The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2021-33371 | A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. | -- | Jul 28, 2022 |
| CVE-2021-33387 | Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request. | -- | Feb 24, 2023 |
| CVE-2021-33388 | dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y | -- | Aug 22, 2023 |
| CVE-2021-33390 | dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421. | -- | Aug 22, 2023 |
| CVE-2021-33391 | An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c. | -- | Feb 17, 2023 |
| CVE-2021-33393 | lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well. | HIGH | Jun 10, 2021 |
| CVE-2021-33394 | Cubecart 6.4.2 allows Session Fixation. The application does not generate a new session cookie after the user is logged in. A malicious user is able to create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid, giving the attacker access to the user\'s account through the active session. | MEDIUM | May 27, 2021 |
| CVE-2021-33396 | Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php. | -- | Feb 16, 2023 |
| CVE-2021-33403 | An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large accounts during a transaction. | MEDIUM | Aug 4, 2021 |
| CVE-2021-33408 | Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Fixed in v4.0.2.6 and v4.0.3.1. | MEDIUM | May 27, 2021 |
| CVE-2021-33420 | A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object. | -- | Dec 15, 2022 |
| CVE-2021-33425 | A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation. | LOW | May 25, 2021 |
| CVE-2021-33430 | A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious user cause a Denial of Service. NOTE: The vendor does not agree this is a vulneraility; In (very limited) circumstances a user may be able provoke the buffer overflow, the user is most likely already privileged to at least provoke denial of service by exhausting memory. Triggering this further requires the use of uncommon API (complicated structured dtypes), which is very unlikely to be available to an unprivileged user | MEDIUM | Dec 17, 2021 |
| CVE-2021-33436 | NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\\SYSTEM. | MEDIUM | May 7, 2022 |
| CVE-2021-33437 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There are memory leaks in frozen_cb() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33438 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in json_parse_array() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33439 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is Integer overflow in gc_compact_strings() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33440 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_commit() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33441 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in exec_expr() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33442 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in json_printf() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33443 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow in mjs_execute() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33444 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in getprop_builtin_foreign() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33445 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_string_char_code_at() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33446 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_next() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33447 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33448 | An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is stack buffer overflow at 0x7fffe9049390. | -- | Jul 28, 2022 |
| CVE-2021-33449 | An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_bcode_part_get_by_offset() in mjs.c. | -- | Jul 28, 2022 |
| CVE-2021-33450 | An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c. | -- | Jul 26, 2022 |
| CVE-2021-33451 | An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c. | -- | Jul 26, 2022 |
| CVE-2021-33452 | An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c. | -- | Jul 26, 2022 |
| CVE-2021-33453 | An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538. | -- | Jul 26, 2022 |
| CVE-2021-33454 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. | -- | Jul 29, 2022 |
| CVE-2021-33455 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 29, 2022 |
| CVE-2021-33456 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 29, 2022 |
| CVE-2021-33457 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
| CVE-2021-33458 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
| CVE-2021-33459 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c. | -- | Jul 28, 2022 |
| CVE-2021-33460 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
| CVE-2021-33461 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c. | -- | Jul 28, 2022 |
| CVE-2021-33462 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c. | -- | Jul 28, 2022 |
| CVE-2021-33463 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c. | -- | Jul 28, 2022 |
| CVE-2021-33464 | An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
| CVE-2021-33465 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
| CVE-2021-33466 | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
| CVE-2021-33467 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
| CVE-2021-33468 | An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c. | -- | Jul 28, 2022 |
| CVE-2021-33469 | COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin name parameter. | LOW | May 26, 2021 |
| CVE-2021-33470 | COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel. | HIGH | May 26, 2021 |
| CVE-2021-33473 | An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. | MEDIUM | Jun 3, 2022 |
| CVE-2021-33477 | rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline. | MEDIUM | May 20, 2021 |
