Skip to main content
CVE-2021-22207 MEDIUM POC PATCH This Month

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Wireshark Fedora Zfs Storage Appliance Kit Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-31539 MEDIUM POC This Month

Wowza Streaming Engine before 4.8.8.01 (in a default installation) has cleartext passwords stored in the conf/admin.password file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Streaming Engine
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-31583 MEDIUM POC This Month

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Next Generation Communication Platform
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-29470 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-25382 MEDIUM This Month

An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-26909 MEDIUM This Month

Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Automox
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-29158 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3 Pro up to and including 3.30.0 has Incorrect Access Control. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Nexus Repository Manager 3
NVD
CVSS 3.1
4.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy