stack-based buffer overflow, which may allow an attacker to achieve code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-38413
CVE-2021-38415Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable a heap-based buffer overflow when parsing a specially crafted project file, which may allow an attacker to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-38415
CVE-2021-38419Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds write, which can result in data corruption, a system crash, or code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-38419
CVE-2021-40783Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40783
CVE-2021-40784Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40784
CVE-2021-43021Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EXR file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43021
CVE-2021-43022Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PNG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43022
CVE-2021-43023Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious EPS/TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43023
CVE-2021-43024Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43024
CVE-2021-43025Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43025
CVE-2021-43026Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious MXF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43026
CVE-2021-43028Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43028
CVE-2021-43029Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43029
CVE-2021-44179Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious GIF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44179
CVE-2021-44180Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44180
CVE-2021-44181Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious GIF file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44181
CVE-2021-44422An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation past the end of an allocated buffer, or lead to a heap-based buffer overflow. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44422
CVE-2021-44423An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data from a crafted BMP file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44423
CVE-2021-44859An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data from a crafted TGA file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44859
CVE-2021-44860An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data from a crafted TIF file leads to an out-of-bounds read. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-44860
CVE-2021-21910A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21910
CVE-2021-21911A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21911
CVE-2021-21912A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21912
CVE-2021-44232SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole filesystem structure but cannot overwrite, delete, or corrupt arbitrary files on the server.7.7https://nvd.nist.gov/vuln/detail/CVE-2021-44232
CVE-2017-18359PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-18359
CVE-2020-3935TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, stores users’ information by cleartext in the cookie, which divulges password to attackers.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-3935
CVE-2021-33054SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. (Only versions after 2.0.5a are affected.)7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33054
CVE-2021-22235Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22235
CVE-2021-30924A denial of service issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.0.1. A remote attacker can cause a device to unexpectedly restart.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-30924
CVE-2021-41611An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41611
CVE-2021-39928NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39928
CVE-2021-39921NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39921
CVE-2021-39922Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39922
CVE-2021-39923Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39923
CVE-2021-39924Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39924
CVE-2021-39925Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39925
CVE-2021-39929Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39929
CVE-2021-20470IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196339.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20470
CVE-2021-44686calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44686
CVE-2021-40856Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the /about/../ substring.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40856
CVE-2021-4044Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4044
CVE-2021-43219DirectX Graphics Kernel File Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43219
CVE-2021-43222Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43236.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43222
CVE-2021-43228SymCrypt Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43228
CVE-2021-43233Remote Desktop Client Remote Code Execution Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43233
CVE-2021-43236Microsoft Message Queuing Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43222.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43236
CVE-2021-43888Microsoft Defender for IoT Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43888
CVE-2021-43893Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43893
CVE-2021-45100The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45100
CVE-2021-3959A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. This issue affects: Bitdefender Bitdefender GravityZone versions prior to 3.3.8.2727.5https://nvd.nist.gov/vuln/detail/CVE-2021-3959
CVE-2021-41028A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41028
CVE-2021-44315In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44315
CVE-2020-18081The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-18081
CVE-2021-20608Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by getting GX Works2 to read a tampered program file from a Mitsubishi Electric PLC by sending malicious crafted packets to tamper with the program file.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20608
CVE-2021-22054VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22054
CVE-2021-32499SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32499
CVE-2021-33430A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33430
CVE-2021-41495Null Pointer Dereference vulnerability exists in numpy.sort in NumPy &lt and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively creating sort arrays.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41495
CVE-2021-41496Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41496
CVE-2021-41497Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41497
CVE-2021-41498Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41498
CVE-2021-41499Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41499
CVE-2021-45105Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45105
CVE-2021-44162Chain Sea ai chatbot system’s specific file download function has path traversal vulnerability. The function has improper filtering of special characters in URL parameters, which allows a remote attacker to download arbitrary system files without authentication.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44162
CVE-2021-24981The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-24981
CVE-2021-44877Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability has been found while using a temporary generated token in order to consume api resources. The vulnerability allows an unauthenticated attacker to use an api endpoint to generate a temporary JWT token that is designed to reference the correct tenant prior to authentication, to request system configuration parameters using direct api requests. The correct exploitation of this vulnerability causes sensitive information exposure. In case the tenant has an smtp credential set, the full credential information is disclosed.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44877
CVE-2021-45266A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-45266
CVE-2021-43854NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable functions will cause them to take a significant amount of execution time. If your program relies on any of the vulnerable functions for tokenizing unpredictable user input, then we would strongly recommend upgrading to a version of NLTK without the vulnerability. For users unable to upgrade the execution time can be bounded by limiting the maximum length of an input to any of the vulnerable functions. Our recommendation is to implement such a limit.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43854
CVE-2021-43892Microsoft BizTalk ESB Toolkit Spoofing Vulnerability7.4https://nvd.nist.gov/vuln/detail/CVE-2021-43892
CVE-2021-36337Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-36337
CVE-2020-8116Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.7.3https://nvd.nist.gov/vuln/detail/CVE-2020-8116
CVE-2021-37706PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-37706
CVE-2021-43804PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-43804
CVE-2020-10204Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-10204
CVE-2020-13290In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page7.2https://nvd.nist.gov/vuln/detail/CVE-2020-13290
CVE-2021-42378A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42378
CVE-2021-42379A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42379
CVE-2021-42380A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42380
CVE-2021-42381A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42381
CVE-2021-42382A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42382
CVE-2021-42383A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42383
CVE-2021-42384A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42384
CVE-2021-42385A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42385
CVE-2021-42386A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42386
CVE-2021-24747The SEO Booster WordPress plugin before 3.8 allows for authenticated SQL injection via the "fn_my_ajaxified_dataloader_ajax" AJAX request as the $_REQUEST['order'][0]['dir'] parameter is not properly escaped leading to blind and error-based SQL injections.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-24747
CVE-2021-42294Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-42309.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42294
CVE-2021-43889Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-43889
CVE-2021-43818lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-43818
CVE-2021-43890Windows AppX Installer Spoofing Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2021-43890
CVE-2021-38421Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0.12.0 is vulnerable to an out-of-bounds read, which may allow an attacker to read sensitive information from other memory locations or cause a crash.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-38421
CVE-2021-30923A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to execute arbitrary code with kernel privileges.7https://nvd.nist.gov/vuln/detail/CVE-2021-30923
CVE-2021-0678In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05722511.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0678
CVE-2021-0679In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687781.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0679
CVE-2021-0893In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0893
CVE-2021-0894In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672038.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0894
CVE-2021-0895In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672003.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0895
CVE-2021-0896In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05671206.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0896
CVE-2021-0897In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05670549.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0897
CVE-2021-0898In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0898
CVE-2021-0899In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0899
CVE-2021-0901In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05664618.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0901
CVE-2021-0903In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656488.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-0903
CVE-2021-42550In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.6.6https://nvd.nist.gov/vuln/detail/CVE-2021-42550
CVE-2017-14107The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mishandles EOCD records, which allows remote attackers to cause a denial of service (memory allocation failure in _zip_cdir_grow in zip_dirent.c) via a crafted ZIP archive.6.5https://nvd.nist.gov/vuln/detail/CVE-2017-14107
CVE-2019-15531GNU Libextractor through 1.9 has a heap-based buffer over-read in the function EXTRACTOR_dvi_extract_method in plugins/dvi_extractor.c.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-15531
CVE-2021-3027app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided search filter because user input gets no sanitization.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3027
CVE-2021-22207Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22207
CVE-2021-30887A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30887
CVE-2021-30897An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-30897
CVE-2021-29716IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-29716
CVE-2021-40857Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via the passwd=1 substring.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-40857
CVE-2021-41843An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter provider_id, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar&func=search URI.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41843
CVE-2021-38900IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38900
CVE-2021-39013IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-39013
CVE-2021-43156In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-43156
CVE-2021-21926A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘health_filter’ parameter.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-21926
CVE-2020-20595A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-20595
CVE-2021-38009Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38009
CVE-2021-38010Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38010
CVE-2021-38018Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38018
CVE-2021-38019Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38019
CVE-2021-38021Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38021
CVE-2021-38022Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-38022
CVE-2021-4054Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-4054
CVE-2021-4059Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-4059
CVE-2021-4068Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-4068
CVE-2021-43849cordova-plugin-fingerprint-aio is a plugin provides a single and simple interface for accessing fingerprint APIs on both Android 6+ and iOS. In versions prior to 5.0.1 The exported activity `de.niklasmerz.cordova.biometric.BiometricActivity` can cause the app to crash. This vulnerability occurred because the activity didn't handle the case where it is requested with invalid or empty data which results in a crash. Any third party app can constantly call this activity with no permission. A 3rd party app/attacker using event listener can continually stop the app from working and make the victim unable to open it. Version 5.0.1 of the cordova-plugin-fingerprint-aio doesn't export the activity anymore and is no longer vulnerable. If you want to fix older versions change the attribute android:exported in plugin.xml to false. Please upgrade to version 5.0.1 as soon as possible.6.2https://nvd.nist.gov/vuln/detail/CVE-2021-43849
CVE-2019-11454Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-11454
CVE-2017-18635An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.6.1https://nvd.nist.gov/vuln/detail/CVE-2017-18635
CVE-2020-3867A logic issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted web content may lead to universal cross site scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-3867
CVE-2021-30890A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-30890
CVE-2021-22942A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-22942
CVE-2021-20493IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197794.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-20493
CVE-2021-43880Windows Mobile Device Management Elevation of Privilege Vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2021-43880
CVE-2021-43812The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-43812
CVE-2021-44163Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44163
CVE-2021-44916Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44916
CVE-2021-43440Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-43440
CVE-2021-24578The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2021-24578
CVE-2021-24907The Contact Form, Drag and Drop Form Builder for WordPress plugin before 1.8.0 does not escape the status parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2021-24907
CVE-2021-24941The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.0.5 does not sanitise and escape the message_id parameter of the get_message_action_row AJAX action before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2021-24941
CVE-2021-24956The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2021-24956
CVE-2021-44030Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44030
CVE-2021-23228DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-23228
CVE-2021-31558DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-31558
CVE-2021-36885Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon – CFDB7 WordPress plugin (versions <= 1.2.6.1).6.1https://nvd.nist.gov/vuln/detail/CVE-2021-36885
CVE-2021-44471DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44471
CVE-2021-44544DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44544
CVE-2020-20425S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-20425
CVE-2020-20426S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-20426
CVE-2020-20597A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \\web\\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-20597
CVE-2020-20598A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-20598
CVE-2020-20605Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-20605
CVE-2021-45472In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript\: URL scheme (among others) can be used.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-45472
CVE-2021-43242Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42320.5.7https://nvd.nist.gov/vuln/detail/CVE-2021-43242
CVE-2021-43246Windows Hyper-V Denial of Service Vulnerability5.6https://nvd.nist.gov/vuln/detail/CVE-2021-43246
CVE-2020-8631cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-8631
CVE-2020-11209Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD4395.5https://nvd.nist.gov/vuln/detail/CVE-2020-11209
CVE-2021-30929An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30929
CVE-2021-30931A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. A malicious application may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30931
CVE-2021-30967Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A local attacker may be able to read sensitive information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30967
CVE-2021-30970A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-30970
CVE-2021-42373A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given5.5https://nvd.nist.gov/vuln/detail/CVE-2021-42373
CVE-2021-42375An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-42375
CVE-2021-42376A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \\x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-42376
CVE-2021-43224Windows Common Log File System Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43224
CVE-2021-43227Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43235.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43227
CVE-2021-43235Storage Spaces Controller Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-43227.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43235
CVE-2021-43243VP9 Video Extensions Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43243
CVE-2021-43244Windows Kernel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43244
CVE-2021-43255Microsoft Office Trust Center Spoofing Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43255
CVE-2021-43896Microsoft PowerShell Spoofing Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43896
CVE-2021-3179GGLocker iOS application, contains an insecure data storage of the password hash value which results in an authentication bypass.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3179
CVE-2021-0674In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06064258; Issue ID: ALPS06064237.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-0674
CVE-2021-20606Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-20606
CVE-2021-20607Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, MELSOFT Navigator all versions and EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-20607
CVE-2021-43748Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43748
CVE-2021-43749Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43749
CVE-2021-43750Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Null pointer dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-43750
CVE-2021-36341Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-36341
CVE-2021-45297An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45297
CVE-2021-44917A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44917
CVE-2021-44918A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44918
CVE-2021-44919A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44919
CVE-2021-44920An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44920
CVE-2021-44921A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44921
CVE-2021-44922A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44922
CVE-2021-44923A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44923
CVE-2021-44924An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44924
CVE-2021-44925A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44925
CVE-2021-44927A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-44927
CVE-2021-40836A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40836
CVE-2021-45258A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45258
CVE-2021-45259An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45259
CVE-2021-45260A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45260
CVE-2021-45261An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45261
CVE-2021-45262An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45262
CVE-2021-45263An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45263
CVE-2021-45267An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45267
CVE-2021-44225In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property5.4https://nvd.nist.gov/vuln/detail/CVE-2021-44225
CVE-2021-29867IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-29867
CVE-2021-38909IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-38909
CVE-2021-44317In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-44317
CVE-2021-37862Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-37862
CVE-2021-43438Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field5.4https://nvd.nist.gov/vuln/detail/CVE-2021-43438
CVE-2021-24738The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24738
CVE-2021-38893IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-38893
CVE-2021-38966IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-38966
CVE-2020-20600MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-20600
CVE-2019-15165sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-15165
CVE-2020-8506The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-8506
CVE-2020-9359KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-9359
CVE-2021-30904A sync issue was addressed with improved state validation. This issue is fixed in macOS Monterey 12.0.1. A user's messages may continue to sync after the user has signed out of iMessage.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-30904
CVE-2021-30930A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. An attacker may be able to track users through their IP address.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-30930
CVE-2021-42374An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that5.3https://nvd.nist.gov/vuln/detail/CVE-2021-42374
CVE-2021-21707In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-21707
CVE-2021-29719IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 2010915.3https://nvd.nist.gov/vuln/detail/CVE-2021-29719
CVE-2021-40171The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-40171
CVE-2021-43441An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form5.3https://nvd.nist.gov/vuln/detail/CVE-2021-43441
CVE-2021-44875Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the password recovery procedure for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-44875
CVE-2021-44876Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. This issue occurs during the identification of the correct tenant for a given user, where a difference in messages could allow an attacker to determine if the given user is valid or not, enabling a brute force attack with valid users.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-44876
CVE-2020-8118An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.5https://nvd.nist.gov/vuln/detail/CVE-2020-8118
CVE-2021-40858Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure. A sub-admin can read the cleartext Admin password via the fileName=../../etc/passwd substring.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-40858
CVE-2021-24645The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2021-24645
CVE-2021-24646The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed4.8https://nvd.nist.gov/vuln/detail/CVE-2021-24646
CVE-2021-38701Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-38701
CVE-2021-36889Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities were discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.6).4.8https://nvd.nist.gov/vuln/detail/CVE-2021-36889
CVE-2021-30884The issue was resolved with additional restrictions on CSS compositing. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Visiting a maliciously crafted website may reveal a user's browsing history.4.7https://nvd.nist.gov/vuln/detail/CVE-2021-30884
CVE-2021-30932The issue was addressed with improved permissions logic. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access contacts from the lock screen.4.6https://nvd.nist.gov/vuln/detail/CVE-2021-30932
CVE-2021-0676In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863009; Issue ID: ALPS05863009.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-0676
CVE-2021-0677In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ID: ALPS05827154.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-0677
CVE-2021-0900In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672055.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-0900
CVE-2021-0902In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05656484.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-0902
CVE-2021-43158In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-43158
CVE-2021-38020Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-38020
CVE-2020-9488Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.3.7https://nvd.nist.gov/vuln/detail/CVE-2020-9488
CVE-2021-42320Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-43242.3.5https://nvd.nist.gov/vuln/detail/CVE-2021-42320
CVE-2020-18442Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".3.3https://nvd.nist.gov/vuln/detail/CVE-2020-18442
CVE-2021-43763Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-43763
CVE-2021-44182Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-44182
CVE-2021-44183Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious TIF file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-44183
CVE-2021-44697Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-44697
CVE-2021-44698Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-44698
CVE-2021-44699Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-44699
CVE-2000-0484Small HTTP Server ver 3.06 contains a memory corruption bug causing a memory overflow. The overflowed buffer crashes into a Structured Exception Handler resulting in a Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2000-0484
CVE-2020-12980An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.https://nvd.nist.gov/vuln/detail/CVE-2020-12980
CVE-2020-12981An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service.https://nvd.nist.gov/vuln/detail/CVE-2020-12981
CVE-2020-12982An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.https://nvd.nist.gov/vuln/detail/CVE-2020-12982
CVE-2020-12983An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service.https://nvd.nist.gov/vuln/detail/CVE-2020-12983
CVE-2020-12985An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.https://nvd.nist.gov/vuln/detail/CVE-2020-12985
CVE-2020-12986An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows 10 may cause arbitrary code execution in the kernel, leading to escalation of privilege or denial of service.https://nvd.nist.gov/vuln/detail/CVE-2020-12986
CVE-2020-12987A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass.https://nvd.nist.gov/vuln/detail/CVE-2020-12987
CVE-2021-30936A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30936
CVE-2021-30937A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30937
CVE-2021-30938This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A local user may be able to cause unexpected system termination or read kernel memory.https://nvd.nist.gov/vuln/detail/CVE-2021-30938
CVE-2021-30939An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30939
CVE-2021-30940A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents.https://nvd.nist.gov/vuln/detail/CVE-2021-30940
CVE-2021-30941A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may disclose memory contents.https://nvd.nist.gov/vuln/detail/CVE-2021-30941
CVE-2021-30942Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing a maliciously crafted image may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30942
CVE-2021-30945This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local attacker may be able to elevate their privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30945
CVE-2021-30946A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. A malicious application may be able to bypass certain Privacy preferences.https://nvd.nist.gov/vuln/detail/CVE-2021-30946
CVE-2021-30947An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files.https://nvd.nist.gov/vuln/detail/CVE-2021-30947
CVE-2021-30948An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2. A person with physical access to an iOS device may be able to access stored passwords without authentication.https://nvd.nist.gov/vuln/detail/CVE-2021-30948
CVE-2021-30949A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30949
CVE-2021-30950A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.https://nvd.nist.gov/vuln/detail/CVE-2021-30950
CVE-2021-30951A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30951
CVE-2021-30952An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30952
CVE-2021-30953An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30953
CVE-2021-30954A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30954
CVE-2021-30955A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30955
CVE-2021-30957A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30957
CVE-2021-30958An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Playing a malicious audio file may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30958
CVE-2021-30959A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.https://nvd.nist.gov/vuln/detail/CVE-2021-30959
CVE-2021-30960A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.https://nvd.nist.gov/vuln/detail/CVE-2021-30960
CVE-2021-30961A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.https://nvd.nist.gov/vuln/detail/CVE-2021-30961
CVE-2021-30963A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.https://nvd.nist.gov/vuln/detail/CVE-2021-30963
CVE-2021-30964An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences.https://nvd.nist.gov/vuln/detail/CVE-2021-30964
CVE-2021-30965A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to cause a denial of service to Endpoint Security clients.https://nvd.nist.gov/vuln/detail/CVE-2021-30965
CVE-2021-30966A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations.https://nvd.nist.gov/vuln/detail/CVE-2021-30966
CVE-2021-30968A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to bypass certain Privacy preferences.https://nvd.nist.gov/vuln/detail/CVE-2021-30968
CVE-2021-30969A path handling issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk.https://nvd.nist.gov/vuln/detail/CVE-2021-30969
CVE-2021-30971An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30971
CVE-2021-30973An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted file may disclose user information.https://nvd.nist.gov/vuln/detail/CVE-2021-30973
CVE-2021-30975This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.https://nvd.nist.gov/vuln/detail/CVE-2021-30975
CVE-2021-30976A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.https://nvd.nist.gov/vuln/detail/CVE-2021-30976
CVE-2021-30977A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30977
CVE-2021-30979A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30979
CVE-2021-30980A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30980
CVE-2021-30981A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30981
CVE-2021-30982A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A remote attacker may be able to cause unexpected application termination or heap corruption.https://nvd.nist.gov/vuln/detail/CVE-2021-30982
CVE-2021-30984A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-30984
CVE-2021-30985An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30985
CVE-2021-30986A device configuration issue was addressed with an updated configuration. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked by its Bluetooth MAC address.https://nvd.nist.gov/vuln/detail/CVE-2021-30986
CVE-2021-30987An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked via BSSIDs.https://nvd.nist.gov/vuln/detail/CVE-2021-30987
CVE-2021-30988Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications a user has installed.https://nvd.nist.gov/vuln/detail/CVE-2021-30988
CVE-2021-30990A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious application may bypass Gatekeeper checks.https://nvd.nist.gov/vuln/detail/CVE-2021-30990
CVE-2021-30991An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30991
CVE-2021-30992This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata.https://nvd.nist.gov/vuln/detail/CVE-2021-30992
CVE-2021-30993A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. An attacker in a privileged network position may be able to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-30993
CVE-2021-30995A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30995
CVE-2021-30996A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-30996
CVE-2021-41451A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack.https://nvd.nist.gov/vuln/detail/CVE-2021-41451
CVE-2021-35234Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.https://nvd.nist.gov/vuln/detail/CVE-2021-35234
CVE-2021-44926A null pointer dereference vulnerability exists in the gpac in the gf_node_get_tag function, which causes a segmentation fault and application crash.https://nvd.nist.gov/vuln/detail/CVE-2021-44926
CVE-2021-44028XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.https://nvd.nist.gov/vuln/detail/CVE-2021-44028
CVE-2021-44029An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation.https://nvd.nist.gov/vuln/detail/CVE-2021-44029
CVE-2021-45459lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js allows command injection via the PID parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-45459
CVE-2021-40612An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without authentication, a vulnerability in code_igniter/application/controllers/util.php allows an attacker perform command execution without echoes.https://nvd.nist.gov/vuln/detail/CVE-2021-40612
CVE-2021-36750ENC DataVault 7.1.1W and VaultAPI v67, which is currently being used in various other applications, mishandles key derivation, making it easier for attackers to determine the passwords of all DataVault users (across USB drives sold under multiple brand names).https://nvd.nist.gov/vuln/detail/CVE-2021-36750
CVE-2021-45418Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected products include: Nova 360 Cabinet <=1.3.0.0.6 - Fixed: 1.3.0.0.9 and Titan 180 Premium <=1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0.https://nvd.nist.gov/vuln/detail/CVE-2021-45418
CVE-2021-44733A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.https://nvd.nist.gov/vuln/detail/CVE-2021-44733
CVE-2021-45256A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.https://nvd.nist.gov/vuln/detail/CVE-2021-45256
CVE-2021-45257An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.https://nvd.nist.gov/vuln/detail/CVE-2021-45257
CVE-2021-45419Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 and Titan 180 Premium <= 1.3.0.0.6 - Fixed: 1.3.0.0.9.https://nvd.nist.gov/vuln/detail/CVE-2021-45419
CVE-2021-21872An OS command injection vulnerability exists in the Web Manager Diagnostics: Traceroute functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21872
CVE-2021-21873A specially-crafted HTTP request can lead to arbitrary command execution in RSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21873
CVE-2021-21874A specially-crafted HTTP request can lead to arbitrary command execution in DSA keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21874
CVE-2021-21875A specially-crafted HTTP request can lead to arbitrary command execution in EC keypasswd parameter. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21875
CVE-2021-21876Specially-crafted HTTP requests can lead to arbitrary command execution in PUT requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21876
CVE-2021-21877Specially-crafted HTTP requests can lead to arbitrary command execution in “GET” requests. An attacker can make authenticated HTTP requests to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21877
CVE-2021-21878A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted series of HTTP requests can lead to local file inclusion. An attacker can make a series of authenticated HTTP requests to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21878
CVE-2021-21879A directory traversal vulnerability exists in the Web Manager File Upload functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21879
CVE-2021-21880A directory traversal vulnerability exists in the Web Manager FsCopyFile functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21880
CVE-2021-21881An OS command injection vulnerability exists in the Web Manager Wireless Network Scanner functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21881
CVE-2021-21882An OS command injection vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21882
CVE-2021-21883An OS command injection vulnerability exists in the Web Manager Diagnostics: Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21883
CVE-2021-21884An OS command injection vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21884
CVE-2021-21885A directory traversal vulnerability exists in the Web Manager FsMove functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to local file inclusion. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21885
CVE-2021-21886A directory traversal vulnerability exists in the Web Manager FSBrowsePage functionality of Lantronix PremierWave 2050 8.9.0.0R4. A specially crafted HTTP request can lead to information disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21886
CVE-2021-21887A stack-based buffer overflow vulnerability exists in the Web Manager SslGenerateCSR functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21887
CVE-2021-21888An OS command injection vulnerability exists in the Web Manager SslGenerateCertificate functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21888
CVE-2021-21889A stack-based buffer overflow vulnerability exists in the Web Manager Ping functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21889
CVE-2021-21890A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletedir). An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21890
CVE-2021-21891A stack-based buffer overflow vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution in the vulnerable portion of the branch (deletefile). An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21891
CVE-2021-21892A stack-based buffer overflow vulnerability exists in the Web Manager FsUnmount functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21892
CVE-2021-21894A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file overwrite FsTFtp file disclosure. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21894
CVE-2021-21895A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to FsTFtp file overwrite. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21895
CVE-2021-21896A directory traversal vulnerability exists in the Web Manager FsBrowseClean functionality of Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU). A specially crafted HTTP request can lead to arbitrary file deletion. An attacker can make an authenticated HTTP request to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21896
CVE-2021-21901A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21901
CVE-2021-21902An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21902
CVE-2021-21903A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21903
CVE-2021-21904A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-21904
CVE-2021-21905Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. After a client successfully authenticates, they can send plaintext commands to manipulate the device.https://nvd.nist.gov/vuln/detail/CVE-2021-21905
CVE-2021-21906Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function.https://nvd.nist.gov/vuln/detail/CVE-2021-21906
CVE-2021-21907A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-21907
CVE-2021-21908Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete function does not attempt to sanitize or otherwise validate the contents of the [file] parameter (passed to the function as argv[1]), allowing an authenticated attacker to supply directory traversal primitives and delete semi-arbitrary files.https://nvd.nist.gov/vuln/detail/CVE-2021-21908
CVE-2021-21909Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2021-21909
CVE-2021-21952An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-21952
CVE-2021-21953An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted man-in-the-middle attack can lead to increased privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-21953
CVE-2021-39306A stack buffer overflow was discovered on Realtek RTL8195AM device before 2.0.10, it exists in the client code when an attacker sends a big size Authentication challenge text in WEP security.https://nvd.nist.gov/vuln/detail/CVE-2021-39306
CVE-2021-40393An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-40393
CVE-2021-40394An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2021-40394
CVE-2021-40417When parsing a file that is submitted to the DPDecoder service as a job, the service will use the combination of decoding parameters that were submitted with the job along with fields that were parsed for the submitted video by the R3D SDK to calculate the size of a heap buffer. Due to an integer overflow with regards to this calculation, this can result in an undersized heap buffer being allocated. When this heap buffer is written to, a heap-based buffer overflow will occur. This can result in code execution under the context of the application.https://nvd.nist.gov/vuln/detail/CVE-2021-40417
CVE-2021-40418When parsing a file that is submitted to the DPDecoder service as a job, the R3D SDK will mistakenly skip over the assignment of a property containing an object referring to a UUID that was parsed from a frame within the video container. Upon destruction of the object that owns it, the uninitialized member will be dereferenced and then destroyed using the object’s virtual destructor. Due to the object property being uninitialized, this can result in dereferencing an arbitrary pointer for the object’s virtual method table, which can result in code execution under the context of the application.https://nvd.nist.gov/vuln/detail/CVE-2021-40418
CVE-2021-45461FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.https://nvd.nist.gov/vuln/detail/CVE-2021-45461
CVE-2021-20049A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.https://nvd.nist.gov/vuln/detail/CVE-2021-20049
CVE-2021-20050An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data.https://nvd.nist.gov/vuln/detail/CVE-2021-20050
CVE-2021-45462In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.https://nvd.nist.gov/vuln/detail/CVE-2021-45462
CVE-2021-45463GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.https://nvd.nist.gov/vuln/detail/CVE-2021-45463
CVE-2021-4144TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection.https://nvd.nist.gov/vuln/detail/CVE-2021-4144
CVE-2021-44548An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows.https://nvd.nist.gov/vuln/detail/CVE-2021-44548
CVE-2021-44273e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.https://nvd.nist.gov/vuln/detail/CVE-2021-44273
CVE-2021-44599The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve sensitive information for all users of this system.https://nvd.nist.gov/vuln/detail/CVE-2021-44599
CVE-2021-44600The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application interacted with that domain, indicating that the injected SQL query was executed. The attacker can retrieve all authentication and information about the users of this system.https://nvd.nist.gov/vuln/detail/CVE-2021-44600
CVE-2021-44526Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations.https://nvd.nist.gov/vuln/detail/CVE-2021-44526
CVE-2021-23175NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may lead to escalation of privileges, information disclosure, data tampering, and denial of service, affecting other resources beyond the intended security authority of GameStream.https://nvd.nist.gov/vuln/detail/CVE-2021-23175
CVE-2021-4118pytorch-lightning is vulnerable to Deserialization of Untrusted Datahttps://nvd.nist.gov/vuln/detail/CVE-2021-4118
CVE-2021-40160A maliciously crafted PDF file prior to 9.0.7 may be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-40160
CVE-2021-40161A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDF earlier than 9.0.7 version.https://nvd.nist.gov/vuln/detail/CVE-2021-40161
CVE-2021-45469In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.https://nvd.nist.gov/vuln/detail/CVE-2021-45469
CVE-2017-13835A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2017-13835
CVE-2017-13880A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege.https://nvd.nist.gov/vuln/detail/CVE-2017-13880
CVE-2017-13892An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing.https://nvd.nist.gov/vuln/detail/CVE-2017-13892
CVE-2017-13905A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2017-13905
CVE-2017-13906A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges.https://nvd.nist.gov/vuln/detail/CVE-2017-13906
CVE-2017-13907A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked.https://nvd.nist.gov/vuln/detail/CVE-2017-13907
CVE-2017-13908An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share.https://nvd.nist.gov/vuln/detail/CVE-2017-13908
CVE-2017-13909An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.https://nvd.nist.gov/vuln/detail/CVE-2017-13909
CVE-2017-13910An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files.https://nvd.nist.gov/vuln/detail/CVE-2017-13910
CVE-2017-2375An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud.https://nvd.nist.gov/vuln/detail/CVE-2017-2375
CVE-2017-2488A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords.https://nvd.nist.gov/vuln/detail/CVE-2017-2488
CVE-2018-4302A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2018-4302
CVE-2018-4478A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.https://nvd.nist.gov/vuln/detail/CVE-2018-4478
CVE-2019-8643CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management..https://nvd.nist.gov/vuln/detail/CVE-2019-8643
CVE-2019-8702This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier.https://nvd.nist.gov/vuln/detail/CVE-2019-8702
CVE-2019-8703This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2019-8703
CVE-2020-3886A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2020-3886
CVE-2020-3896This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to overwrite arbitrary files.https://nvd.nist.gov/vuln/detail/CVE-2020-3896
CVE-2021-20318The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.https://nvd.nist.gov/vuln/detail/CVE-2021-20318
CVE-2021-22657mySCADA myPRO: Versions 8.20.0 and prior has a feature where the API password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-22657
CVE-2021-23198mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-23198
CVE-2021-27006StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager.https://nvd.nist.gov/vuln/detail/CVE-2021-27006
CVE-2021-27007NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session.https://nvd.nist.gov/vuln/detail/CVE-2021-27007
CVE-2021-30767A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A local user may be able to modify protected parts of the file system.https://nvd.nist.gov/vuln/detail/CVE-2021-30767
CVE-2021-35243The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.https://nvd.nist.gov/vuln/detail/CVE-2021-35243
CVE-2021-3584A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of system. Fixed releases are 2.4.1, 2.5.1, 3.0.0.https://nvd.nist.gov/vuln/detail/CVE-2021-3584
CVE-2021-43981mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-43981
CVE-2021-43984mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-43984
CVE-2021-43985An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.https://nvd.nist.gov/vuln/detail/CVE-2021-43985
CVE-2021-43987An additional, nondocumented administrative account exists in mySCADA myPRO Versions 8.20.0 and prior that is not exposed through the web interface, which cannot be deleted or changed through the regular web interface.https://nvd.nist.gov/vuln/detail/CVE-2021-43987
CVE-2021-43989mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes.https://nvd.nist.gov/vuln/detail/CVE-2021-43989
CVE-2021-44453mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interface which includes a ping utility, which may allow an attacker to inject arbitrary operating system commands.https://nvd.nist.gov/vuln/detail/CVE-2021-44453
CVE-2021-44540A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.https://nvd.nist.gov/vuln/detail/CVE-2021-44540
CVE-2021-44541A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.https://nvd.nist.gov/vuln/detail/CVE-2021-44541
CVE-2021-44542A memory leak vulnerability was found in Privoxy when handling errors.https://nvd.nist.gov/vuln/detail/CVE-2021-44542
CVE-2021-44543An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.https://nvd.nist.gov/vuln/detail/CVE-2021-44543
CVE-2021-4024A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.https://nvd.nist.gov/vuln/detail/CVE-2021-4024
CVE-2021-3621A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-3621
CVE-2021-3622A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-3622
CVE-2021-45470lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts.https://nvd.nist.gov/vuln/detail/CVE-2021-45470
CVE-2020-35398An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted.https://nvd.nist.gov/vuln/detail/CVE-2020-35398
CVE-2021-45471In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items.https://nvd.nist.gov/vuln/detail/CVE-2021-45471
CVE-2021-45473In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar).https://nvd.nist.gov/vuln/detail/CVE-2021-45473
CVE-2021-45474In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-45474
CVE-2021-20826Unprotected transport of credentials vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from the communication between the PLC and the software. As a result, the complete access privileges to the PLC Web server may be obtained, and manipulation of the PLC output and/or suspension of the PLC may be conducted.https://nvd.nist.gov/vuln/detail/CVE-2021-20826
CVE-2021-20827Plaintext storage of a password vulnerability in IDEC PLCs (FC6A Series MICROSmart All-in-One CPU module v2.32 and earlier, FC6A Series MICROSmart Plus CPU module v1.91 and earlier, WindLDR v8.19.1 and earlier, WindEDIT Lite v1.3.1 and earlier, and Data File Manager v2.12.1 and earlier) allows an attacker to obtain the PLC Web server user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the attacker may access the PLC Web server and hijack the PLC, and manipulation of the PLC output and/or suspension of the PLC may be conducted.https://nvd.nist.gov/vuln/detail/CVE-2021-20827
CVE-2021-20874Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2021-20874
CVE-2021-20875Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2021-20875
CVE-2021-20876Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2021-20876
CVE-2021-23772This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder.https://nvd.nist.gov/vuln/detail/CVE-2021-23772
CVE-2021-4072elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')https://nvd.nist.gov/vuln/detail/CVE-2021-4072
CVE-2021-23490The package parse-link-header before 2.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the checkHeader function.https://nvd.nist.gov/vuln/detail/CVE-2021-23490
CVE-2021-23574All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655).https://nvd.nist.gov/vuln/detail/CVE-2021-23574
CVE-2021-3977invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')https://nvd.nist.gov/vuln/detail/CVE-2021-3977
CVE-2021-45480An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.https://nvd.nist.gov/vuln/detail/CVE-2021-45480
CVE-2021-45481In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889.https://nvd.nist.gov/vuln/detail/CVE-2021-45481
CVE-2021-45482In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::ContainerNode::firstChild, a different vulnerability than CVE-2021-30889.https://nvd.nist.gov/vuln/detail/CVE-2021-45482
CVE-2021-45483In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889.https://nvd.nist.gov/vuln/detail/CVE-2021-45483
CVE-2021-45484In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG.https://nvd.nist.gov/vuln/detail/CVE-2021-45484
CVE-2021-45485In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses.https://nvd.nist.gov/vuln/detail/CVE-2021-45485
CVE-2021-45486In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.https://nvd.nist.gov/vuln/detail/CVE-2021-45486
CVE-2021-45487In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.https://nvd.nist.gov/vuln/detail/CVE-2021-45487
CVE-2021-45488In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.https://nvd.nist.gov/vuln/detail/CVE-2021-45488
CVE-2021-45489In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG.https://nvd.nist.gov/vuln/detail/CVE-2021-45489
CVE-2021-4162archivy is vulnerable to Cross-Site Request Forgery (CSRF)https://nvd.nist.gov/vuln/detail/CVE-2021-4162
CVE-2021-4166vim is vulnerable to Out-of-bounds Readhttps://nvd.nist.gov/vuln/detail/CVE-2021-4166
CVE-2021-32467MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.https://nvd.nist.gov/vuln/detail/CVE-2021-32467
CVE-2021-32468MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.https://nvd.nist.gov/vuln/detail/CVE-2021-32468
CVE-2021-32469MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.https://nvd.nist.gov/vuln/detail/CVE-2021-32469
CVE-2021-35055MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.https://nvd.nist.gov/vuln/detail/CVE-2021-35055
CVE-2021-37560MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.https://nvd.nist.gov/vuln/detail/CVE-2021-37560
CVE-2021-37561MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.https://nvd.nist.gov/vuln/detail/CVE-2021-37561
CVE-2021-37562MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.https://nvd.nist.gov/vuln/detail/CVE-2021-37562
CVE-2021-37563MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.https://nvd.nist.gov/vuln/detail/CVE-2021-37563
CVE-2021-37564MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.https://nvd.nist.gov/vuln/detail/CVE-2021-37564
CVE-2021-37565MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.https://nvd.nist.gov/vuln/detail/CVE-2021-37565
CVE-2021-37566MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.https://nvd.nist.gov/vuln/detail/CVE-2021-37566
CVE-2021-37567MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.https://nvd.nist.gov/vuln/detail/CVE-2021-37567
CVE-2021-37568MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.https://nvd.nist.gov/vuln/detail/CVE-2021-37568
CVE-2021-37569MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.https://nvd.nist.gov/vuln/detail/CVE-2021-37569
CVE-2021-37570MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.https://nvd.nist.gov/vuln/detail/CVE-2021-37570
CVE-2021-37571MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.https://nvd.nist.gov/vuln/detail/CVE-2021-37571
CVE-2021-37572MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.https://nvd.nist.gov/vuln/detail/CVE-2021-37572
CVE-2021-37583MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols.https://nvd.nist.gov/vuln/detail/CVE-2021-37583
CVE-2021-37584MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol.https://nvd.nist.gov/vuln/detail/CVE-2021-37584
CVE-2021-41788MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and other devices, mishandle attempts at Wi-Fi authentication flooding.https://nvd.nist.gov/vuln/detail/CVE-2021-41788
CVE-2021-45493Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RAX35 before 1.0.4.102, RAX38 before 1.0.4.102, and RAX40 before 1.0.4.102.https://nvd.nist.gov/vuln/detail/CVE-2021-45493
CVE-2021-45494Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.https://nvd.nist.gov/vuln/detail/CVE-2021-45494
CVE-2021-45495NETGEAR D7000 devices before 1.0.1.68 are affected by authentication bypass.https://nvd.nist.gov/vuln/detail/CVE-2021-45495
CVE-2021-45496NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.https://nvd.nist.gov/vuln/detail/CVE-2021-45496
CVE-2021-45497NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass.https://nvd.nist.gov/vuln/detail/CVE-2021-45497
CVE-2021-45498NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass.https://nvd.nist.gov/vuln/detail/CVE-2021-45498
CVE-2021-45499Certain NETGEAR devices are affected by authentication bypass. This affects R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.https://nvd.nist.gov/vuln/detail/CVE-2021-45499
CVE-2021-45500Certain NETGEAR devices are affected by authentication bypass. This affects R7000P before 1.3.3.140 and R8000 before 1.0.4.68.https://nvd.nist.gov/vuln/detail/CVE-2021-45500
CVE-2021-45501Certain NETGEAR devices are affected by authentication bypass. This affects AC2400 before 1.1.0.84, AC2600 before 1.1.0.84, D7000 before 1.0.1.82, R6020 before 1.0.0.52, R6080 before 1.0.0.52, R6120 before 1.0.0.80, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.1.0.84, R6800 before 1.1.0.84, R6850 before 1.1.0.84, R6900v2 before 1.1.0.84, R7200 before 1.1.0.84, R7350 before 1.1.0.84, R7400 before 1.1.0.84, and R7450 before 1.1.0.84.https://nvd.nist.gov/vuln/detail/CVE-2021-45501
CVE-2021-45502Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45502
CVE-2021-45503Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45503
CVE-2021-45504Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45504
CVE-2021-45505Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45505
CVE-2021-45506Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45506
CVE-2021-45507Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBW30 before 2.6.2.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS40V before 2.6.2.8.https://nvd.nist.gov/vuln/detail/CVE-2021-45507
CVE-2021-45508Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, and RBR850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45508
CVE-2021-45509Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45509
CVE-2021-45510NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass.https://nvd.nist.gov/vuln/detail/CVE-2021-45510
CVE-2021-45511Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27.https://nvd.nist.gov/vuln/detail/CVE-2021-45511
CVE-2021-45512Certain NETGEAR devices are affected by weak cryptography. This affects D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX7000 before 1.0.1.90, R6250 before 1.0.4.42, R6400v2 before 1.0.4.98, R6700v3 before 1.0.4.98, R6900P before 1.3.2.124, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7900 before 1.0.4.26, R8000 before 1.0.4.58, R8300 before 1.0.2.134, R8500 before 1.0.2.134, RS400 before 1.5.0.48, WNR3500Lv2 before 1.2.0.62, and XR300 before 1.0.3.50.https://nvd.nist.gov/vuln/detail/CVE-2021-45512
CVE-2021-45513NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker.https://nvd.nist.gov/vuln/detail/CVE-2021-45513
CVE-2021-45514NETGEAR XR1000 devices before 1.0.0.58 are affected by command injection by an unauthenticated attacker.https://nvd.nist.gov/vuln/detail/CVE-2021-45514
CVE-2021-45515Certain NETGEAR devices are affected by denial of service. This affects EX7500 before 1.0.0.72, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, RBRE960 before 6.0.3.68, RBSE960 before 6.0.3.68, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45515
CVE-2021-45516Certain NETGEAR devices are affected by denial of service. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R8000 before 1.0.4.74, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.https://nvd.nist.gov/vuln/detail/CVE-2021-45516
CVE-2021-45517NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service.https://nvd.nist.gov/vuln/detail/CVE-2021-45517
CVE-2021-45518NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service.https://nvd.nist.gov/vuln/detail/CVE-2021-45518
CVE-2021-45519NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service.https://nvd.nist.gov/vuln/detail/CVE-2021-45519
CVE-2021-45520Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.https://nvd.nist.gov/vuln/detail/CVE-2021-45520
CVE-2021-45521Certain NETGEAR devices are affected by a hardcoded password. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.https://nvd.nist.gov/vuln/detail/CVE-2021-45521
CVE-2021-45522NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded password.https://nvd.nist.gov/vuln/detail/CVE-2021-45522
CVE-2021-45523NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflow by an authenticated user.https://nvd.nist.gov/vuln/detail/CVE-2021-45523
CVE-2021-45524NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflow by an authenticated user.https://nvd.nist.gov/vuln/detail/CVE-2021-45524
CVE-2021-45525Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX7000 before 1.0.1.80, R6400 before 1.0.1.50, R6400v2 before 1.0.4.118, R6700 before 1.0.2.8, R6700v3 before 1.0.4.118, R6900 before 1.0.2.8, R6900P before 1.3.2.124, R7000 before 1.0.9.88, R7000P before 1.3.2.124, R7900 before 1.0.3.18, R7900P before 1.4.1.50, R8000 before 1.0.4.46, R8000P before 1.4.1.50, RAX80 before 1.0.1.56, and WNR3500Lv2 before 1.2.0.62.https://nvd.nist.gov/vuln/detail/CVE-2021-45525
CVE-2021-45526Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects EX6000 before 1.0.0.38, EX6120 before 1.0.0.48, EX6130 before 1.0.0.30, R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R7000 before 1.0.11.126, R7900 before 1.0.4.30, R8000 before 1.0.4.52, R7000P before 1.3.2.124, R8000P before 1.4.1.50, RAX80 before 1.0.3.88, R6900P before 1.3.2.124, R7900P before 1.4.1.50, and RAX75 before 1.0.3.88.https://nvd.nist.gov/vuln/detail/CVE-2021-45526
CVE-2021-45527Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.54, EX7000 before 1.0.1.94, EX7500 before 1.0.0.72, R6250 before 1.0.4.48, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.102, R6700v3 before 1.0.4.102, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7850 before 1.0.5.68, R7900 before 1.0.4.30, R7960P before 1.4.1.68, R8000 before 1.0.4.52, RAX200 before 1.0.2.88, RBS40V before 2.6.2.4, RS400 before 1.5.1.80, XR300 before 1.0.3.56, R7000P before 1.3.2.124, R8000P before 1.4.1.68, R8500 before 1.0.2.144, RAX80 before 1.0.3.102, R6900P before 1.3.2.124, R7900P before 1.4.1.68, R8300 before 1.0.2.144, RAX75 before 1.0.3.102, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45527
CVE-2021-45528Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R6300v2 before 1.0.4.52, R6400 before 1.0.1.52, R6900 before 1.0.2.8, R7000 before 1.0.9.88, R7900 before 1.0.3.18, R8000 before 1.0.4.46, R7900P before 1.4.1.50, R8000P before 1.4.1.50, RAX75 before 1.0.3.88, RAX80 before 1.0.3.88, and WNR3500Lv2 before 1.2.0.62.https://nvd.nist.gov/vuln/detail/CVE-2021-45528
CVE-2021-45529Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects CBR40 before 2.3.5.12, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.2.124, R7000P before 1.3.2.124, R7900 before 1.0.4.30, R8000 before 1.0.4.52, and WNR3500Lv2 before 1.2.0.62.https://nvd.nist.gov/vuln/detail/CVE-2021-45529
CVE-2021-45530Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects R7000 before 1.0.11.126, R7960P before 1.4.2.84, R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.4.120, R7900P before 1.4.2.84, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.4.120.https://nvd.nist.gov/vuln/detail/CVE-2021-45530
CVE-2021-45531NETGEAR D6220 devices before 1.0.0.76 are affected by command injection by an authenticated user.https://nvd.nist.gov/vuln/detail/CVE-2021-45531
CVE-2021-45532NETGEAR R8000 devices before 1.0.4.76 are affected by command injection by an authenticated user.https://nvd.nist.gov/vuln/detail/CVE-2021-45532
CVE-2021-45533Certain NETGEAR devices are affected by command injection by an authenticated user. This affects EX6120 before 1.0.0.66, EX6130 before 1.0.0.46, EX7000 before 1.0.1.106, EX7500 before 1.0.1.76, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, RBR850 before 4.6.3.9, RBS850 before 4.6.3.9, and RBK852 before 4.6.3.9.https://nvd.nist.gov/vuln/detail/CVE-2021-45533
CVE-2021-45534Certain NETGEAR devices are affected by command injection by an authenticated user. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, D7000 before 1.0.1.82, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.https://nvd.nist.gov/vuln/detail/CVE-2021-45534
CVE-2021-45535Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.3.106, RAX80 before 1.0.3.106, RAX75 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45535
CVE-2021-45536Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45536
CVE-2021-45537Certain NETGEAR devices are affected by command injection by an authenticated user . This affects RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45537
CVE-2021-45538Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45538
CVE-2021-45539Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.28, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.28, and RAX75 before 1.0.3.106.https://nvd.nist.gov/vuln/detail/CVE-2021-45539
CVE-2021-45540Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.66, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.66, and RAX75 before 1.0.3.106.https://nvd.nist.gov/vuln/detail/CVE-2021-45540
CVE-2021-45541Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900 before 1.0.4.38, R7900P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45541
CVE-2021-45542Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45542
CVE-2021-45543Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R8000 before 1.0.4.74, RAX200 before 1.0.4.120, R8000P before 1.4.2.84, R7900P before 1.4.2.84, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBK852 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45543
CVE-2021-45544Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45544
CVE-2021-45545Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45545
CVE-2021-45546Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45546
CVE-2021-45547Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7850 before 1.0.5.74, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45547
CVE-2021-45548Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.60, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.128, EX6400 before 1.0.2.144, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6420 before 1.0.0.128, EX7300 before 1.0.2.144, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.5.26, R9000 before 1.0.5.2, RAX120 before 1.0.1.128, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.74, XR500 before 2.3.2.66, RBK20 before 2.7.3.22, RBR20 before 2.7.3.22, RBS20 before 2.7.3.22, RBK40 before 2.7.3.22, RBR40 before 2.7.3.22, and RBS40 before 2.7.3.22.https://nvd.nist.gov/vuln/detail/CVE-2021-45548
CVE-2021-45549Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LAX20 before 1.1.6.28, MK62 before 1.1.6.122, MR60 before 1.1.6.122, MS60 before 1.1.6.122, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.https://nvd.nist.gov/vuln/detail/CVE-2021-45549
CVE-2021-45550Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6100 before 1.0.0.63, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300 before 1.0.0.70, R7900 before 1.0.3.8, R7900P before 1.4.1.30, R8000 before 1.0.4.28, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, WNDR3400v3 before 1.0.1.24, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.56.https://nvd.nist.gov/vuln/detail/CVE-2021-45550
CVE-2021-45551Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.64, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, and WNR2020 before 1.1.0.62.https://nvd.nist.gov/vuln/detail/CVE-2021-45551
CVE-2021-45552Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.58, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.108, and XR700 before 1.0.1.20.https://nvd.nist.gov/vuln/detail/CVE-2021-45552
CVE-2021-45553Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126.https://nvd.nist.gov/vuln/detail/CVE-2021-45553
CVE-2021-45554Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6400 before 1.0.1.74, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, and R8000 before 1.0.4.74.https://nvd.nist.gov/vuln/detail/CVE-2021-45554
CVE-2021-45555Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7900P before 1.4.2.84, R7960P before 1.4.2.84, and R8000P before 1.4.2.84.https://nvd.nist.gov/vuln/detail/CVE-2021-45555
CVE-2021-45556Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GS108Tv2 before 5.4.2.36, GS110TPP before 7.0.7.2, GS110TPv2 before 5.4.2.36., GS110TPv3 before 7.0.7.2, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.https://nvd.nist.gov/vuln/detail/CVE-2021-45556
CVE-2021-45557Certain NETGEAR devices are affected by command injection by an authenticated user. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TUP before 1.0.5.3, GS710TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS724TPP before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS752TPv2 before 6.0.8.2, GS752TPP before 6.0.8.2, GS750E before 1.0.1.10, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.https://nvd.nist.gov/vuln/detail/CVE-2021-45557
CVE-2021-45558Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45558
CVE-2021-45559Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45559
CVE-2021-45560Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45560
CVE-2021-45561Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45561
CVE-2021-45562Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45562
CVE-2021-45563Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45563
CVE-2021-45564Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45564
CVE-2021-45565Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45565
CVE-2021-45566Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45566
CVE-2021-45567Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45567
CVE-2021-45568Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45568
CVE-2021-45569Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45569
CVE-2021-45570Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45570
CVE-2021-45571Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45571
CVE-2021-45572Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45572
CVE-2021-45573Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6260 before 1.1.0.76, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, and AC2600 before 1.2.0.62.https://nvd.nist.gov/vuln/detail/CVE-2021-45573
CVE-2021-45574Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45574
CVE-2021-45575Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45575
CVE-2021-45576Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45576
CVE-2021-45577Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45577
CVE-2021-45578Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45578
CVE-2021-45579Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45579
CVE-2021-45580Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45580
CVE-2021-45581Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45581
CVE-2021-45582Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45582
CVE-2021-45583Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45583
CVE-2021-45584Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45584
CVE-2021-45585Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45585
CVE-2021-45586Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45586
CVE-2021-45587Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45587
CVE-2021-45588Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45588
CVE-2021-45589Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45589
CVE-2021-45590Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45590
CVE-2021-45591Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45591
CVE-2021-45592Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45592
CVE-2021-45593Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.2.102, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBR50 before 2.7.2.102, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.2.102.https://nvd.nist.gov/vuln/detail/CVE-2021-45593
CVE-2021-45594Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBS50Y before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.https://nvd.nist.gov/vuln/detail/CVE-2021-45594
CVE-2021-45595Certain NETGEAR devices are affected by command injection by an authenticated user. This affects LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.https://nvd.nist.gov/vuln/detail/CVE-2021-45595
CVE-2021-45596Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45596
CVE-2021-45597Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45597
CVE-2021-45598Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45598
CVE-2021-45599Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45599
CVE-2021-45600Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45600
CVE-2021-45601Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45601
CVE-2021-45602Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.https://nvd.nist.gov/vuln/detail/CVE-2021-45602
CVE-2021-45603Certain NETGEAR devices are affected by disclosure of sensitive information. A UPnP request reveals a device's serial number, which can be used for a password reset. This affects D7800 before 1.0.1.66, EX2700 before 1.0.1.68, WN3000RPv2 before 1.0.0.90, WN3000RPv3 before 1.0.2.100, LBR1020 before 2.6.5.20, LBR20 before 2.6.5.32, R6700AX before 1.0.10.110, R7800 before 1.0.2.86, R8900 before 1.0.5.38, R9000 before 1.0.5.38, RAX10 before 1.0.10.110, RAX120v1 before 1.2.3.28, RAX120v2 before 1.2.3.28, RAX70 before 1.0.10.110, RAX78 before 1.0.10.110, XR450 before 2.3.2.130, XR500 before 2.3.2.130, and XR700 before 1.0.1.46.https://nvd.nist.gov/vuln/detail/CVE-2021-45603
CVE-2021-45604Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects CBR750 before 3.2.18.2, D6220 before 1.0.0.68, D6400 before 1.0.0.102, D8500 before 1.0.3.60, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.https://nvd.nist.gov/vuln/detail/CVE-2021-45604
CVE-2021-45605Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.68, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7900 before 1.0.4.38, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, and XR300 before 1.0.3.50.https://nvd.nist.gov/vuln/detail/CVE-2021-45605
CVE-2021-45606Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX200 before 1.0.4.120, RS400 before 1.5.1.80, R6400v2 before 1.0.4.118, R7000P before 1.3.3.140, RAX80 before 1.0.4.120, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, and RAX75 before 1.0.4.120.https://nvd.nist.gov/vuln/detail/CVE-2021-45606
CVE-2021-45607Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, RAX200 before 1.0.5.126, RAX75 before 1.0.5.126, and RAX80 before 1.0.5.126.https://nvd.nist.gov/vuln/detail/CVE-2021-45607
CVE-2021-45608Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 before 1.0.1.68, R6400v2 before 1.0.4.122, and R6700v3 before 1.0.4.122.https://nvd.nist.gov/vuln/detail/CVE-2021-45608
CVE-2021-45609Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D8500 before 1.0.3.58, R6250 before 1.0.4.48, R7000 before 1.0.11.116, R7100LG before 1.0.0.64, R7900 before 1.0.4.38, R8300 before 1.0.2.144, R8500 before 1.0.2.144, XR300 before 1.0.3.68, R7000P before 1.3.2.132, and R6900P before 1.3.2.132.https://nvd.nist.gov/vuln/detail/CVE-2021-45609
CVE-2021-45610Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.66, D6400 before 1.0.0.100, D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, DC112A before 1.0.0.52, DGN2200v4 before 1.0.0.118, EAX80 before 1.0.1.64, R6250 before 1.0.4.48, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R7960P before 1.4.1.64, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, R6400v2 before 1.0.4.106, R7000P before 1.3.2.132, R8000P before 1.4.1.64, RAX20 before 1.0.2.82, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, R6700v3 before 1.0.4.106, R6900P before 1.3.2.132, R7900P before 1.4.1.64, RAX15 before 1.0.2.82, RAX50 before 1.0.2.82, and RAX75 before 1.0.3.106.https://nvd.nist.gov/vuln/detail/CVE-2021-45610
CVE-2021-45611Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A before 1.0.0.52, R6400 before 1.0.1.68, RAX200 before 1.0.3.106, WNDR3400v3 before 1.0.1.38, XR300 before 1.0.3.68, R8500 before 1.0.2.144, RAX75 before 1.0.3.106, R8300 before 1.0.2.144, and RAX80 before 1.0.3.106.https://nvd.nist.gov/vuln/detail/CVE-2021-45611
CVE-2021-45612Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.https://nvd.nist.gov/vuln/detail/CVE-2021-45612
CVE-2021-45613Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, MR80 before 1.1.2.20, MS80 before 1.1.2.20, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.https://nvd.nist.gov/vuln/detail/CVE-2021-45613
CVE-2021-45614Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX43 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX35v2 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, and XR1000 before 1.0.0.58.https://nvd.nist.gov/vuln/detail/CVE-2021-45614
CVE-2021-45615Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45615
CVE-2021-45616Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 3.2.18.2, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, and XR1000 before 1.0.0.58.https://nvd.nist.gov/vuln/detail/CVE-2021-45616
CVE-2021-45617Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX7500 before 1.0.0.72, R6400 before 1.0.1.68, R6900P before 1.3.2.132, R7000 before 1.0.11.116, R7000P before 1.3.2.132, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.66, RAX200 before 1.0.3.106, RS400 before 1.5.1.80, XR300 before 1.0.3.68, MK62 before 1.0.6.110, MR60 before 1.0.6.110, R6400v2 before 1.0.4.106, R8000P before 1.4.1.66, RAX20 before 1.0.2.64, RAX45 before 1.0.2.82, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, R6700v3 before 1.0.4.106, R7900P before 1.4.1.66, RAX15 before 1.0.2.64, RAX50 before 1.0.2.82, RAX75 before 1.0.3.106, RBR750 before 3.2.16.22, RBR850 before 3.2.16.22, RBS750 before 3.2.16.22, RBS850 before 3.2.16.22, RBK752 before 3.2.16.22, and RBK852 before 3.2.16.22.https://nvd.nist.gov/vuln/detail/CVE-2021-45617
CVE-2021-45618Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.64, EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RAX120 before 1.2.0.16, RBS50Y before 1.0.0.56, WNR2000v5 before 1.0.0.76, XR450 before 2.3.2.114, XR500 before 2.3.2.114, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, EX6410 before 1.0.0.134, RBR10 before 2.6.1.44, RBR20 before 2.6.2.104, RBR40 before 2.6.2.104, RBR50 before 2.7.2.102, EX6420 before 1.0.0.134, RBS10 before 2.6.1.44, RBS20 before 2.6.2.104, RBS40 before 2.6.2.104, RBS50 before 2.7.2.102, EX6400v2 before 1.0.0.134, RBK12 before 2.6.1.44, RBK20 before 2.6.2.104, RBK40 before 2.6.2.104, and RBK50 before 2.7.2.102.https://nvd.nist.gov/vuln/detail/CVE-2021-45618
CVE-2021-45619Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v2 before 1.0.1.86, EX6250 before 1.0.0.134, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, LBR1020 before 2.6.3.58, LBR20 before 2.6.3.50, R7800 before 1.0.2.80, R8900 before 1.0.5.26, R9000 before 1.0.5.26, RBS50Y before 2.7.3.22, WNR2000v5 before 1.0.0.76, XR700 before 1.0.1.36, EX6150v2 before 1.0.1.98, EX7300 before 1.0.2.158, EX7320 before 1.0.0.134, RAX10 before 1.0.2.88, RAX120 before 1.2.0.16, RAX70 before 1.0.2.88, EX6100v2 before 1.0.1.98, EX6400 before 1.0.2.158, EX7300v2 before 1.0.0.134, R6700AX before 1.0.2.88, RAX120v2 before 1.2.0.16, RAX78 before 1.0.2.88, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR350 before 4.3.4.7, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS350 before 4.3.4.7, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK352 before 4.3.4.7, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.https://nvd.nist.gov/vuln/detail/CVE-2021-45619
CVE-2021-45620Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MR80 before 1.1.2.20, MS60 before 1.0.6.116, MS80 before 1.1.2.20, MK62 before 1.0.6.116, MK83 before 1.1.2.20, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.https://nvd.nist.gov/vuln/detail/CVE-2021-45620
CVE-2021-45621Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX3700 before 1.0.0.94, EX3800 before 1.0.0.94, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6300v2 before 1.0.4.52, R6400 before 1.0.1.70, R6400v2 before 1.0.4.106, R6700v3 before 1.0.4.106, R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, R7100LG before 1.0.0.72, R7850 before 1.0.5.74, R7900 before 1.0.4.46, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.74, R8000P before 1.4.2.84, R8300 before 1.0.2.154, R8500 before 1.0.2.154, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.https://nvd.nist.gov/vuln/detail/CVE-2021-45621
CVE-2021-45622Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, EAX20 before 1.0.0.58, EAX80 before 1.0.1.68, EX7500 before 1.0.0.74, LAX20 before 1.1.6.28, MK62 before 1.0.6.116, MR60 before 1.0.6.116, MS60 before 1.0.6.116, R6400 before 1.0.1.70, R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, R6900P before 1.3.3.140, R7000 before 1.0.11.116, R7000P before 1.3.3.140, R7850 before 1.0.5.68, R7900 before 1.0.4.38, R7900P before 1.4.2.84, R7960P before 1.4.2.84, R8000 before 1.0.4.68, R8000P before 1.4.2.84, RAX15 before 1.0.3.96, RAX20 before 1.0.3.96, RAX200 before 1.0.4.120, RAX35v2 before 1.0.3.96, RAX40v2 before 1.0.3.96, RAX43 before 1.0.3.96, RAX45 before 1.0.3.96, RAX50 before 1.0.3.96, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, RBK752 before 3.2.17.12, RBK852 before 3.2.17.12, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RS400 before 1.5.1.80, XR1000 before 1.0.0.58, and XR300 before 1.0.3.68.https://nvd.nist.gov/vuln/detail/CVE-2021-45622
CVE-2021-45623Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R7800 before 1.0.2.74, R9000 before 1.0.5.2, and XR500 before 2.3.2.66.https://nvd.nist.gov/vuln/detail/CVE-2021-45623
CVE-2021-45624Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7000v2 before 1.0.0.66, D8500 before 1.0.3.58, R7000 before 1.0.11.110, R7100LG before 1.0.0.72, R7900 before 1.0.4.30, R8000 before 1.0.4.62, XR300 before 1.0.3.56, R7000P before 1.3.2.132, R8500 before 1.0.2.144, R6900P before 1.3.2.132, and R8300 before 1.0.2.144.https://nvd.nist.gov/vuln/detail/CVE-2021-45624
CVE-2021-45625Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects XR300 before 1.0.3.68, R7000P before 1.3.3.140, and R6900P before 1.3.3.140.https://nvd.nist.gov/vuln/detail/CVE-2021-45625
CVE-2021-45626Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK20 before 2.6.1.36, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.36, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, and RBS50Y before 2.6.1.40.https://nvd.nist.gov/vuln/detail/CVE-2021-45626
CVE-2021-45627Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45627
CVE-2021-45628Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 3.2.18.2, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, RBS850 before 3.2.17.12, RBS40V before 2.6.2.4, and RBW30 before 2.6.2.2.https://nvd.nist.gov/vuln/detail/CVE-2021-45628
CVE-2021-45629Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45629
CVE-2021-45630Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45630
CVE-2021-45631Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.24, CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45631
CVE-2021-45632Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45632
CVE-2021-45633Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45633
CVE-2021-45634Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45634
CVE-2021-45635Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR750 before 4.6.3.6, RBK752 before 3.2.17.12, RBR750 before 3.2.17.12, RBS750 before 3.2.17.12, RBK852 before 3.2.17.12, RBR850 before 3.2.17.12, and RBS850 before 3.2.17.12.https://nvd.nist.gov/vuln/detail/CVE-2021-45635
CVE-2021-45636NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based buffer overflow by an unauthenticated attacker.https://nvd.nist.gov/vuln/detail/CVE-2021-45636
CVE-2021-45637Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects R6260 before 1.1.0.76, R6800 before 1.2.0.62, R6700v2 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, and AC2600 before 1.2.0.62.https://nvd.nist.gov/vuln/detail/CVE-2021-45637
CVE-2021-45638Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D6220 before 1.0.0.68, D6400 before 1.0.0.102, D7000v2 before 1.0.0.74, D8500 before 1.0.3.60, DC112A before 1.0.0.56, R6300v2 before 1.0.4.50, R6400 before 1.0.1.68, R7000 before 1.0.11.116, R7100LG before 1.0.0.70, RBS40V before 2.6.2.8, RBW30 before 2.6.2.2, RS400 before 1.5.1.80, R7000P before 1.3.2.132, and R6900P before 1.3.2.132.https://nvd.nist.gov/vuln/detail/CVE-2021-45638
CVE-2021-45639Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45639
CVE-2021-45640Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700 before 1.0.2.6, R6700v3 before 1.0.2.66, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBK40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR20 before 2.3.0.28, RBR40 before 2.3.0.28, RBR50 before 2.3.0.32, RBS20 before 2.3.0.28, RBS40 before 2.3.0.28, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.56, and XR500 before 2.3.2.56.https://nvd.nist.gov/vuln/detail/CVE-2021-45640
CVE-2021-45641Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6200 before 1.1.00.34, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.74, D7000v2 before 1.0.0.53, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200Bv4 before 1.0.0.109, DGN2200v4 before 1.0.0.110, DM200 before 1.0.0.61, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6120 before 1.0.0.46, EX6130 before 1.0.0.28, EX7000 before 1.0.1.78, PR2000 before 1.0.0.28, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.34, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R6700 before 1.0.2.6, R6900 before 1.0.2.6, R7000 before 1.0.9.34, R7100LG before 1.0.0.50, R7500v2 before 1.0.3.40, R7900P before 1.4.1.50, R8000P before 1.4.1.50, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN3000RPv2 before 1.0.0.78, WNDR3400v3 before 1.0.1.24, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, and XR500 before 2.3.2.56.https://nvd.nist.gov/vuln/detail/CVE-2021-45641
CVE-2021-45642Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D7800 before 1.0.1.64, EX6250 before 1.0.0.134, EX7700 before 1.0.0.222, LBR20 before 2.6.3.50, RBS50Y before 2.7.3.22, R8900 before 1.0.5.26, R9000 before 1.0.5.26, XR450 before 2.3.2.66, XR500 before 2.3.2.66, XR700 before 1.0.1.36, EX7320 before 1.0.0.134, RAX120 before 1.2.2.24, EX7300v2 before 1.0.0.134, RAX120v2 before 1.2.2.24, EX6410 before 1.0.0.134, RBR10 before 2.7.3.22, RBR20 before 2.7.3.22, RBR40 before 2.7.3.22, RBR50 before 2.7.3.22, EX6420 before 1.0.0.134, RBS10 before 2.7.3.22, RBS20 before 2.7.3.22, RBS40 before 2.7.3.22, RBS50 before 2.7.3.22, EX6400v2 before 1.0.0.134, RBK12 before 2.7.3.22, RBK20 before 2.7.3.22, RBK40 before 2.7.3.22, and RBK50 before 2.7.3.22.https://nvd.nist.gov/vuln/detail/CVE-2021-45642
CVE-2021-45643Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6400v2 before 1.0.4.118, R6700v3 before 1.0.4.118, and XR1000 before 1.0.0.58.https://nvd.nist.gov/vuln/detail/CVE-2021-45643
CVE-2021-45644Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.88, AC2400 before 1.2.0.88, AC2600 before 1.2.0.88, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.84, R6330 before 1.1.0.84, R6350 before 1.1.0.84, R6700v2 before 1.2.0.88, R6800 before 1.2.0.88, R6850 before 1.1.0.84, R6900v2 before 1.2.0.88, R7200 before 1.2.0.88, R7350 before 1.2.0.88, R7400 before 1.2.0.88, and R7450 before 1.2.0.88.https://nvd.nist.gov/vuln/detail/CVE-2021-45644
CVE-2021-45645Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects RBS50Y before 2.7.0.122, SRK60 before 2.7.0.122, SRR60 before 2.7.0.122, SRS60 before 2.7.0.122, SXK30 before 3.2.33.108, SXR30 before 3.2.33.108, SXS30 before 3.2.33.108, and SRC60 before 2.7.0.122.https://nvd.nist.gov/vuln/detail/CVE-2021-45645
CVE-2021-45646NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2021-45646
CVE-2021-45647Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EAX80 before 1.0.1.62, EX7000 before 1.0.1.104, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7000 before 1.0.11.116, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, R7900 before 1.0.4.38, R7960P before 1.4.1.66, R8000 before 1.0.4.68, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.https://nvd.nist.gov/vuln/detail/CVE-2021-45647
CVE-2021-45648Certain NETGEAR devices are affected by disclosure of sensitive information. This affects EX6100v2 before 1.0.1.106, EX6150v2 before 1.0.1.106, EX6250 before 1.0.0.146, EX6400 before 1.0.2.164, EX6400v2 before 1.0.0.146, EX6410 before 1.0.0.146, EX6420 before 1.0.0.146, EX7300 before 1.0.2.164, EX7300v2 before 1.0.0.146, EX7320 before 1.0.0.146, EX7700 before 1.0.0.222, LBR1020 before 2.6.5.16, LBR20 before 2.6.5.2, RBK352 before 4.3.4.7, RBK50 before 2.7.3.22, RBR350 before 4.3.4.7, RBR50 before 2.7.3.22, and RBS350 before 4.3.4.7.https://nvd.nist.gov/vuln/detail/CVE-2021-45648
CVE-2021-45649Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R7000 before 1.0.11.126, R6900P before 1.3.2.126, and R7000P before 1.3.2.126.https://nvd.nist.gov/vuln/detail/CVE-2021-45649
CVE-2021-45650Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RS400 before 1.5.1.80, R6400v2 before 1.0.4.102, R7000P before 1.3.2.126, R6700v3 before 1.0.4.102, and R6900P before 1.3.2.126.https://nvd.nist.gov/vuln/detail/CVE-2021-45650
CVE-2021-45651Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK50 before 2.7.3.22, RBR50 before 2.7.3.22, and RBS50 before 2.7.3.22.https://nvd.nist.gov/vuln/detail/CVE-2021-45651
CVE-2021-45652Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.https://nvd.nist.gov/vuln/detail/CVE-2021-45652
CVE-2021-45653Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK352 before 4.4.0.10, RBR350 before 4.4.0.10, and RBS350 before 4.4.0.10.https://nvd.nist.gov/vuln/detail/CVE-2021-45653
CVE-2021-45654NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2021-45654
CVE-2021-45655NETGEAR R6400 devices before 1.0.1.70 are affected by server-side injection.https://nvd.nist.gov/vuln/detail/CVE-2021-45655
CVE-2021-45656Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.https://nvd.nist.gov/vuln/detail/CVE-2021-45656
CVE-2021-45657Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, and WNR2020 before 1.1.0.62.https://nvd.nist.gov/vuln/detail/CVE-2021-45657
CVE-2021-45658Certain NETGEAR devices are affected by server-side injection. This affects D7800 before 1.0.1.58, DM200 before 1.0.0.66, EX2700 before 1.0.1.56, EX6150v2 before 1.0.1.86, EX6100v2 before 1.0.1.86, EX6200v2 before 1.0.1.78, EX6250 before 1.0.0.110, EX6410 before 1.0.0.110, EX6420 before 1.0.0.110, EX6400v2 before 1.0.0.110, EX7300 before 1.0.2.144, EX6400 before 1.0.2.144, EX7320 before 1.0.0.110, EX7300v2 before 1.0.0.110, R7500v2 before 1.0.3.48, R7800 before 1.0.2.68, R8900 before 1.0.5.2, R9000 before 1.0.5.2, RAX120 before 1.0.1.90, RBK40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, RBS50Y before 2.6.1.40, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.80, WNR2000v5 before 1.0.0.72, XR500 before 2.3.2.56, and XR700 before 1.0.1.20.https://nvd.nist.gov/vuln/detail/CVE-2021-45658
CVE-2021-45659Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.https://nvd.nist.gov/vuln/detail/CVE-2021-45659
CVE-2021-45660Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.https://nvd.nist.gov/vuln/detail/CVE-2021-45660
CVE-2021-45661Certain NETGEAR devices are affected by server-side injection. This affects RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40.https://nvd.nist.gov/vuln/detail/CVE-2021-45661
CVE-2021-45662NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS.https://nvd.nist.gov/vuln/detail/CVE-2021-45662
CVE-2021-45663NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.https://nvd.nist.gov/vuln/detail/CVE-2021-45663
CVE-2021-45664NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.https://nvd.nist.gov/vuln/detail/CVE-2021-45664
CVE-2021-45665Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.https://nvd.nist.gov/vuln/detail/CVE-2021-45665
CVE-2021-45666Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.https://nvd.nist.gov/vuln/detail/CVE-2021-45666
CVE-2021-45667Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45667
CVE-2021-45668Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.https://nvd.nist.gov/vuln/detail/CVE-2021-45668
CVE-2021-45669Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45669
CVE-2021-45670Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45670
CVE-2021-45671Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.62, EX7500 before 1.0.0.72, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.4.120, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.4.120, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.4.120, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.https://nvd.nist.gov/vuln/detail/CVE-2021-45671
CVE-2021-45672Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.https://nvd.nist.gov/vuln/detail/CVE-2021-45672
CVE-2021-45673Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106.https://nvd.nist.gov/vuln/detail/CVE-2021-45673
CVE-2021-45674Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.https://nvd.nist.gov/vuln/detail/CVE-2021-45674
CVE-2021-45675Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76.https://nvd.nist.gov/vuln/detail/CVE-2021-45675
CVE-2021-45676Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.https://nvd.nist.gov/vuln/detail/CVE-2021-45676
CVE-2021-45677Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.https://nvd.nist.gov/vuln/detail/CVE-2021-45677
CVE-2021-45678NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code.https://nvd.nist.gov/vuln/detail/CVE-2021-45678
CVE-2021-45679Certain NETGEAR devices are affected by privilege escalation. This affects R6900P before 1.3.3.140, R7000 before 1.0.11.126, R7000P before 1.3.3.140, and RS400 before 1.5.1.80.https://nvd.nist.gov/vuln/detail/CVE-2021-45679
CVE-2021-44078An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling uc_mem_map_ptr to free part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine.https://nvd.nist.gov/vuln/detail/CVE-2021-44078
CVE-2021-4169livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')https://nvd.nist.gov/vuln/detail/CVE-2021-4169
CVE-2021-4168showdoc is vulnerable to Cross-Site Request Forgery (CSRF)https://nvd.nist.gov/vuln/detail/CVE-2021-4168
CVE-2021-44598Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflected method, and then can store information by injecting the admin account on this system.https://nvd.nist.gov/vuln/detail/CVE-2021-44598
CVE-2021-45712An issue was discovered in the rust-embed crate before 6.3.0 for Rust. A ../ directory traversal can sometimes occur in debug mode.https://nvd.nist.gov/vuln/detail/CVE-2021-45712
CVE-2021-45713An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2021-45713
CVE-2021-45714An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2021-45714
CVE-2021-45715An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2021-45715
CVE-2021-45716An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2021-45716
CVE-2021-45717An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2021-45717
CVE-2021-45718An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2021-45718
CVE-2021-45719An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2021-45719
CVE-2021-45720An issue was discovered in the lru crate before 0.7.1 for Rust. The iterators have a use-after-free, as demonstrated by an access after a pop operation.https://nvd.nist.gov/vuln/detail/CVE-2021-45720
CVE-2018-25023An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.https://nvd.nist.gov/vuln/detail/CVE-2018-25023
CVE-2018-25024An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption.https://nvd.nist.gov/vuln/detail/CVE-2018-25024
CVE-2018-25025An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption.https://nvd.nist.gov/vuln/detail/CVE-2018-25025
CVE-2018-25026An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption.https://nvd.nist.gov/vuln/detail/CVE-2018-25026
CVE-2018-25027An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2018-25027
CVE-2018-25028An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2018-25028
CVE-2019-25054An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upon attempted dereference of an uninitialized descriptor) because of an erroneous IcmpTransportChannelIterator compiler optimization.https://nvd.nist.gov/vuln/detail/CVE-2019-25054
CVE-2019-25055An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary.https://nvd.nist.gov/vuln/detail/CVE-2019-25055
CVE-2020-36511An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2020-36511
CVE-2020-36512An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2020-36512
CVE-2020-36513An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2020-36513
CVE-2020-36514An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2020-36514
CVE-2021-45680An issue was discovered in the vec-const crate before 2.0.0 for Rust. It tries to construct a Vec from a pointer to a const slice, leading to memory corruption.https://nvd.nist.gov/vuln/detail/CVE-2021-45680
CVE-2021-45681An issue was discovered in the derive-com-impl crate before 0.1.2 for Rust. An invalid reference (and memory corruption) can occur because AddRef might not be called before returning a pointer.https://nvd.nist.gov/vuln/detail/CVE-2021-45681
CVE-2021-45682An issue was discovered in the bronzedb-protocol crate through 2021-01-03 for Rust. ReadKVExt may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45682
CVE-2021-45683An issue was discovered in the binjs_io crate through 2021-01-03 for Rust. The Read method may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45683
CVE-2021-45684An issue was discovered in the flumedb crate through 2021-01-07 for Rust. read_entry may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45684
CVE-2021-45685An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::read_typed_vec may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45685
CVE-2021-45686An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preamble_skipcount may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45686
CVE-2021-45687An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. If the serialize feature is used (which is not the the default), a Deserialize operation may lack sufficient validation, leading to memory corruption or a panic.https://nvd.nist.gov/vuln/detail/CVE-2021-45687
CVE-2021-45688An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45688
CVE-2021-45689An issue was discovered in the gfx-auxil crate through 2021-01-07 for Rust. gfx_auxil::read_spirv may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45689
CVE-2021-45690An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_binary may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45690
CVE-2021-45691An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45691
CVE-2021-45692An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_extension_others may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45692
CVE-2021-45693An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserialize_string_primitive may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45693
CVE-2021-45694An issue was discovered in the rdiff crate through 2021-02-03 for Rust. Window may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45694
CVE-2021-45695An issue was discovered in the mopa crate through 2021-06-01 for Rust. It incorrectly relies on Trait memory layout, possibly leading to future occurrences of arbitrary code execution or ASLR bypass.https://nvd.nist.gov/vuln/detail/CVE-2021-45695
CVE-2021-45696An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used.https://nvd.nist.gov/vuln/detail/CVE-2021-45696
CVE-2021-45697An issue was discovered in the molecule crate before 0.7.2 for Rust. A FixVec partial read has an incorrect result.https://nvd.nist.gov/vuln/detail/CVE-2021-45697
CVE-2021-45698An issue was discovered in the ckb crate before 0.40.0 for Rust. A get_block_template RPC call may fail in situations where it is supposed to select a Nervos CKB blockchain transaction with a higher fee rate than another transaction.https://nvd.nist.gov/vuln/detail/CVE-2021-45698
CVE-2021-45699An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap.https://nvd.nist.gov/vuln/detail/CVE-2021-45699
CVE-2021-45700An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup.https://nvd.nist.gov/vuln/detail/CVE-2021-45700
CVE-2021-45701An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2021-45701
CVE-2021-45702An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free.https://nvd.nist.gov/vuln/detail/CVE-2021-45702
CVE-2021-45703An issue was discovered in the tectonic_xdv crate before 0.1.12 for Rust. XdvParser::<T>::process may read from uninitialized memory locations.https://nvd.nist.gov/vuln/detail/CVE-2021-45703
CVE-2021-45704An issue was discovered in the metrics-util crate before 0.7.0 for Rust. There is a data race and memory corruption because AtomicBucket<T> unconditionally implements the Send and Sync traits.https://nvd.nist.gov/vuln/detail/CVE-2021-45704
CVE-2021-45705An issue was discovered in the nanorand crate before 0.6.1 for Rust. There can be multiple mutable references to the same object because the TlsWyRand Deref implementation dereferences a raw pointer.https://nvd.nist.gov/vuln/detail/CVE-2021-45705
CVE-2021-45706An issue was discovered in the zeroize_derive crate before 1.1.1 for Rust. Dropped memory is not zeroed out for an enum.https://nvd.nist.gov/vuln/detail/CVE-2021-45706
CVE-2021-45707An issue was discovered in the nix crate before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.https://nvd.nist.gov/vuln/detail/CVE-2021-45707
CVE-2021-45708An issue was discovered in the abomonation crate through 2021-10-17 for Rust. Because transmute operations are insufficiently constrained, there can be an information leak or ASLR bypass.https://nvd.nist.gov/vuln/detail/CVE-2021-45708
CVE-2021-45709An issue was discovered in the crypto2 crate through 2021-10-08 for Rust. During Chacha20 encryption and decryption, an unaligned read of a u32 may occur.https://nvd.nist.gov/vuln/detail/CVE-2021-45709
CVE-2021-45710An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.https://nvd.nist.gov/vuln/detail/CVE-2021-45710
CVE-2021-45711An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 for Rust. There is a panic if UTCTime data, supplied by a remote attacker, has a second character greater than 0x7f.https://nvd.nist.gov/vuln/detail/CVE-2021-45711
CVE-2021-24753The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issuehttps://nvd.nist.gov/vuln/detail/CVE-2021-24753
CVE-2021-24797The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.https://nvd.nist.gov/vuln/detail/CVE-2021-24797
CVE-2021-24902The Typebot | Build beautiful conversational forms WordPress plugin before 1.4.3 does not sanitise and escape the Publish ID setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.https://nvd.nist.gov/vuln/detail/CVE-2021-24902
CVE-2021-24967The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.6.4 does not sanitise and escape some lead values, which could allow unauthenticated users to perform Cross-Site Scripting attacks against logged in admin viewing the inserted Leadshttps://nvd.nist.gov/vuln/detail/CVE-2021-24967
CVE-2021-24969The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any authenticated users such as subscriber is able to call it and perform Cross-Site Scripting attackshttps://nvd.nist.gov/vuln/detail/CVE-2021-24969
CVE-2021-24979The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2021-24979
CVE-2021-24980The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin pagehttps://nvd.nist.gov/vuln/detail/CVE-2021-24980
CVE-2021-24984The WPFront User Role Editor WordPress plugin before 3.2.1.11184 does not sanitise and escape the changes-saved parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2021-24984
CVE-2021-24988The WP RSS Aggregator WordPress plugin before 4.19.3 does not sanitise and escape data before outputting it in the System Info admin dashboard, which could lead to a Stored XSS issue due to the wprss_dismiss_addon_notice AJAX action missing authorisation and CSRF checks, allowing any authenticated users, such as subscriber to call it and set a malicious payload in the addon parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-24988
CVE-2021-24992The Smart Floating / Sticky Buttons WordPress plugin before 2.5.5 does not sanitise and escape some parameter before outputting them in attributes and page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.https://nvd.nist.gov/vuln/detail/CVE-2021-24992
CVE-2021-24997The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary userhttps://nvd.nist.gov/vuln/detail/CVE-2021-24997
CVE-2021-24998The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the str_shuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation.https://nvd.nist.gov/vuln/detail/CVE-2021-24998
CVE-2021-4173vim is vulnerable to Use After Freehttps://nvd.nist.gov/vuln/detail/CVE-2021-4173
CVE-2021-45335Sandbox component in Avast Antivirus prior to 20.4 has an insecure permission which could be abused by local user to control the outcome of scans, and therefore evade detection or delete arbitrary system files.https://nvd.nist.gov/vuln/detail/CVE-2021-45335
CVE-2021-45336Privilege escalation vulnerability in the Sandbox component of Avast Antivirus prior to 20.4 allows a local sandboxed code to gain elevated privileges by using system IPC interfaces which could lead to exit the sandbox and acquire SYSTEM privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-45336
CVE-2021-45337Privilege escalation vulnerability in the Self-Defense driver of Avast Antivirus prior to 20.8 allows a local user with SYSTEM privileges to gain elevated privileges by "hollowing" process wsc_proxy.exe which could lead to acquire antimalware (AM-PPL) protection.https://nvd.nist.gov/vuln/detail/CVE-2021-45337
CVE-2021-45338Multiple privilege escalation vulnerabilities in Avast Antivirus prior to 20.4 allow a local user to gain elevated privileges by calling unnecessarily powerful internal methods of the main antivirus service which could lead to the (1) arbitrary file delete, (2) write and (3) reset security.https://nvd.nist.gov/vuln/detail/CVE-2021-45338
CVE-2021-45339Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense.https://nvd.nist.gov/vuln/detail/CVE-2021-45339
CVE-2021-45232In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.https://nvd.nist.gov/vuln/detail/CVE-2021-45232
CVE-2021-38961IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049.https://nvd.nist.gov/vuln/detail/CVE-2021-38961
CVE-2021-43845PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.https://nvd.nist.gov/vuln/detail/CVE-2021-43845
CVE-2021-21750ZTE BigVideo Analysis product has a privilege escalation vulnerability. Due to improper management of the timed task modification privilege, an attacker with ordinary user permissions could exploit this vulnerability to gain unauthorized access.https://nvd.nist.gov/vuln/detail/CVE-2021-21750
CVE-2021-21751ZTE BigVideo analysis product has an input verification vulnerability. Due to the inconsistency between the front and back verifications when configuring the large screen page, an attacker with high privileges could exploit this vulnerability to tamper with the URL and cause service exception.https://nvd.nist.gov/vuln/detail/CVE-2021-21751
CVE-2021-23244ColorOS pregrant dangerous permissions to apps which are listed in a whitelist xml named default-grant-permissions.But some apps in whitelist is not installed, attacker can disguise app with the same package name to obtain dangerous permission.https://nvd.nist.gov/vuln/detail/CVE-2021-23244
CVE-2021-32993IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.https://nvd.nist.gov/vuln/detail/CVE-2021-32993
CVE-2021-33017The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.https://nvd.nist.gov/vuln/detail/CVE-2021-33017
CVE-2021-35232Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.https://nvd.nist.gov/vuln/detail/CVE-2021-35232
CVE-2021-43548Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.https://nvd.nist.gov/vuln/detail/CVE-2021-43548
CVE-2021-43550The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.https://nvd.nist.gov/vuln/detail/CVE-2021-43550
CVE-2021-43552The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.https://nvd.nist.gov/vuln/detail/CVE-2021-43552
CVE-2021-4161The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server.https://nvd.nist.gov/vuln/detail/CVE-2021-4161
CVE-2021-45890basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier.https://nvd.nist.gov/vuln/detail/CVE-2021-45890
CVE-2020-20943A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2020-20943
CVE-2020-20944An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.https://nvd.nist.gov/vuln/detail/CVE-2020-20944
CVE-2020-20945A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts.https://nvd.nist.gov/vuln/detail/CVE-2020-20945
CVE-2020-20946Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability in the component /admin/index.php?lfj=friendlink&action=add.https://nvd.nist.gov/vuln/detail/CVE-2020-20946
CVE-2020-20948An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable.https://nvd.nist.gov/vuln/detail/CVE-2020-20948
CVE-2021-45895Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface.https://nvd.nist.gov/vuln/detail/CVE-2021-45895
CVE-2021-45884In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916.https://nvd.nist.gov/vuln/detail/CVE-2021-45884
CVE-2021-45896Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.https://nvd.nist.gov/vuln/detail/CVE-2021-45896
CVE-2020-21236A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.https://nvd.nist.gov/vuln/detail/CVE-2020-21236
CVE-2020-21237An issue in the user login box of LJCMS v1.11 allows attackers to hijack user accounts via brute force attacks.https://nvd.nist.gov/vuln/detail/CVE-2020-21237
CVE-2020-21238An issue in the user login box of CSCMS v4.0 allows attackers to hijack user accounts via brute force attacks.https://nvd.nist.gov/vuln/detail/CVE-2020-21238
CVE-2021-45904OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.https://nvd.nist.gov/vuln/detail/CVE-2021-45904
CVE-2021-45905OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.https://nvd.nist.gov/vuln/detail/CVE-2021-45905
CVE-2021-45906OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.https://nvd.nist.gov/vuln/detail/CVE-2021-45906
CVE-2021-45907An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.https://nvd.nist.gov/vuln/detail/CVE-2021-45907
CVE-2021-45908An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.https://nvd.nist.gov/vuln/detail/CVE-2021-45908
CVE-2021-45909An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow vulnerability in the DecodeLZW function. It allows an attacker to write a large amount of arbitrary data outside the boundaries of a buffer.https://nvd.nist.gov/vuln/detail/CVE-2021-45909
CVE-2021-45910An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow within the main function. It allows an attacker to write data outside of the allocated buffer. The attacker has control over a part of the address that data is written to, control over the written data, and (to some extent) control over the amount of data that is written.https://nvd.nist.gov/vuln/detail/CVE-2021-45910
CVE-2021-45911An issue was discovered in gif2apng 1.9. There is a heap-based buffer overflow in the main function. It allows an attacker to write 2 bytes outside the boundaries of the buffer.https://nvd.nist.gov/vuln/detail/CVE-2021-45911
CVE-2021-20873Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. When Android apps are developed with Yappli versions since v7.3.6 and prior to v9.30.0, they are vulnerable to improper authorization in Custom URL Scheme handler, and may be directed to unintended sites via a specially crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2021-20873
CVE-2021-4177livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Informationhttps://nvd.nist.gov/vuln/detail/CVE-2021-4177
CVE-2021-4179livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')https://nvd.nist.gov/vuln/detail/CVE-2021-4179
CVE-2021-35031A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device.https://nvd.nist.gov/vuln/detail/CVE-2021-35031
CVE-2021-35032A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call.https://nvd.nist.gov/vuln/detail/CVE-2021-35032
CVE-2021-40579https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. The impact is: gain privileges (remote).https://nvd.nist.gov/vuln/detail/CVE-2021-40579
CVE-2018-17875A remote code execution issue in the ping command on Poly Trio 8800 5.7.1.4145 devices allows remote authenticated users to execute commands via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2018-17875
CVE-2019-20082ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp.https://nvd.nist.gov/vuln/detail/CVE-2019-20082
CVE-2021-37400An attacker may obtain the user credentials from the communication between the PLC and the software. As a result, the PLC user program may be uploaded, altered, and/or downloaded.https://nvd.nist.gov/vuln/detail/CVE-2021-37400
CVE-2021-37401An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded.https://nvd.nist.gov/vuln/detail/CVE-2021-37401
CVE-2021-45425Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.https://nvd.nist.gov/vuln/detail/CVE-2021-45425
CVE-2021-45903A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268.https://nvd.nist.gov/vuln/detail/CVE-2021-45903
CVE-2021-45812NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking.https://nvd.nist.gov/vuln/detail/CVE-2021-45812
CVE-2021-45813SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft.https://nvd.nist.gov/vuln/detail/CVE-2021-45813
CVE-2021-45814Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attacker can bypass authentication and access the panel with an administrative account.https://nvd.nist.gov/vuln/detail/CVE-2021-45814
CVE-2021-3090PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property.https://nvd.nist.gov/vuln/detail/CVE-2021-3090
CVE-2021-3095A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim’s user permissions.https://nvd.nist.gov/vuln/detail/CVE-2021-3095
CVE-2021-42583A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy before 0.5.2, which is an unnecessary risk that may result in the exposure of sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2021-42583
CVE-2021-43554FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-43554
CVE-2021-43556FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2021-43556
CVE-2020-22057The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data.https://nvd.nist.gov/vuln/detail/CVE-2020-22057
CVE-2020-22061SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140.https://nvd.nist.gov/vuln/detail/CVE-2020-22061
CVE-2020-7878An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier versions (CVE-2020-7878). This issue is due to missing support for integrity check.https://nvd.nist.gov/vuln/detail/CVE-2020-7878
CVE-2020-7883Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.https://nvd.nist.gov/vuln/detail/CVE-2020-7883
CVE-2021-44832Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.https://nvd.nist.gov/vuln/detail/CVE-2021-44832