Skip to main content
CVE-2021-26807 HIGH POC This Week

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgcc_s_dw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Galaxy
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-29486 HIGH POC PATCH This Week

cumulative-distribution-function is an open source npm library used which calculates statistical cumulative distribution function from data array of x values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Node.js Cumulative Distribution Function
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-31933 HIGH POC PATCH THREAT This Week

A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal RCE PHP Chamilo
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
13.9%
CVE-2021-31926 MEDIUM POC This Month

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-21507 CRITICAL PATCH Act Now

Dell EMC Networking X-Series firmware versions prior to 3.0.1.8 and Dell EMC PowerEdge VRTX Switch Module firmware versions prior to 2.0.0.82 contain a Weak Password Encryption Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Information Disclosure X1008P Firmware X1018P Firmware X1026P Firmware +8
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2021-28959 CRITICAL Act Now

Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Zoho Manageengine Eventlog Analyzer
NVD
CVSS 3.1
9.8
EPSS
16.9%
CVE-2021-31873 CRITICAL PATCH Act Now

An issue was discovered in klibc before 2.0.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Klibc Debian Linux
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-31872 CRITICAL PATCH Act Now

An issue was discovered in klibc before 2.0.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Klibc Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-31870 CRITICAL PATCH Act Now

An issue was discovered in klibc before 2.0.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Klibc Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-31792 MEDIUM POC This Month

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-21530 HIGH PATCH This Week

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Dell Command Injection Information Disclosure Openmanage Enterprise Modular
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-21233 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-21232 HIGH This Week

Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-21231 HIGH This Week

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-21230 HIGH This Week

Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-21227 HIGH This Week

Insufficient data validation in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-21540 HIGH This Week

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Dell Stack Overflow Idrac9 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-21531 HIGH This Week

Dell Unisphere for PowerMax versions prior to 9.2.1.6 contain an Authorization Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Solutions Enabler Solutions Enabler Virtual Appliance Unisphere For Powermax +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-29464 HIGH PATCH This Week

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Heap Overflow RCE Exiv2 Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2021-21535 HIGH This Week

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Hybrid Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31871 HIGH PATCH This Week

An issue was discovered in klibc before 2.0.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Klibc Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-31919 HIGH PATCH This Week

An issue was discovered in the rkyv crate before 0.6.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rkyv
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-21539 HIGH This Week

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Idrac9 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-21547 MEDIUM PATCH This Month

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell Information Disclosure Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-20515 MEDIUM PATCH This Month

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE IBM Memory Corruption Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21229 MEDIUM This Month

Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20326 MEDIUM PATCH This Month

A user authorized to performing a specific type of find query may trigger a denial of service.4 versions prior to 4.4.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-31935 MEDIUM This Month

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-31934 MEDIUM This Month

OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21541 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29463 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-21537 MEDIUM This Month

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21536 MEDIUM This Month

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-31232 MEDIUM PATCH This Month

The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Cortex
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-31231 MEDIUM This Month

The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Grafana Information Disclosure Enterprise Metrics
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-20266 MEDIUM PATCH This Month

A flaw was found in RPM's hdrblobInit() in lib/header.c. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Rpm Fedora
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-21543 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-21542 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-21228 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-21534 LOW Monitor

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-21544 LOW Monitor

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Idrac9 Firmware
NVD
CVSS 3.1
2.7
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy