Skip to main content
CVE-2021-3528 HIGH PATCH This Week

A flaw was found in noobaa-operator in versions before 5.7.0, where internal RPC AuthTokens between the noobaa operator and the noobaa core are leaked into log files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Noobaa Operator
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-31215 HIGH This Week

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Slurm Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2021-22155 HIGH This Week

An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Workspaces Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-27413 HIGH This Week

Omron CX-One Versions 4.60 and prior, including CX-Server Versions 5.0.29.0 and prior, are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Cx One Cx Server
NVD
CVSS 3.1
7.8
EPSS
10.0%
CVE-2021-20025 HIGH This Week

SonicWall Email Security Virtual Appliance version 10.0.9 and earlier versions contain a default username and a password that is used at initial setup. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Sonicwall Authentication Bypass Email Security Virtual Appliance
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25694 HIGH This Week

Teradici PCoIP Graphics Agent for Windows prior to 21.03 does not validate NVENC.dll. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Pcoip Graphics Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-29510 HIGH PATCH This Week

Pydantic is a data validation and settings management using Python type hinting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Pydantic Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22140 HIGH This Week

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XXE Elastic App Search
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-32920 HIGH This Week

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prosody Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-32919 HIGH This Week

An issue was discovered in Prosody before 0.11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prosody Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-32918 HIGH This Week

An issue was discovered in Prosody before 0.11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Prosody Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-20181 HIGH PATCH This Week

A race condition flaw was found in the 9pfs server implementation of QEMU up to and including 5.2.0. Rated high severity (CVSS 7.5).

Privilege Escalation Qemu Debian Linux
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-25693 HIGH This Week

An attacker may cause a Denial of Service (DoS) in multiple versions of Teradici PCoIP Agent via a null pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Pcoip Agent
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20997 HIGH This Week

In multiple managed switches by WAGO in different versions it is possible to read out the password hashes of all Web-based Management users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20995 HIGH This Week

In multiple managed switches by WAGO in different versions the webserver cookies of the web based UI contain user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-20988 HIGH This Week

In Hilscher rcX RTOS versions prios to V2.1.14.1 the actual UDP packet length is not verified against the length indicated by the packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Rcx Rtos Ice1 16Di G60L V1D Firmware Ice1 16Dio G60L C1 V1D Firmware +6
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22153 HIGH This Week

A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Unified Endpoint Management
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2021-26311 HIGH This Week

In the AMD SEV/SEV-ES feature, memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Command Injection RCE Epyc 7232P Epyc 7251 +63
NVD
CVSS 3.1
7.2
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy