Skip to main content
CVE-2021-26914 HIGH POC THREAT Act Now

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
77.7%
CVE-2021-21305 HIGH POC PATCH THREAT This Week

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Carrierwave
NVD GitHub
CVSS 3.1
8.8
EPSS
12.7%
CVE-2021-26915 HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in webrepdb StatusServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
41.8%
CVE-2021-26913 HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in RpcServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
13.3%
CVE-2021-26912 HIGH POC THREAT This Week

NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Deserialization RCE Java Netmotion Mobility
NVD
CVSS 3.1
8.1
EPSS
41.0%
CVE-2021-26222 HIGH POC This Week

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ezxml
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-26221 HIGH POC This Week

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ezxml
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-26220 HIGH POC This Week

The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ezxml
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-21240 HIGH POC PATCH This Week

httplib2 is a comprehensive HTTP client library for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Httplib2
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-25837 HIGH POC This Week

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ethermint
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-25836 HIGH POC This Week

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ethermint
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-26910 HIGH POC PATCH This Week

Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. Rated high severity (CVSS 7.0). Public exploit code available.

Authentication Bypass Firejail Debian Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2021-26576 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so uploadsshkey function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Command Injection Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-26577 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so uploadsshkey function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26575 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletesolvideofile function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26574 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a path traversal vulnerability in libifc.so webdeletevideofile function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Path Traversal Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-26573 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgeneratesslcfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25172 HIGH PATCH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a command injection vulnerability in libifc.so websetdefaultlangcfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Command Injection Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-26572 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26571 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webgetactivexcfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26570 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webifc_setadconfig function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-25171 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetlicensecfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25170 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetremoteimageinfo function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25169 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so websetservicecfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25168 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webupdatecomponent function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25142 HIGH This Week

The Baseboard Management Controller (BMC) firmware in HPE Apollo 70 System prior to version 3.0.14.0 has a local buffer overflow in libifc.so webstartflash function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Baseboard Management Controller
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-26826 HIGH PATCH This Week

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Godot Engine
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-26825 HIGH PATCH This Week

An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Integer Overflow RCE Godot Engine
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-21306 HIGH PATCH This Week

Marked is an open-source markdown parser and compiler (npm package "marked"). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Marked
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-25835 HIGH PATCH This Week

Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ethermint
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-25834 HIGH PATCH This Week

Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ethermint
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy