The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2021-43519 | Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. | MEDIUM | Nov 12, 2021 |
CVE-2021-43518 | Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client\'s stack causing denial of service or code execution. | MEDIUM | Dec 15, 2021 |
CVE-2021-43517 | FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530. | HIGH | Apr 8, 2022 |
CVE-2021-43515 | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting to a CSV file. | MEDIUM | Apr 8, 2022 |
CVE-2021-43512 | An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. | LOW | Jun 2, 2022 |
CVE-2021-43510 | SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php. | HIGH | Feb 4, 2022 |
CVE-2021-43509 | SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php. | HIGH | Feb 4, 2022 |
CVE-2021-43506 | An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php. | HIGH | Mar 31, 2022 |
CVE-2021-43505 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. | LOW | Mar 31, 2022 |
CVE-2021-43503 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | HIGH | Apr 8, 2022 |
CVE-2021-43498 | An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set. | MEDIUM | Apr 8, 2022 |
CVE-2021-43496 | Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. | MEDIUM | Nov 12, 2021 |
CVE-2021-43495 | AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. | MEDIUM | Nov 18, 2021 |
CVE-2021-43494 | OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system and can significantly aid in getting remote code access. | MEDIUM | Nov 12, 2021 |
CVE-2021-43493 | ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. This vulnerability can be used to extract credentials which can in turn be used to execute code. | MEDIUM | Nov 12, 2021 |
CVE-2021-43492 | AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. This attack can cause the disclosure of critical secrets stored anywhere on the system andcan significantly aid in getting remote code access. | MEDIUM | Nov 12, 2021 |
CVE-2021-43484 | A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request. | HIGH | Apr 1, 2022 |
CVE-2021-43483 | An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication. | MEDIUM | Apr 8, 2022 |
CVE-2021-43481 | An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier via the $uq HTTP POST parameter in editapprovalstage.php. | HIGH | Apr 21, 2022 |
CVE-2021-43479 | A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php. | HIGH | Apr 1, 2022 |
CVE-2021-43478 | A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website. | MEDIUM | Apr 1, 2022 |
CVE-2021-43474 | An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function | HIGH | Apr 8, 2022 |
CVE-2021-43471 | In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. | HIGH | Dec 7, 2021 |
CVE-2021-43469 | VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. | MEDIUM | Dec 6, 2021 |
CVE-2021-43466 | In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. | MEDIUM | Nov 9, 2021 |
CVE-2021-43464 | A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval(). | MEDIUM | Apr 4, 2022 |
CVE-2021-43463 | An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path. | HIGH | Apr 4, 2022 |
CVE-2021-43462 | A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter. | LOW | Apr 4, 2022 |
CVE-2021-43461 | Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter. | LOW | Apr 4, 2022 |
CVE-2021-43460 | An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path. | HIGH | Apr 4, 2022 |
CVE-2021-43459 | A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters. | LOW | Apr 4, 2022 |
CVE-2021-43458 | An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths. | HIGH | Apr 4, 2022 |
CVE-2021-43457 | An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path. | HIGH | Apr 4, 2022 |
CVE-2021-43456 | An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path. | MEDIUM | Apr 4, 2022 |
CVE-2021-43455 | An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path. | HIGH | Apr 4, 2022 |
CVE-2021-43454 | An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. . | MEDIUM | Apr 4, 2022 |
CVE-2021-43453 | A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657. | HIGH | Apr 8, 2022 |
CVE-2021-43451 | SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | HIGH | Dec 3, 2021 |
CVE-2021-43449 | ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document. | -- | Jan 23, 2023 |
CVE-2021-43448 | ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known. | -- | Jan 23, 2023 |
CVE-2021-43447 | ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication. | -- | Jan 23, 2023 |
CVE-2021-43446 | ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The macros feature of the document editor allows malicious cross site scripting payloads to be used. | -- | Jan 23, 2023 |
CVE-2021-43445 | ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key. | -- | Jan 23, 2023 |
CVE-2021-43444 | ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key. | -- | Jan 23, 2023 |
CVE-2021-43442 | A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the \'UserPermission\' endpoint with the ID of created account and set it to \'admin\' userType, successfully adding a second administrative account. | MEDIUM | Apr 11, 2022 |
CVE-2021-43441 | An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form | MEDIUM | Dec 20, 2021 |
CVE-2021-43440 | Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field. | MEDIUM | Dec 23, 2021 |
CVE-2021-43439 | RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely | HIGH | Dec 22, 2021 |
CVE-2021-43438 | Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field | LOW | Dec 22, 2021 |
CVE-2021-43437 | In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways. Very often multiple websites are hosted on the same IP address. This is where the Host Header comes in. This header specifies which website should process the HTTP request. The web server uses the value of this header to dispatch the request to the specified website. Each website hosted on the same IP address is called a virtual host. And It\'s possible to send requests with arbitrary Host Headers to the first virtual host. | MEDIUM | Dec 20, 2021 |