Skip to main content
CVE-2021-23906 MEDIUM POC This Month

An issue was discovered in the Headunit NTG6 in the MBUX Infotainment System on Mercedes-Benz vehicles through 2021. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mercedes Benz User Experience
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2021-32925 MEDIUM POC PATCH This Month

admin/user_import.php in Chamilo 1.11.x reads XML data without disabling the ability to load external entities. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XXE Chamilo
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-31876 MEDIUM This Month

Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Bitcoin
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-29506 MEDIUM PATCH This Month

GraphHopper is an open-source Java routing engine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Java Graphhopper
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22139 MEDIUM This Month

Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Denial Of Service Kibana
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20994 MEDIUM This Month

In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20221 MEDIUM PATCH This Month

An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu Enterprise Linux Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2021-32921 MEDIUM This Month

An issue was discovered in Prosody before 0.11.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Race Condition Prosody Fedora Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2021-22152 MEDIUM This Month

A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Unified Endpoint Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-20535 MEDIUM This Month

IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM SSRF Jazz Reporting Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22137 MEDIUM PATCH This Month

In Elasticsearch versions before 7.11.2 and 6.8.15 a document disclosure flaw was found when Document or Field Level Security is used. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-22135 MEDIUM PATCH This Month

Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-32917 MEDIUM This Month

An issue was discovered in Prosody before 0.11.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Prosody Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-21424 MEDIUM PATCH This Month

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Symfony Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-20996 MEDIUM This Month

In multiple managed switches by WAGO in different versions special crafted requests can lead to cookies being transferred to third parties. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20993 MEDIUM This Month

In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 0852 0303 Firmware 0852 1305 Firmware 0852 1505 Firmware 0852 1305 000 001 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-22154 MEDIUM This Month

An Information Disclosure vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unified Endpoint Management
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20331 MEDIUM PATCH This Month

Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure C Driver
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-20250 MEDIUM PATCH This Month

A flaw was found in wildfly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jboss Ejb Client Jboss Enterprise Application Platform Expansion Pack
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy