The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-46761 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2021-46762 | Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. | -- | May 9, 2023 | n/a |
| CVE-2021-46763 | Insufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity. | -- | May 9, 2023 | n/a |
| CVE-2021-46764 | Improper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service. | -- | May 9, 2023 | n/a |
| CVE-2021-46765 | Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. | -- | May 9, 2023 | n/a |
| CVE-2021-46766 | Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | -- | Nov 14, 2023 | n/a |
| CVE-2021-46767 | Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service. | -- | Jan 11, 2023 | n/a |
| CVE-2021-46768 | Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service. | -- | Jan 11, 2023 | n/a |
| CVE-2021-46769 | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution. | -- | May 9, 2023 | n/a |
| CVE-2021-46771 | Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application. | HIGH | May 11, 2022 | n/a |
| CVE-2021-46773 | Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. | -- | May 9, 2023 | n/a |
| CVE-2021-46774 | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | -- | Nov 14, 2023 | n/a |
| CVE-2021-46775 | Improper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites, potentially leading to a loss of integrity and code execution. | -- | May 9, 2023 | n/a |
| CVE-2021-46778 | Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an attacker may potentially leak sensitive information. | -- | Aug 12, 2022 | n/a |
| CVE-2021-46779 | Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability. | -- | Jan 11, 2023 | n/a |
| CVE-2021-46780 | The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | MEDIUM | Apr 25, 2022 | n/a |
| CVE-2021-46781 | The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | MEDIUM | Apr 25, 2022 | n/a |
| CVE-2021-46782 | The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | MEDIUM | Apr 25, 2022 | n/a |
| CVE-2021-46784 | In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. | -- | Jun 22, 2022 | n/a |
| CVE-2021-46785 | The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier. | MEDIUM | May 13, 2022 | n/a |
| CVE-2021-46786 | The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access. | HIGH | May 13, 2022 | n/a |
| CVE-2021-46787 | The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash. | MEDIUM | May 13, 2022 | n/a |
| CVE-2021-46788 | Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations. | MEDIUM | May 13, 2022 | n/a |
| CVE-2021-46789 | Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. | MEDIUM | May 13, 2022 | n/a |
| CVE-2021-46790 | ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. | HIGH | May 2, 2022 | n/a |
| CVE-2021-46791 | Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service. | -- | Jan 11, 2023 | n/a |
| CVE-2021-46792 | Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service. | -- | May 9, 2023 | n/a |
| CVE-2021-46793 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2021-46794 | Insufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service. | -- | May 9, 2023 | n/a |
| CVE-2021-46795 | A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service. | -- | Jan 11, 2023 | n/a |
| CVE-2021-46796 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2021-46799 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2021-46811 | HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. | MEDIUM | Jun 13, 2022 | n/a |
| CVE-2021-46812 | The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. | MEDIUM | Jun 18, 2022 | n/a |
| CVE-2021-46813 | Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability. | MEDIUM | Jun 13, 2022 | n/a |
| CVE-2021-46814 | The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. | MEDIUM | Jun 18, 2022 | n/a |
| CVE-2021-46815 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-46789. Reason: This candidate is a duplicate of CVE-2021-46789. Notes: All CVE users should reference CVE-2021-46789 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | MEDIUM | Jun 18, 2022 | n/a |
| CVE-2021-46816 | Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | -- | Jun 13, 2022 | n/a |
| CVE-2021-46817 | Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | -- | Jun 13, 2022 | n/a |
| CVE-2021-46818 | Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | -- | Jun 13, 2022 | n/a |
| CVE-2021-46820 | Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php | MEDIUM | Jun 17, 2022 | n/a |
| CVE-2021-46822 | The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. | MEDIUM | Jun 18, 2022 | n/a |
| CVE-2021-46823 | python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | MEDIUM | Jun 18, 2022 | n/a |
| CVE-2021-46824 | Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. | LOW | Jun 23, 2022 | n/a |
| CVE-2021-46825 | Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N | MEDIUM | Jul 7, 2022 | n/a |
| CVE-2021-46827 | An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field. | -- | Jul 13, 2022 | n/a |
| CVE-2021-46828 | In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. | -- | Jul 20, 2022 | n/a |
| CVE-2021-46829 | GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. | -- | Jul 24, 2022 | n/a |
| CVE-2021-46830 | A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. | -- | Jul 28, 2022 | n/a |
| CVE-2021-46834 | A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4). | -- | Sep 22, 2022 | n/a |
