Skip to main content
CVE-2021-21246 HIGH POC PATCH THREAT This Week

OneDev is an all-in-one devops platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure Authentication Bypass Onedev
NVD GitHub
CVSS 3.1
7.5
EPSS
49.1%
CVE-2021-0217 HIGH POC This Week

A vulnerability in processing of certain DHCP packets from adjacent clients on EX Series and QFX Series switches running Juniper Networks Junos OS with DHCP local/relay server configured may lead to. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2021-0215 MEDIUM POC This Month

On Juniper Networks Junos EX series, QFX Series, MX Series and SRX branch series devices, a memory leak occurs every time the 802.1X authenticator port interface flaps which can lead to other. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-23837 MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Flatcore
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-0211 CRITICAL Act Now

An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon (RPD) service allows an attacker to send a valid BGP FlowSpec message. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
10.0
EPSS
1.3%
CVE-2021-21245 CRITICAL PATCH Act Now

OneDev is an all-in-one devops platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Onedev
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-21242 CRITICAL PATCH Act Now

OneDev is an all-in-one devops platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization RCE Onedev
NVD GitHub
CVSS 3.1
9.8
EPSS
74.2%
CVE-2021-21244 CRITICAL PATCH Act Now

OneDev is an all-in-one devops platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Onedev
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-21243 CRITICAL PATCH Act Now

OneDev is an all-in-one devops platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Deserialization Kubernetes Onedev
NVD GitHub
CVSS 3.1
9.8
EPSS
54.5%
CVE-2021-23835 MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Flatcore
NVD GitHub
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-21251 HIGH This Week

OneDev is an all-in-one devops platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Onedev
NVD GitHub
CVSS 3.1
8.8
EPSS
12.2%
CVE-2021-21249 HIGH PATCH This Week

OneDev is an all-in-one devops platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Onedev
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-21248 HIGH PATCH This Week

OneDev is an all-in-one devops platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Onedev
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-21247 HIGH This Week

OneDev is an all-in-one devops platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Onedev
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2021-0208 HIGH This Week

An improper input validation vulnerability in the Routing Protocol Daemon (RPD) service of Juniper Networks Junos OS allows an attacker to send a malformed RSVP packet when bidirectional LSPs are in. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-23838 MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Authentication Bypass Flatcore
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-23836 MEDIUM POC This Month

An issue was discovered in flatCore before 2.0.0 build 139. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flatcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.9%
CVE-2021-0203 HIGH This Week

On Juniper Networks EX and QFX5K Series platforms configured with Redundant Trunk Group (RTG), Storm Control profile applied on the RTG interface might not take affect when it reaches the threshold. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2021-3162 HIGH This Week

Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Docker Apple Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21237 HIGH PATCH This Week

Git LFS is a command line extension for managing large files with Git. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Git Large File Storage
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-0223 HIGH This Week

A local privilege escalation vulnerability in telnetd.real of Juniper Networks Junos OS may allow a locally authenticated shell user to escalate privileges and execute arbitrary commands as root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-0218 HIGH This Week

A command injection vulnerability in the license-check daemon of Juniper Networks Junos OS that may allow a locally authenticated attacker with low privileges to execute commands with root privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-0204 HIGH This Week

A sensitive information disclosure vulnerability in delta-export configuration utility (dexp) of Juniper Networks Junos OS may allow a locally authenticated shell user the ability to create and read. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Juniper Junos
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0207 HIGH This Week

An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-0206 HIGH This Week

A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-0202 HIGH This Week

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPC (Modular Port Concentrator) where Integrated Routing and Bridging (IRB) interface is configured and it is mapped to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22167 HIGH This Week

An issue has been discovered in GitLab affecting all versions starting from 12.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-22166 HIGH This Week

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-0222 HIGH This Week

A vulnerability in Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending certain crafted protocol packets from an adjacent device with invalid. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2021-0220 MEDIUM This Month

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Juniper Junos Space
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2021-0210 MEDIUM This Month

An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2021-0219 MEDIUM This Month

A command injection vulnerability in install package validation subsystem of Juniper Networks Junos OS that may allow a locally authenticated attacker with privileges to execute commands with root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Juniper Junos
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2021-21250 MEDIUM PATCH This Month

OneDev is an all-in-one devops platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Onedev
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-0221 MEDIUM This Month

In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-0209 MEDIUM This Month

In Juniper Networks Junos OS Evolved an attacker sending certain valid BGP update packets may cause Junos OS Evolved to access an uninitialized pointer causing RPD to core leading to a Denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Memory Corruption Juniper Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-22171 MEDIUM This Month

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-22168 MEDIUM This Month

A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-0205 MEDIUM This Month

When the "Intrusion Detection Service" (IDS) feature is configured on Juniper Networks MX series with a dynamic firewall filter using IPv6 source or destination prefix, it may incorrectly match the. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
5.8
EPSS
1.2%
CVE-2021-0212 MEDIUM This Month

An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Juniper Contrail Networking
NVD
CVSS 3.1
5.0
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy