Skip to main content
CVE-2021-1226 MEDIUM This Month

A vulnerability in the audit logging component of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Emergency Responder Prime License Manager Unified Communications Manager +2
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-1145 MEDIUM This Month

A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers could allow an authenticated, remote attacker to read arbitrary files on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Staros
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21607 MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not limit sizes provided as query parameters to graph-rendering URLs, allowing attackers to request crafted URLs that use all available memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-21602 MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows reading arbitrary files using the file browser for workspaces and archived artifacts by following symlinks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-1246 MEDIUM This Month

Cisco Finesse, Cisco Virtualized Voice Browser, and Cisco Unified CVP OpenSocial Gadget Editor Unauthenticated Access Vulnerability A vulnerability in the web management interface of Cisco Finesse,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Finesse
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-1245 MEDIUM This Month

Cisco Finesse and Cisco Unified CVP OpenSocial Gadget Editor Cross-Site Scripting Vulnerability A vulnerability in the web-based management interface of Cisco Finesse and Cisco Unified CVP could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Finesse
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-21613 MEDIUM PATCH This Month

Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Tics
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21610 MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-1258 MEDIUM This Month

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client Agent Epolicy Orchestrator Extension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1126 MEDIUM This Month

A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Secure Firewall Management Center
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21614 MEDIUM PATCH This Month

Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure HP Bumblebee Hp Alm
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21612 MEDIUM PATCH This Month

Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Tracetronic Ecu Test
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1311 MEDIUM This Month

A vulnerability in the reclaim host role feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to take over the host role during a meeting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings Webex Meetings Server
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-1127 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Enterprise Nfv Infrastructure Software
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-21611 MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-21608 MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-21603 MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-21012 MEDIUM This Month

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Authentication Bypass Magento Commerce Magento Open Source
NVD
CVSS 3.0
5.3
EPSS
4.0%
CVE-2021-1236 MEDIUM This Month

Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Ios Xe Firepower Threat Defense Secure Firewall Management Center +1
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-1224 MEDIUM This Month

Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Firepower Threat Defense Secure Firewall Management Center Ios Xe +13
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2021-21609 MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-1239 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1238 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Secure Firewall Management Center
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1158 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Rv110W Firmware Rv130 Vpn Router Firmware Rv130W Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-1157 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Rv110W Firmware Rv130 Vpn Router Firmware Rv130W Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1156 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Rv110W Firmware Rv130 Vpn Router Firmware Rv130W Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1155 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Rv110W Firmware Rv130 Vpn Router Firmware Rv130W Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1154 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Rv110W Firmware Rv130 Vpn Router Firmware Rv130W Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1153 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Rv110W Firmware Rv130 Vpn Router Firmware Rv130W Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1152 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Rv110W Firmware Rv130 Vpn Router Firmware Rv130W Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-1151 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to conduct cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Rv110W Firmware Rv130 Vpn Router Firmware Rv130W Firmware +2
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-1130 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Catalyst Center
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-1310 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Webex Meetings
NVD
CVSS 3.1
4.7
EPSS
1.6%
CVE-2021-3032 MEDIUM This Month

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where configuration secrets for the “http”, “email”, and “snmptrap” v3 log forwarding server. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-1267 MEDIUM This Month

A vulnerability in the dashboard widget of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Secure Firewall Management Center
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-1242 MEDIUM This Month

A vulnerability in Cisco Webex Teams could allow an unauthenticated, remote attacker to manipulate file names within the messaging interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Teams
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2021-1143 MEDIUM This Month

A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an authenticated, remote attacker to enumerate what users exist on the system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Connected Mobile Experiences
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-1131 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Video Surveillance 8000P Ip Camera Firmware Video Surveillance 8020 Ip Camera Firmware +6
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-3031 MEDIUM This Month

Padding bytes in Ethernet packets on PA-200, PA-220, PA-500, PA-800, PA-2000 Series, PA-3000 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls are not cleared before the data frame. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-21606 MEDIUM PATCH This Month

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy