Skip to main content
CVE-2021-31926 MEDIUM POC This Month

AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1.1.2 allows a remote, authenticated user to open ports in the local system firewall by crafting an HTTP(S) request directly to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-31792 MEDIUM POC This Month

XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-21547 MEDIUM PATCH This Month

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Dell Information Disclosure Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-20515 MEDIUM PATCH This Month

IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE IBM Memory Corruption Denial Of Service +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21229 MEDIUM This Month

Incorrect security UI in downloads in Google Chrome on Android prior to 90.0.4430.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20326 MEDIUM PATCH This Month

A user authorized to performing a specific type of find query may trigger a denial of service.4 versions prior to 4.4.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service MongoDB
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-31935 MEDIUM This Month

OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-31934 MEDIUM This Month

OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-21541 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29463 MEDIUM PATCH This Month

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Information Disclosure Exiv2 Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-21537 MEDIUM This Month

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21536 MEDIUM This Month

Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Dell Information Disclosure Hybrid Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-31232 MEDIUM PATCH This Month

The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Cortex
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-31231 MEDIUM This Month

The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Grafana Information Disclosure Enterprise Metrics
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-20266 MEDIUM PATCH This Month

A flaw was found in RPM's hdrblobInit() in lib/header.c. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Rpm Fedora
NVD
CVSS 3.1
4.9
EPSS
1.7%
CVE-2021-21543 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-21542 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-21228 MEDIUM This Month

Insufficient policy enforcement in extensions in Google Chrome prior to 90.0.4430.93 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy