The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-37420 | Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. | MEDIUM | Sep 21, 2021 | n/a |
| CVE-2021-37421 | Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass. | HIGH | Sep 2, 2021 | n/a |
| CVE-2021-37422 | Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. | HIGH | Sep 12, 2021 | n/a |
| CVE-2021-37423 | Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. | HIGH | Sep 12, 2021 | n/a |
| CVE-2021-37424 | ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. | HIGH | Sep 21, 2021 | n/a |
| CVE-2021-37425 | Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key. | MEDIUM | Aug 10, 2021 | n/a |
| CVE-2021-37436 | Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. | LOW | Jul 24, 2021 | n/a |
| CVE-2021-37438 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2021-37439 | NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability. | MEDIUM | Jul 25, 2021 | n/a |
| CVE-2021-37440 | NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. | MEDIUM | Jul 25, 2021 | n/a |
| CVE-2021-37441 | NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. | MEDIUM | Jul 25, 2021 | n/a |
| CVE-2021-37442 | NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. | MEDIUM | Jul 25, 2021 | n/a |
| CVE-2021-37443 | NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. | MEDIUM | Jul 25, 2021 | n/a |
| CVE-2021-37444 | NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element\'s pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. | MEDIUM | Jul 25, 2021 | n/a |
| CVE-2021-37445 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. | MEDIUM | Jul 25, 2021 | n/a |
| CVE-2021-37446 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading. | MEDIUM | Jul 25, 2021 | n/a |
| CVE-2021-37447 | In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. | MEDIUM | Jul 25, 2021 | n/a |
| CVE-2021-37448 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37449 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37450 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37451 | Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37452 | NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37453 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37454 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37455 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37456 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37457 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37458 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37459 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37460 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37461 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37462 | Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37463 | In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37464 | In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37465 | In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37466 | In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37467 | In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37468 | NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37469 | In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem. | MEDIUM | Jul 25, 2021 | n/a |
| CVE-2021-37470 | In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. | LOW | Jul 25, 2021 | n/a |
| CVE-2021-37471 | Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device\'s NetCloud Manager console, local console and SSH command-line. | HIGH | Nov 7, 2021 | n/a |
| CVE-2021-37473 | In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `products-order` through a post request, which results in arbitrary sql query execution in the backend database. | HIGH | Jul 28, 2021 | n/a |
| CVE-2021-37475 | In NavigateCMS version 2.9.4 and below, function in `templates.php` is vulnerable to sql injection on parameter `template-properties-order`, which results in arbitrary sql query execution in the backend database. | HIGH | Jul 28, 2021 | n/a |
| CVE-2021-37476 | In NavigateCMS version 2.9.4 and below, function in `product.php` is vulnerable to sql injection on parameter `id` through a post request, which results in arbitrary sql query execution in the backend database. | HIGH | Jul 28, 2021 | n/a |
| CVE-2021-37477 | In NavigateCMS version 2.9.4 and below, function in `structure.php` is vulnerable to sql injection on parameter `children_order`, which results in arbitrary sql query execution in the backend database. | HIGH | Jul 28, 2021 | n/a |
| CVE-2021-37478 | In NavigateCMS version 2.9.4 and below, function `block` is vulnerable to sql injection on parameter `block-order`, which results in arbitrary sql query execution in the backend database. | HIGH | Jul 26, 2021 | n/a |
| CVE-2021-37491 | An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function. | -- | Feb 7, 2023 | n/a |
| CVE-2021-37492 | An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll() function. | -- | Feb 8, 2023 | n/a |
| CVE-2021-37497 | SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. | -- | Feb 3, 2023 | n/a |
| CVE-2021-37498 | An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function. | -- | Jan 27, 2023 | n/a |
