The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-38410 | AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33468 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33467 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33466 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33465 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33464 | An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33463 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33462 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33461 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33460 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33459 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33458 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33457 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33456 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 29, 2022 | n/a |
| CVE-2021-33455 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 29, 2022 | n/a |
| CVE-2021-33454 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. | -- | Jul 29, 2022 | n/a |
| CVE-2021-33453 | An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538. | -- | Jul 26, 2022 | n/a |
| CVE-2021-33452 | An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c. | -- | Jul 26, 2022 | n/a |
| CVE-2021-33451 | An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c. | -- | Jul 26, 2022 | n/a |
| CVE-2021-33450 | An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c. | -- | Jul 26, 2022 | n/a |
| CVE-2021-33449 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33448 | An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33447 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33446 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33445 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33444 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33443 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33442 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in json_printf() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33441 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33440 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_commit() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33439 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33438 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33437 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33371 | A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. | -- | Jul 28, 2022 | n/a |
| CVE-2021-33057 | The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g., android.permission.ACCESS_FINE_LOCATION) for determining the device\'s physical location. An attacker can use qq.createMapContext to create a MapContext object, use MapContext.moveToLocation to move the center of the map to the device\'s location, and use MapContext.getCenterLocation to get the latitude and longitude of the current map center. | -- | Jul 27, 2022 | n/a |
| CVE-2021-27785 | HCL Commerce\'s Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | -- | Jul 30, 2022 | n/a |
| CVE-2021-23451 | The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack. | -- | Jul 25, 2022 | n/a |
| CVE-2021-23397 | All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead. | -- | Jul 25, 2022 | n/a |
| CVE-2021-23373 | All versions of package set-deep-prop are vulnerable to Prototype Pollution via the main functionality. | -- | Jul 25, 2022 | n/a |
| CVE-2021-22650 | An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. | -- | Jul 28, 2022 | n/a |
| CVE-2021-22648 | Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file. | -- | Jul 28, 2022 | n/a |
| CVE-2021-22646 | The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. | -- | Jul 28, 2022 | n/a |
| CVE-2021-22644 | Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. | -- | Jul 28, 2022 | n/a |
| CVE-2021-22642 | An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system. | -- | Jul 28, 2022 | n/a |
| CVE-2021-22640 | An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. | -- | Jul 28, 2022 | n/a |
| CVE-2020-36290 | The Livesearch macro in Confluence Server and Data Center before version 7.4.5, from version 7.5.0 before 7.6.3, and from version 7.7.0 before version 7.7.4 allows remote attackers with permission to edit a page or blog to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the page excerpt functionality. | -- | Jul 26, 2022 | n/a |
| CVE-2020-28471 | This affects the package properties-reader before 2.2.0. | -- | Jul 25, 2022 | n/a |
| CVE-2020-28462 | This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context. | -- | Jul 25, 2022 | n/a |
| CVE-2020-28461 | This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context. | -- | Jul 25, 2022 | n/a |
| CVE-2020-28459 | This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link. | -- | Jul 25, 2022 | n/a |
