Skip to main content
CVE-2021-1429 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1428 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1427 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1426 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1421 HIGH This Week

A vulnerability in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to perform a command injection attack on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Enterprise Nfv Infrastructure Software
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-28665 HIGH This Week

Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Network Security Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31918 HIGH This Week

A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Openstack
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31793 HIGH This Week

An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wdb 20 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-22209 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-31409 HIGH PATCH This Week

Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Vaadin
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-1513 HIGH This Week

A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Vsmart Controller Firmware +8
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-1510 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Vedge 100 Firmware +7
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-1509 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Vedge 100 Firmware +7
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-1275 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-1506 HIGH This Week

Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-1401 HIGH This Week

Multiple vulnerabilities in the web-based management interface of certain Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow an authenticated, remote attacker to obtain. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Wap125 Firmware Wap131 Firmware Wap150 Firmware +3
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-31828 HIGH PATCH This Week

An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Elastic SSRF Open Distro
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-3501 HIGH PATCH This Week

A flaw was found in the Linux kernel in versions before 5.12. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux +17
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-1530 HIGH This Week

A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service XXE Broadworks Messaging Server
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2021-31916 MEDIUM PATCH This Month

An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Enterprise Linux +1
NVD GitHub
CVSS 3.1
6.7
EPSS
0.7%
CVE-2021-21550 MEDIUM This Month

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-21527 MEDIUM This Month

Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Command Injection Emc Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-1520 MEDIUM This Month

A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Rv340 Firmware Rv340W Firmware Rv345 Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-1447 MEDIUM This Month

A vulnerability in the user account management system of Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, local attacker to elevate their privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Content Security Management Appliance
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-1532 MEDIUM This Month

A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an authenticated, remote attacker to read arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Telepresence Collaboration Endpoint Roomos
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-1521 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause an affected IP camera to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Video Surveillance 8400 Firmware Video Surveillance 8000P Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-1516 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA), Cisco Email Security Appliance (ESA), and Cisco Web Security. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Content Security Management Appliance Email Security Appliance Web Security Appliance +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-1511 MEDIUM This Month

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Denial Of Service Vedge 100 Firmware +7
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-1478 MEDIUM This Month

A vulnerability in the Java Management Extensions (JMX) component of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Java Authentication Bypass Hosted Collaboration Mediation Fulfillment +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-32052 MEDIUM PATCH This Month

In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Django Fedora
NVD
CVSS 3.1
6.1
EPSS
3.1%
CVE-2021-1490 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Web Security Appliance
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-1397 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Integrated Management Controller Ucs Manager Encs 5100 Firmware +22
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1512 MEDIUM This Month

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Cisco Path Traversal Information Disclosure Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator +10
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2021-31829 MEDIUM PATCH This Month

kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Linux Authentication Bypass Linux Kernel Fedora Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1519 MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1438 MEDIUM This Month

A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Wide Area Application Services
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1507 MEDIUM This Month

A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Sd Wan Vmanage
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-22210 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-32062 MEDIUM This Month

MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mapserver Fedora
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-1535 MEDIUM This Month

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Sd Wan Vmanage
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-1486 MEDIUM This Month

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-22206 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 11.6. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2021-27941 MEDIUM This Month

Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Ewelink
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-22208 MEDIUM This Month

An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-22211 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-1515 MEDIUM This Month

A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to gain access to sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Sd Wan Vmanage
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy