Skip to main content
CVE-2021-3411 MEDIUM POC This Month

A flaw was found in the Linux kernel in versions prior to 5.10. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linux RCE Code Injection Linux Kernel Enterprise Linux
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-21182 MEDIUM POC This Month

Insufficient policy enforcement in navigations in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-21177 MEDIUM POC THREAT This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
17.3%
CVE-2021-21176 MEDIUM POC This Month

Inappropriate implementation in full screen mode in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-21175 MEDIUM POC This Month

Inappropriate implementation in Site isolation in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-21171 MEDIUM POC This Month

Incorrect security UI in TabStrip and Navigation in Google Chrome on Android prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-21170 MEDIUM POC This Month

Incorrect security UI in Loader in Google Chrome prior to 89.0.4389.72 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21168 MEDIUM POC This Month

Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-21361 MEDIUM POC PATCH This Month

The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vagrant
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-28115 MEDIUM POC PATCH This Month

The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Ougc Feedback
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-28006 MEDIUM POC This Month

Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Web Based Quiz System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-24033 MEDIUM POC PATCH This Month

react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection React Dev Utils
NVD GitHub
CVSS 3.1
5.6
EPSS
3.3%
CVE-2021-21185 MEDIUM POC This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2021-21184 MEDIUM POC This Month

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-21183 MEDIUM POC This Month

Inappropriate implementation in performance APIs in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-20262 MEDIUM This Month

A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Keycloak Single Sign On
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-20253 MEDIUM This Month

A flaw was found in ansible-tower. Rated medium severity (CVSS 6.7). No vendor patch available.

Path Traversal Information Disclosure Ansible Tower
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-21369 MEDIUM PATCH This Month

Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Besu
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-21181 MEDIUM This Month

Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21178 MEDIUM PATCH This Month

Inappropriate implementation in Compositing in Google Chrome on Linux and Windows prior to 89.0.4389.72 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21173 MEDIUM PATCH This Month

Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-21164 MEDIUM This Month

Insufficient data validation in Chrome on iOS in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21163 MEDIUM This Month

Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21488 MEDIUM This Month

Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Netweaver Knowledge Management
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21295 MEDIUM PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Netty Oncommand Api Services Oncommand Workflow Automation +5
NVD GitHub
CVSS 3.1
5.9
EPSS
18.9%
CVE-2021-20255 MEDIUM PATCH This Month

A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Qemu Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-20246 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resample.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20245 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/webp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20244 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/visual-effects.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Enterprise Linux Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-20243 MEDIUM PATCH This Month

A flaw was found in ImageMagick in MagickCore/resize.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-20241 MEDIUM PATCH This Month

A flaw was found in ImageMagick in coders/jp2.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Imagemagick Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-23273 MEDIUM This Month

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Analytics Platform Spotfire Analyst Spotfire Desktop Spotfire Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-28116 MEDIUM This Month

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Squid Fedora +1
NVD GitHub
CVSS 3.1
5.3
EPSS
13.0%
CVE-2021-20341 MEDIUM This Month

IBM Cloud Pak for Multicloud Management Monitoring 2.2 returns potentially sensitive information in headers which could lead to further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Multicloud Management Monitoring
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-21360 MEDIUM PATCH This Month

Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Products Genericsetup
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-3417 MEDIUM This Month

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator (LXCA), if added as a Resource Manager, are encoded then written to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Orchestrator
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-21189 MEDIUM This Month

Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-21187 MEDIUM This Month

Insufficient data validation in URL formatting in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-21186 MEDIUM This Month

Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72 allowed an attacker who convinced the user to scan a QR code to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Authentication Bypass Chrome Fedora +1
NVD
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy