Skip to main content
CVE-2021-20274 HIGH PATCH This Week

A flaw was found in privoxy before 3.0.32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Privoxy
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-20273 HIGH PATCH This Week

A flaw was found in privoxy before 3.0.32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Privoxy Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-20272 HIGH PATCH This Week

A flaw was found in privoxy before 3.0.32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Privoxy Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-20262 MEDIUM This Month

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Keycloak Single Sign On
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-20253 MEDIUM This Month

A flaw was found in ansible-tower. Rated medium severity (CVSS 6.7). No vendor patch available.

Path Traversal Information Disclosure Ansible Tower
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-21369 MEDIUM PATCH This Month

Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Besu
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-21181 MEDIUM This Month

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21178 MEDIUM PATCH This Month

Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21173 MEDIUM PATCH This Month

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21164 MEDIUM This Month

Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21163 MEDIUM This Month

Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21488 MEDIUM This Month

Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Netweaver Knowledge Management
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21295 MEDIUM PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netty Oncommand Api Services Oncommand Workflow Automation +5
NVD GitHub
CVSS 3.1
5.9
EPSS
18.9%
CVE-2021-20255 MEDIUM PATCH This Month

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-20246 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resample.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20245 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/webp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20244 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/visual-effects.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20243 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resize.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-20241 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/jp2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-23273 MEDIUM This Month

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Analytics Platform Spotfire Analyst Spotfire Desktop Spotfire Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-28116 MEDIUM This Month

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Squid Fedora +1
NVD GitHub
CVSS 3.1
5.3
EPSS
13.0%
CVE-2021-20341 MEDIUM This Month

IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Multicloud Management Monitoring
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-21360 MEDIUM PATCH This Month

Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Products Genericsetup
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-3417 MEDIUM This Month

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Orchestrator
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-21189 MEDIUM This Month

Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-21187 MEDIUM This Month

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-21186 MEDIUM This Month

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Authentication Bypass Chrome Fedora +1
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-20263 LOW PATCH Monitor

A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Qemu
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2021-27584 LOW Monitor

When a user opens manipulated PhotoShop Document (.PSD) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes temporarily. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
3.3
EPSS
0.7%
CVE-2021-21493 LOW Monitor

When a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise Viewer version 9, the application crashes and becomes. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
3.3
EPSS
1.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy