Skip to main content
CVE-2021-26938 MEDIUM POC This Month

A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Henriquedornas
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20654 MEDIUM POC This Month

Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wekan
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-0335 MEDIUM PATCH This Month

In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Google Memory Corruption Use After Free Information Disclosure +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-23873 MEDIUM This Month

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file deletion as the SYSTEM user potentially. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Total Protection
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-0338 MEDIUM PATCH This Month

In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-23878 MEDIUM This Month

Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.0
EPSS
0.6%
CVE-2021-23881 MEDIUM This Month

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Endpoint Security
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-23883 MEDIUM This Month

A Null Pointer Dereference vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local administrator to cause Windows to crash via a specific. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service Endpoint Security
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-23882 MEDIUM This Month

Improper Access Control vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows local administrators to prevent the installation of some ENS files by. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Endpoint Security
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-23880 MEDIUM This Month

Improper Access Control in attribute in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows authenticated local administrator user to perform an uninstallation of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Endpoint Security
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy