Skip to main content
CVE-2021-28970 MEDIUM POC This Month

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Email Malware Protection System
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-28969 MEDIUM POC This Month

eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Email Malware Protection System
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-20291 MEDIUM POC PATCH This Month

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Storage Openshift Container Platform Enterprise Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-20234 MEDIUM POC PATCH This Month

An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libzmq
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-22876 MEDIUM POC PATCH This Month

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libcurl Fedora Hci Management Node Solidfire +8
NVD
CVSS 3.1
5.3
EPSS
5.3%
CVE-2021-28164 MEDIUM POC PATCH THREAT This Month

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jetty Cloud Manager E Series Performance Analyzer E Series Santricity Os Controller +13
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
82.4%
CVE-2021-27653 MEDIUM POC This Month

Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Infinity
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-26072 MEDIUM POC PATCH THREAT This Month

The WidgetConnector plugin in Confluence Server and Confluence Data Center before version 5.8.6 allowed remote attackers to manipulate the content of internal network resources via a blind. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Atlassian SSRF Confluence Data Center Confluence Server
NVD
CVSS 3.1
4.3
EPSS
38.8%
CVE-2021-21421 MEDIUM PATCH This Month

node-etsy-client is a NodeJs Etsy ReST API Client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Node Etsy Client
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-26581 MEDIUM This Month

A potential security vulnerability has been identified in HPE Superdome Flex server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Superdome Flex Server Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-28546 MEDIUM This Month

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are missing support for an integrity check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Acrobat Acrobat Dc Acrobat Reader +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-29251 MEDIUM This Month

BTCPay Server before 1.0.7.1 mishandles the policy setting in which users can register (in Server Settings > Policies). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Docker Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-23925 MEDIUM This Month

An issue was discovered in Devolutions Server before 2020.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Devolutions Server
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-26580 MEDIUM This Month

A potential security vulnerability has been identified in HPE iLO Amplifier Pack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Integrated Lights Out Amplifier
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-26718 MEDIUM This Month

KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Internet Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-3447 MEDIUM PATCH This Month

A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Ansible Ansible Tower Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-23922 MEDIUM This Month

An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Desktop Manager
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-28047 MEDIUM This Month

Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Remote Desktop Manager
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-20296 MEDIUM PATCH This Month

A flaw was found in OpenEXR in versions before 3.0.0-beta. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Openexr Debian Linux
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-22177 MEDIUM This Month

Potential DoS was identified in gitlab-shell in GitLab CE/EE version 12.6.0 or above, which allows an attacker to spike the server resource utilization via gitlab-shell command. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-3393 MEDIUM This Month

An information leak was discovered in postgresql in versions before 13.2, before 12.6 and before 11.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Information Disclosure Software Collections Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy