Skip to main content
CVE-2021-20285 MEDIUM POC This Month

A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Upx
NVD GitHub
CVSS 3.1
6.6
EPSS
0.8%
CVE-2021-1629 MEDIUM POC This Month

Tableau Server fails to validate certain URLs that are embedded in emails sent to Tableau Server users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Tableau Server
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-3275 MEDIUM POC This Month

Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link XSS Td W9977 Firmware Tl Wa801Nd Firmware Tl Wa801N Firmware +2
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2021-21373 MEDIUM POC This Month

Nimble is a package manager for the Nim programming language. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Nim
NVD GitHub
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-20284 MEDIUM POC This Month

A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils Cloud Backup Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-28247 MEDIUM POC This Month

CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ehealth Performance Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22180 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 13.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-22172 MEDIUM POC This Month

Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-25372 MEDIUM KEV THREAT This Month

An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2021-25371 MEDIUM KEV THREAT This Month

A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2021-21396 MEDIUM PATCH This Month

wire-server is an open-source back end for Wire, a secure collaboration platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nginx Information Disclosure Wire Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-23890 MEDIUM This Month

Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epolicy Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-3153 MEDIUM This Month

HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass Terraform Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-3027 MEDIUM PATCH This Month

app/views_mod/user/user.py in LibrIT PaSSHport through 2.5 is affected by LDAP Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Passhport
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-20197 MEDIUM PATCH This Month

There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. Rated medium severity (CVSS 6.3).

Information Disclosure Binutils Enterprise Linux Cloud Backup Ontap Select Deploy Administration Utility +2
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-23888 MEDIUM This Month

Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Epolicy Orchestrator
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2021-21333 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required.

Python Code Injection Synapse Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-22886 MEDIUM PATCH This Month

Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rocket Chat
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-29264 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 5.11.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-21411 MEDIUM PATCH This Month

OAuth2-Proxy is an open source reverse proxy that provides authentication with Google, Github or other providers. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Google Gitlab Authentication Bypass Oauth2 Proxy
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-22184 MEDIUM This Month

An information disclosure issue in GitLab starting from version 12.8 allowed a user with access to the server logs to see sensitive information that wasn't properly redacted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-25369 MEDIUM POC KEV THREAT This Month

An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-20683 MEDIUM PATCH This Month

Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20681 MEDIUM PATCH This Month

Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20289 MEDIUM PATCH This Month

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Resteasy Oncommand Insight Quarkus Communications Cloud Native Core Console
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-3109 MEDIUM This Month

The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orion Platform
NVD
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-23889 MEDIUM This Month

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-29265 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.11.7. Rated medium severity (CVSS 4.7).

Linux Denial Of Service Race Condition Linux Kernel Debian Linux
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-22194 MEDIUM This Month

In all versions of GitLab, marshalled session keys were being stored in Redis. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Redis Gitlab Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-25370 MEDIUM POC KEV THREAT This Month

An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
4.4
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy