Skip to main content
CVE-2021-21646 HIGH PATCH This Week

Jenkins Templating Engine Plugin 2.1 and earlier does not protect its pipeline configurations using Script Security Plugin, allowing attackers with Job/Configure permission to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Templating Engine
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-20501 HIGH This Week

IBM i 7.1, 7.2, 7.3, and 7.4 SMTP allows a network attacker to send emails to non-existent local-domain recipients to the SMTP server, caused by using a non-default configuration. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2021-20454 HIGH This Week

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM XXE Websphere Application Server
NVD
CVSS 3.1
8.2
EPSS
2.9%
CVE-2021-21642 HIGH PATCH This Week

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Config File Provider
NVD
CVSS 3.1
8.1
EPSS
37.8%
CVE-2021-1076 HIGH This Week

NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Microsoft Information Disclosure Nvidia +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-31523 HIGH PATCH This Week

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Debian Privilege Escalation Xscreensaver
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-30139 HIGH This Week

In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apk Tools
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-28965 HIGH PATCH This Week

The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexml Ruby Fedora
NVD
CVSS 3.1
7.5
EPSS
5.1%
CVE-2021-1075 HIGH This Week

NVIDIA Windows GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the program dereferences a pointer that. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Null Pointer Dereference Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-1074 HIGH This Week

NVIDIA GPU Display Driver for Windows installer contains a vulnerability where an attacker with local unprivileged system access may be able to replace an application resource with malicious files. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Information Disclosure Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2021-21427 HIGH PATCH This Week

Magento-lts is a long-term support alternative to Magento Community Edition (CE). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Adobe Magento
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy