Skip to main content
CVE-2021-28441 MEDIUM PATCH This Month

Windows Hyper-V Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-28328 MEDIUM PATCH This Month

Windows DNS Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-28325 MEDIUM PATCH This Month

Windows SMB Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
6.5
EPSS
61.6%
CVE-2021-28323 MEDIUM PATCH This Month

Windows DNS Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
4.3%
CVE-2021-28311 MEDIUM PATCH This Month

Windows Application Compatibility Cache Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-27067 MEDIUM PATCH This Month

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Team Foundation Server Azure Devops Server
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-27609 MEDIUM This Month

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Focused Run
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-27603 MEDIUM This Month

An RFC enabled function module SPI_WAIT_MILLIS in SAP NetWeaver AS ABAP, versions - 731, 740, 750, allows to keep a work process busy for any length of time. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21485 MEDIUM This Month

An unauthorized attacker may be able to entice an administrator to invoke telnet commands of an SAP NetWeaver Application Server for Java that allow the attacker to gain NTLM hashes of a privileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21729 MEDIUM This Month

Some ZTE products have CSRF vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zte Zxhn H168N Firmware Zxhn H108N Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-26413 MEDIUM PATCH This Month

Windows Installer Spoofing Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.2
EPSS
0.7%
CVE-2021-29370 MEDIUM This Month

A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Cheetah Browser
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-28444 MEDIUM PATCH This Month

Windows Hyper-V Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
5.7
EPSS
1.7%
CVE-2021-27079 MEDIUM PATCH This Month

Windows Media Photo Codec Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.7
EPSS
2.9%
CVE-2021-28456 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Excel Office +2
NVD
CVSS 3.1
5.5
EPSS
3.7%
CVE-2021-28443 MEDIUM PATCH This Month

Windows Console Driver Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-28438 MEDIUM PATCH This Month

Windows Console Driver Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-28437 MEDIUM PATCH This Month

Windows Installer Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-28435 MEDIUM PATCH This Month

Windows Event Tracing Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-28326 MEDIUM PATCH This Month

Windows AppX Deployment Server Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-28318 MEDIUM PATCH This Month

Windows GDI+ Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-28317 MEDIUM PATCH This Month

Microsoft Windows Codecs Library Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-28309 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-27093 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-26417 MEDIUM PATCH This Month

Windows Overlay Filter Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-0471 MEDIUM PATCH This Month

In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0444 MEDIUM PATCH This Month

In onActivityResult of QuickContactActivity.java, there is an unnecessary return of an intent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0436 MEDIUM PATCH This Month

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Buffer Overflow Integer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0428 MEDIUM PATCH This Month

In getSimSerialNumber of TelephonyManager.java, there is a possible way to read a trackable identifier due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0400 MEDIUM PATCH This Month

In injectBestLocation and handleUpdateLocation of GnssLocationProvider.java, there is a possible incorrect reporting of location data to emergency services due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Code Injection Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-28646 MEDIUM This Month

An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Trend Micro Information Disclosure Apex One Officescan
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-29438 MEDIUM PATCH This Month

The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Nextcloud XSS Nextcloud Dialogs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-27601 MEDIUM This Month

SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Java Netweaver Application Server Java
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27600 MEDIUM This Month

SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Manufacturing Execution
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-27598 MEDIUM This Month

SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SAP Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-29997 MEDIUM This Month

An issue was discovered in Wind River VxWorks 7 before 21.03. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Vxworks
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-28450 MEDIUM PATCH This Month

Microsoft SharePoint Denial of Service Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.0
EPSS
2.4%
CVE-2021-3473 MEDIUM This Month

An internal product security audit of Lenovo XClarity Controller (XCC) discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Lenovo Information Disclosure Xclarity Controller
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-21483 MEDIUM This Month

Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Solution Manager
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2021-0443 MEDIUM PATCH This Month

In several functions of ScreenshotHelper.java and related files, there is a possible incorrectly saved screenshot due to a race condition. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required.

Google Information Disclosure Race Condition Java Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2021-3463 MEDIUM This Month

A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Microsoft Denial Of Service Lenovo Power Management Driver
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-27605 MEDIUM This Month

SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Fiori Apps 2 0 For Travel Management In Sap Erp
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-21492 MEDIUM This Month

SAP NetWeaver Application Server Java(HTTP Service), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate logon group in URLs, resulting in a content spoofing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-28938 MEDIUM This Month

Siren Federate before 6.8.14-10.3.9, 6.9.x through 7.6.x before 7.6.2-20.2, 7.7.x through 7.9.x before 7.9.3-21.6, 7.10.x before 7.10.2-22.2, and 7.11.x before 7.11.2-23.0 can leak user information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Federate
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-28316 MEDIUM PATCH This Month

Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
4.2
EPSS
1.1%
CVE-2021-28312 LOW PATCH Monitor

Windows NTFS Denial of Service Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
3.3
EPSS
6.6%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy