The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-44368 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNetPort param is not object. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Feb 8, 2022 | n/a |
| CVE-2021-44367 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not object. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Feb 8, 2022 | n/a |
| CVE-2021-44366 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Apr 15, 2022 | n/a |
| CVE-2021-44365 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetDevName param is not object. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Feb 3, 2022 | n/a |
| CVE-2021-44364 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetWifi param is not object. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Feb 3, 2022 | n/a |
| CVE-2021-44363 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPush param is not object. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Feb 3, 2022 | n/a |
| CVE-2021-44362 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCloudSchedule param is not object. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Feb 3, 2022 | n/a |
| CVE-2021-44361 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Set3G param is not object. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Feb 3, 2022 | n/a |
| CVE-2021-44360 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNorm param is not object. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Feb 3, 2022 | n/a |
| CVE-2021-44359 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCrop param is not object. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Feb 3, 2022 | n/a |
| CVE-2021-44358 | A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetRec param is not object. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Feb 3, 2022 | n/a |
| CVE-2021-44357 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Apr 15, 2022 | n/a |
| CVE-2021-44356 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Apr 15, 2022 | n/a |
| CVE-2021-44355 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Apr 15, 2022 | n/a |
| CVE-2021-44354 | Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. | MEDIUM | Apr 15, 2022 | n/a |
| CVE-2021-44352 | A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. | HIGH | Dec 3, 2021 | n/a |
| CVE-2021-44351 | An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download.php id parameter. | MEDIUM | Jan 6, 2022 | n/a |
| CVE-2021-44350 | SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the parseOrder function in Builder.php. | HIGH | Dec 16, 2021 | n/a |
| CVE-2021-44349 | SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\\Manage\\Controller\\DownloadController.class.php. | HIGH | Dec 3, 2021 | n/a |
| CVE-2021-44348 | SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\\Manage\\Controller\\AdvertController.class.php. | HIGH | Dec 3, 2021 | n/a |
| CVE-2021-44347 | SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\\Manage\\Controller\\GuestbookController.class.php. | HIGH | Dec 3, 2021 | n/a |
| CVE-2021-44345 | Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection. | MEDIUM | Mar 20, 2022 | n/a |
| CVE-2021-44343 | David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_read_data() in /ok_png.c. | MEDIUM | Mar 3, 2022 | n/a |
| CVE-2021-44342 | David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow via function ok_png_transform_scanline() in /ok_png.c:494. | MEDIUM | Feb 28, 2022 | n/a |
| CVE-2021-44340 | David Brackeen ok-file-formats dev version is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_jpg_generate_huffman_table() in /ok_jpg.c:403. | MEDIUM | Feb 28, 2022 | n/a |
| CVE-2021-44339 | David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurred in function ok_png_transform_scanline() in /ok_png.c:712. | MEDIUM | Feb 28, 2022 | n/a |
| CVE-2021-44335 | David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_png_transform_scanline() in /ok_png.c:533. | MEDIUM | Mar 3, 2022 | n/a |
| CVE-2021-44334 | David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflow. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in function ok_jpg_convert_YCbCr_to_RGB() in /ok_jpg.c:513 . | MEDIUM | Feb 28, 2022 | n/a |
| CVE-2021-44331 | ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ise(). | MEDIUM | Feb 28, 2022 | n/a |
| CVE-2021-44321 | Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the application create a malicious file for updating the inventory details and items. | MEDIUM | Mar 4, 2022 | n/a |
| CVE-2021-44317 | In Bus Pass Management System v1.0, parameters \'pagedes\' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | LOW | Dec 16, 2021 | n/a |
| CVE-2021-44315 | In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server. | MEDIUM | Dec 16, 2021 | n/a |
| CVE-2021-44312 | An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page. | MEDIUM | Mar 30, 2022 | n/a |
| CVE-2021-44310 | An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. | LOW | Mar 30, 2022 | n/a |
| CVE-2021-44302 | BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection vulnerabilities via the tongji and baidu_map parameters in /user/ztconfig.php. | MEDIUM | Feb 19, 2022 | n/a |
| CVE-2021-44299 | A reflected cross-site scripting (XSS) vulnerability in \\lib\\packages\\themes\\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | LOW | Jan 19, 2022 | n/a |
| CVE-2021-44283 | A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an information leak via a crafted structure from an untrusted operating system. | -- | May 9, 2023 | n/a |
| CVE-2021-44280 | attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. | HIGH | Dec 2, 2021 | n/a |
| CVE-2021-44279 | Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. | MEDIUM | Dec 3, 2021 | n/a |
| CVE-2021-44278 | Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. | HIGH | Dec 3, 2021 | n/a |
| CVE-2021-44277 | Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. | MEDIUM | Dec 3, 2021 | n/a |
| CVE-2021-44273 | e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks. | MEDIUM | Dec 23, 2021 | n/a |
| CVE-2021-44269 | An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. | MEDIUM | Mar 10, 2022 | n/a |
| CVE-2021-44266 | GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. | MEDIUM | Jun 11, 2022 | n/a |
| CVE-2021-44263 | Gurock TestRail before 7.2.4 mishandles HTML escaping. | MEDIUM | Dec 20, 2021 | n/a |
| CVE-2021-44262 | A vulnerability is in the \'MNU_top.htm\' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. | MEDIUM | Mar 17, 2022 | n/a |
| CVE-2021-44261 | A vulnerability is in the \'BRS_top.html\' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. | MEDIUM | Mar 17, 2022 | n/a |
| CVE-2021-44260 | A vulnerability is in the \'live_mfg.html\' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router. | MEDIUM | Mar 17, 2022 | n/a |
| CVE-2021-44259 | A vulnerability is in the \'wx.html\' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner. | HIGH | Mar 17, 2022 | n/a |
| CVE-2021-44255 | Authenticated remote code execution in MotionEye <= 0.42.1 and MotioneEyeOS <= 20200606 allows a remote attacker to upload a configuration backup file containing a malicious python pickle file which will execute arbitrary code on the server. | MEDIUM | Feb 4, 2022 | n/a |
