CVE-2021-45388
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-45608. Reason: This candidate is a reservation duplicate of CVE-2021-45608. Notes: All CVE users should reference CVE-2021-45608 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Source: CVE-2021-45388
CVE-2021-43436
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
Source: CVE-2021-43436
CVE-2021-38892
IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote threat actor who can access (without previous authentication) a valid PA endpoint to read and write files to the IBM Planning Analytics system. Depending on file system permissions up to path traversal and possibly remote code execution. IBM X-Force ID: 209511.
Source: CVE-2021-38892
CVE-2021-44652
Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.
Source: CVE-2021-44652
CVE-2021-44651
Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.
Source: CVE-2021-44651
CVE-2021-44650
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.
Source: CVE-2021-44650
CVE-2021-4080
crater is vulnerable to Unrestricted Upload of File with Dangerous Type
Source: CVE-2021-4080
CVE-2021-44649
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.
Source: CVE-2021-44649
CVE-2021-44648
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.
Source: CVE-2021-44648
CVE-2021-3852
growi is vulnerable to Authorization Bypass Through User-Controlled Key
Source: CVE-2021-3852