Skip to main content
CVE-2021-31808 MEDIUM POC PATCH This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Squid Debian Linux Cloud Manager +1
NVD GitHub
CVSS 3.1
6.5
EPSS
5.5%
CVE-2021-31806 MEDIUM POC PATCH THREAT This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux Fedora Cloud Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
95.8%
CVE-2021-31920 MEDIUM POC This Month

Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable vulnerability where an HTTP request path with multiple slashes or escaped slash characters (%2F or %5C) could potentially bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Istio
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-3509 MEDIUM POC PATCH This Month

A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Red Hat XSS Ceph Storage
NVD GitHub
CVSS 3.1
6.1
EPSS
1.7%
CVE-2021-30501 MEDIUM POC PATCH This Month

An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Upx Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-33394 MEDIUM POC PATCH This Month

Cubecart 6.4.2 allows Session Fixation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Session Fixation Cubecart
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-28652 MEDIUM POC PATCH This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Squid Debian Linux Fedora
NVD GitHub
CVSS 3.1
4.9
EPSS
4.3%
CVE-2021-33408 MEDIUM This Month

Local File Inclusion vulnerability in Ab Initio Control>Center before 4.0.2.6 allows remote attackers to retrieve arbitrary files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Center
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-22411 MEDIUM This Month

There is an out-of-bounds write vulnerability in some Huawei products. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption Ngfw Module Firmware Secospace Usg6300 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-28662 MEDIUM PATCH This Month

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Squid Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
71.9%
CVE-2021-32459 MEDIUM This Month

Trend Micro Home Network Security version 6.6.604 and earlier contains a hard-coded password vulnerability in the log collection server which could allow an attacker to use a specially crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Trend Micro Authentication Bypass Home Network Security
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-32645 MEDIUM PATCH This Month

Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Multi Tenant
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-20727 MEDIUM This Month

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zettlr
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-31525 MEDIUM PATCH This Month

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Go Fedora
NVD GitHub
CVSS 3.1
5.9
EPSS
3.7%
CVE-2021-32643 MEDIUM PATCH This Month

Http4s is a Scala interface for HTTP services. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Http4S
NVD GitHub
CVSS 3.1
5.8
EPSS
1.4%
CVE-2021-27492 MEDIUM This Month

When opening a specially crafted 3DXML file, the application containing Datakit Software libraries CatiaV5_3dRead, CatiaV6_3dRead, Step3dRead, Ug3dReadPsr, Jt3dReadPsr modules in KeyShot Versions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Crosscadware Keyshot Solid Edge Se2020 Firmware Solid Edge Se2021 Firmware
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2021-22364 MEDIUM This Month

There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E136R7P2) of HUAWEI Mate 30 (5G) . Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Denial Of Service Mate 30 Firmware Mate 30 5G Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-22362 MEDIUM This Month

There is an out of bounds write vulnerability in some Huawei products. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Memory Corruption Cloudengine 12800 Firmware Cloudengine 5800 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-22360 MEDIUM This Month

There is a resource management error vulnerability in the verisions V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 of USG9500. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Usg9500 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-22358 MEDIUM This Month

There is an insufficient input validation vulnerability in FusionCompute 8.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fusioncompute
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-33586 MEDIUM PATCH This Month

InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Inspircd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy