Skip to main content
CVE-2021-30046 MEDIUM POC This Month

VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vigra Computer Vision Library
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-30157 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-30154 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-30151 MEDIUM POC PATCH This Month

Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sidekiq Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
4.2%
CVE-2021-30150 MEDIUM POC PATCH This Month

Composr 10.0.36 allows XSS in an XML script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Composr
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.8%
CVE-2021-26833 MEDIUM POC This Month

Cleartext Storage in a File or on Disk in TimelyBills <= 1.7.0 for iOS and versions <= 1.21.115 for Android allows attacker who can locally read user's files obtain JWT tokens for user's account due. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Apple Information Disclosure Timelybills
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2021-30140 MEDIUM POC This Month

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Liquidfiles
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-30158 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-30144 MEDIUM POC This Month

The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Dashboard
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-28688 MEDIUM PATCH This Month

The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Linux Kernel Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-22157 MEDIUM This Month

Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Insider Threat Management
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-29136 MEDIUM PATCH This Month

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Umoci Singularity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-30161 MEDIUM This Month

An issue was discovered on LG mobile devices with Android OS 11 software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-30146 MEDIUM This Month

Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality.". Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Seafile
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-28658 MEDIUM PATCH This Month

In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Django Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
3.9%
CVE-2021-28209 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28208 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28207 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28206 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28205 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28202 MEDIUM This Month

The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28201 MEDIUM This Month

The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28200 MEDIUM This Month

The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28199 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28198 MEDIUM This Month

The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28197 MEDIUM This Month

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28196 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-28195 MEDIUM This Month

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28194 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28193 MEDIUM This Month

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28192 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28191 MEDIUM This Month

The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28190 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Asmb9 Ikvm Firmware Rs720A E9 Rs24 E Firmware Rs700A E9 Rs4 Firmware Rs700 E9 Rs4 Firmware +40
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-28189 MEDIUM This Month

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28188 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28187 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-28186 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28185 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28184 MEDIUM This Month

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28183 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28182 MEDIUM This Month

The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28181 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28180 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28179 MEDIUM This Month

The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28178 MEDIUM This Month

The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28177 MEDIUM This Month

The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-28176 MEDIUM This Month

The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-28175 MEDIUM This Month

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Z10Pr D16 Firmware Asmb8 Ikvm Firmware Z10Pe D16 Ws Firmware
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-25692 MEDIUM PATCH This Month

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Pcoip Connection Manager And Security Gateway
NVD
CVSS 3.1
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy