Skip to main content
CVE-2021-23018 HIGH This Week

Intra-cluster communication does not use TLS. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nginx Information Disclosure Nginx Controller
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-3412 HIGH This Week

It was found that all versions of 3Scale developer portal lacked brute force protections. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 3Scale 3Scale Api Management
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2021-3543 MEDIUM This Month

A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Nitro Enclaves Enterprise Linux +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-3515 MEDIUM PATCH This Month

A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

PostgreSQL Command Injection Pglogical
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2021-26111 MEDIUM This Month

A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiswitch
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-25640 MEDIUM PATCH This Month

In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Open Redirect Dubbo
NVD
CVSS 3.1
6.1
EPSS
2.1%
CVE-2021-23021 MEDIUM This Month

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nginx Information Disclosure Nginx Controller
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-23020 MEDIUM This Month

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nginx Controller
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-3424 MEDIUM PATCH This Month

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Single Sign On
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-23388 MEDIUM PATCH This Month

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Forms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2021-20585 MEDIUM This Month

IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-3425 MEDIUM This Month

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss A Mq
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-32657 MEDIUM This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Denial Of Service Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%
CVE-2021-33182 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in PDF Viewer component in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Diskstation Manager
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-20306 MEDIUM This Month

A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Descision Manager Jbpm Process Automation
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-32655 LOW Monitor

Nextcloud Server is a Nextcloud package that handles data storage. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
3.5
EPSS
1.0%
CVE-2021-20575 LOW PATCH Monitor

IBM Security Verify Access 20.07 allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

IBM Information Disclosure Application Gateway Security Verify Access
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2021-32653 LOW Monitor

Nextcloud Server is a Nextcloud package that handles data storage. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
2.7
EPSS
1.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy