Skip to main content
CVE-2021-33477 HIGH POC PATCH This Week

rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Eterm Mrxvt Rxvt Unicode Rxvt +2
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-32630 HIGH POC This Week

Admidio is a free, open source user management system for websites of organizations and groups. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Admidio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-25931 HIGH POC PATCH This Week

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1;. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Horizon Meridian
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2021-28906 HIGH POC This Week

In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-28905 HIGH POC This Week

In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-28904 HIGH POC This Week

In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-28903 HIGH POC This Week

A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-28902 HIGH POC This Week

In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libyang
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-28682 HIGH POC This Week

An issue was discovered in Envoy through 1.71.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Integer Overflow Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-29686 HIGH This Week

IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Security Identity Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-28112 HIGH This Week

Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE X Dock Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-28111 HIGH This Week

Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass X Dock Firmware
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2021-3438 HIGH This Week

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Privilege Escalation HP Color Laser 150 4Zb94A +381
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2021-29258 HIGH This Week

An issue was discovered in Envoy 1.14.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-28683 HIGH This Week

An issue was discovered in Envoy through 1.71.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-27432 HIGH This Week

OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ua Net Legacy Ua Net Standard Stack
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-29691 HIGH PATCH This Week

IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

IBM Authentication Bypass Security Identity Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-29688 HIGH PATCH This Week

IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Identity Manager
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-27434 HIGH This Week

Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Net Based Opc Ua Client Server Sdk
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-3480 HIGH PATCH This Week

A flaw was found in slapi-nis in versions before 0.56.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Slapi Nis Fedora
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-27461 HIGH This Week

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware X Stream Enhanced Xexf Firmware
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-27457 HIGH This Week

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure X Stream Enhanced Xegp Firmware X Stream Enhanced Xegk Firmware X Stream Enhanced Xefd Firmware X Stream Enhanced Xexf Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-20718 HIGH This Week

mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mod Auth Openidc Fedora Essbase
NVD GitHub
CVSS 3.1
7.5
EPSS
3.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy