Skip to main content
CVE-2021-28165 HIGH POC PATCH THREAT This Week

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Jetty Autovue For Agile Product Lifecycle Management Communications Cloud Native Core Policy Communications Element Manager +17
NVD GitHub
CVSS 3.1
7.5
EPSS
53.9%
CVE-2021-29938 HIGH POC This Week

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Slice Deque
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29933 HIGH POC This Week

An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Insert Many
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29930 HIGH POC This Week

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Arenavec
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29929 HIGH POC This Week

An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Endian Trait
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-29942 HIGH POC PATCH This Week

An issue was discovered in the reorder crate through 2021-02-24 for Rust. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Reorder
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2021-29941 HIGH POC PATCH This Week

An issue was discovered in the reorder crate through 2021-02-24 for Rust. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Reorder
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2021-29939 HIGH POC PATCH This Week

An issue was discovered in the stackvector crate through 2021-02-19 for Rust. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Stackvector
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2021-29935 HIGH POC PATCH This Week

An issue was discovered in the rocket crate before 0.4.7 for Rust. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Information Disclosure Rocket
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2021-29934 HIGH POC PATCH This Week

An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Uu Od
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2021-25924 HIGH PATCH This Week

In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Gocd
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-23923 HIGH This Week

An issue was discovered in Devolutions Server before 2020.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Devolutions Server
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-28545 HIGH PATCH This Week

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Adobe Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
8.1
EPSS
2.3%
CVE-2021-20235 HIGH PATCH This Week

There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libzmq
NVD GitHub
CVSS 3.1
8.1
EPSS
43.9%
CVE-2021-21420 HIGH This Week

vscode-stripe is an extension for Visual Studio Code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stripe
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-22195 HIGH This Week

Client side code execution in gitlab-vscode-extension v3.15.0 and earlier allows attacker to execute code on user system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Gitlab Gitlab Vscode Extension
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-23924 HIGH This Week

An issue was discovered in Devolutions Server before 2020.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29421 HIGH PATCH This Week

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Python XXE Pikepdf Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-29932 HIGH This Week

An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Parse Duration
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29931 HIGH This Week

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arenavec
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-29083 HIGH This Week

Improper neutralization of special elements used in an OS command in SYNO.Core.Network.PPPoE in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote authenticated users to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology RCE Command Injection Diskstation Manager
NVD
CVSS 3.1
7.2
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy