Skip to main content
CVE-2021-31191 MEDIUM PATCH This Month

Windows Projected File System FS Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-31185 MEDIUM PATCH This Month

Windows Desktop Bridge Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-31184 MEDIUM PATCH This Month

Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2021-31178 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Information Disclosure Microsoft 365 Apps Excel +4
NVD
CVSS 3.1
5.5
EPSS
16.0%
CVE-2021-31174 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
5.5
EPSS
2.9%
CVE-2021-28479 MEDIUM PATCH This Month

Windows CSC Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-3504 MEDIUM PATCH This Month

A flaw was found in the hivex library in versions before 1.3.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Microsoft Information Disclosure Hivex Enterprise Linux +2
NVD
CVSS 3.1
5.4
EPSS
1.9%
CVE-2021-21649 MEDIUM PATCH This Month

Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Dashboard View
NVD
CVSS 3.1
5.4
EPSS
72.7%
CVE-2021-3315 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31908 MEDIUM This Month

In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27733 MEDIUM This Month

In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-32544 MEDIUM This Month

Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Igt
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-30174 MEDIUM This Month

RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cloudiso
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-31173 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
2.1%
CVE-2021-29471 MEDIUM PATCH This Month

Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-31907 MEDIUM This Month

In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were implemented improperly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-31900 MEDIUM This Month

In JetBrains Code With Me bundled to the compatible IDE versions before 2021.1, a client could open a browser on a host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Code With Me
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-27618 MEDIUM This Month

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP File Upload Netweaver Process Integration
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-27617 MEDIUM This Month

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SAP Netweaver Process Integration
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-26418 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.6
EPSS
1.2%
CVE-2021-21654 MEDIUM PATCH This Month

Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure P4
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2021-21653 MEDIUM PATCH This Month

Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Atlassian Information Disclosure Xray Test Management For Jira
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21651 MEDIUM PATCH This Month

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain the list of configured profiles. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure S3 Publisher
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-21650 MEDIUM PATCH This Month

Jenkins S3 publisher Plugin 0.11.6 and earlier does not perform Run/Artifacts permission checks in various HTTP endpoints and API models, allowing attackers with Item/Read permission to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure S3 Publisher
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-31171 MEDIUM PATCH This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 4.1).

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
4.1
EPSS
0.7%
CVE-2021-26309 LOW Monitor

Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-31906 LOW Monitor

In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient when an administrator uploaded a file. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
2.7
EPSS
0.6%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy