Skip to main content
CVE-2021-20017 HIGH This Week

A post-authenticated command injection vulnerability in SonicWall SMA100 allows an authenticated attacker to execute OS commands as a 'nobody' user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sonicwall Sma100 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-28373 HIGH PATCH This Week

The auth_internal plugin in Tiny Tiny RSS (aka tt-rss) before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Tiny Tiny Rss
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-28361 HIGH This Week

An issue was discovered in Storage Performance Development Kit (SPDK) before 20.01.01. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Storage Performance Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20018 MEDIUM This Month

A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Sonicwall Information Disclosure Sma100 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy