Skip to main content
CVE-2021-29940 CRITICAL POC Act Now

An issue was discovered in the through crate through 2021-02-18 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Through
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-29937 CRITICAL POC PATCH Act Now

An issue was discovered in the telemetry crate through 2021-02-17 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Telemetry
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-29936 CRITICAL POC Act Now

An issue was discovered in the adtensor crate through 2021-01-11 for Rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Adtensor
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-20078 CRITICAL POC THREAT Act Now

Manage Engine OpManager builds below 125346 are vulnerable to a remote denial of service vulnerability due to a path traversal issue in spark gateway component. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Path Traversal Manageengine Opmanager
NVD
CVSS 3.1
9.1
EPSS
60.4%
CVE-2021-28918 CRITICAL POC PATCH THREAT Act Now

Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js SSRF Netmask
NVD GitHub
CVSS 3.1
9.1
EPSS
16.4%
CVE-2021-28165 HIGH POC PATCH THREAT This Week

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jetty Autovue For Agile Product Lifecycle Management Communications Cloud Native Core Policy Communications Element Manager +17
NVD GitHub
CVSS 3.1
7.5
EPSS
53.9%
CVE-2021-29938 HIGH POC This Week

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Slice Deque
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29933 HIGH POC This Week

An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insert Many
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29930 HIGH POC This Week

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Arenavec
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29929 HIGH POC This Week

An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Endian Trait
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29942 HIGH POC PATCH This Week

An issue was discovered in the reorder crate through 2021-02-24 for Rust. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Reorder
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2021-29941 HIGH POC PATCH This Week

An issue was discovered in the reorder crate through 2021-02-24 for Rust. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Reorder
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2021-29939 HIGH POC PATCH This Week

An issue was discovered in the stackvector crate through 2021-02-19 for Rust. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Stackvector
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2021-29935 HIGH POC PATCH This Week

An issue was discovered in the rocket crate before 0.4.7 for Rust. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Rocket
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2021-29934 HIGH POC PATCH This Week

An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Uu Od
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2021-28970 MEDIUM POC This Month

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Email Malware Protection System
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-28969 MEDIUM POC This Month

eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Email Malware Protection System
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-20291 MEDIUM POC PATCH This Month

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Storage Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-20234 MEDIUM POC PATCH This Month

An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libzmq
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-22876 MEDIUM POC PATCH This Month

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Hci Management Node Solidfire +8
NVD
CVSS 3.1
5.3
EPSS
5.3%
CVE-2021-28164 MEDIUM POC PATCH THREAT This Month

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jetty Cloud Manager E Series Performance Analyzer E Series Santricity Os Controller +13
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
82.4%
CVE-2021-23921 CRITICAL Act Now

An issue was discovered in Devolutions Server before 2020.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-21982 CRITICAL PATCH Act Now

VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

VMware Authentication Bypass Carbon Black Cloud Workload
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2021-27653 MEDIUM POC This Month

Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Infinity
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-25924 HIGH PATCH This Week

In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Gocd
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-26072 MEDIUM POC PATCH THREAT This Month

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Data Center Confluence Server
NVD
CVSS 3.1
4.3
EPSS
38.8%
CVE-2021-23923 HIGH This Week

An issue was discovered in Devolutions Server before 2020.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Devolutions Server
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-28545 HIGH PATCH This Week

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2021-20235 HIGH PATCH This Week

There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libzmq
NVD GitHub
CVSS 3.1
8.1
EPSS
43.9%
CVE-2021-21420 HIGH This Week

vscode-stripe is an extension for Visual Studio Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stripe
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-22195 HIGH This Week

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Gitlab Gitlab Vscode Extension
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-22890 LOW POC PATCH Monitor

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora Hci Management Node Solidfire +7
NVD
CVSS 3.1
3.7
EPSS
3.1%
CVE-2021-23924 HIGH This Week

An issue was discovered in Devolutions Server before 2020.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29421 HIGH PATCH This Week

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Python XXE Pikepdf Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-29932 HIGH This Week

An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Parse Duration
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29931 HIGH This Week

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arenavec
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29083 HIGH This Week

Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE Command Injection Diskstation Manager
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-28163 LOW POC PATCH Monitor

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Jetty Fedora Ignite Solr +19
NVD GitHub
CVSS 3.1
2.7
EPSS
4.2%
CVE-2021-21421 MEDIUM PATCH This Month

node-etsy-client is a NodeJs Etsy ReST API Client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Node Etsy Client
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-26581 MEDIUM This Month

A potential security vulnerability has been identified in HPE Superdome Flex server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Superdome Flex Server Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-28546 MEDIUM This Month

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-29251 MEDIUM This Month

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-23925 MEDIUM This Month

An issue was discovered in Devolutions Server before 2020.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Devolutions Server
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-26580 MEDIUM This Month

A potential security vulnerability has been identified in HPE iLO Amplifier Pack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Integrated Lights Out Amplifier
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-26718 MEDIUM This Month

KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Internet Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-3447 MEDIUM PATCH This Month

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Ansible Ansible Tower Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-23922 MEDIUM This Month

An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Desktop Manager
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-28047 MEDIUM This Month

Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Desktop Manager
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-20296 MEDIUM PATCH This Month

A flaw was found in OpenEXR in versions before 3.0.0-beta. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Openexr Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-22177 MEDIUM This Month

Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy