Skip to main content
CVE-2021-31921 CRITICAL POC Act Now

Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Istio
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2021-30474 CRITICAL PATCH Act Now

aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Aomedia
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-26707 CRITICAL PATCH Act Now

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Prototype Pollution Node.js Information Disclosure Merge Deep E Series Performance Analyzer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-3538 CRITICAL PATCH Act Now

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uuid
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2021-3520 CRITICAL PATCH Act Now

There's a flaw in lz4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Buffer Overflow Integer Overflow Lz4 Active Iq Unified Manager Cloud Backup +4
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-29089 CRITICAL Act Now

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Synology SQLi Photo Station
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2021-25288 CRITICAL PATCH Act Now

An issue was discovered in Pillow before 8.2.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.3%
CVE-2021-25287 CRITICAL PATCH Act Now

An issue was discovered in Pillow before 8.2.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
9.1
EPSS
2.9%
CVE-2021-32625 HIGH This Week

Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Redis RCE Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-23894 HIGH This Week

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Java Database Security
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-3546 HIGH This Week

An out-of-bounds write vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Memory Corruption Qemu +1
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2021-23895 HIGH This Week

Deserialization of untrusted data vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Deserialization Java Database Security
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2021-28677 HIGH PATCH This Week

An issue was discovered in Pillow before 8.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-28676 HIGH PATCH This Week

An issue was discovered in Pillow before 8.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pillow Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-3530 HIGH PATCH This Week

A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Binutils Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-24012 HIGH This Week

An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2021-29090 HIGH This Week

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology SQLi PHP Photo Station
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2021-3529 HIGH This Week

A flaw was found in noobaa-core in versions before 5.7.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Noobaa Operator Openshift Container Platform
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2021-20371 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-31855 MEDIUM This Month

KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Messagelib
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-3545 MEDIUM This Month

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-3544 MEDIUM This Month

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-29091 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Photo Station
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-3499 MEDIUM This Month

A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Authentication Bypass Ovn Kubernetes
NVD
CVSS 3.1
5.6
EPSS
0.8%
CVE-2021-3522 MEDIUM PATCH This Month

GStreamer versions prior to 1.18.4 contain an out-of-bounds read vulnerability when processing malformed ID3v2 tags, potentially leading to denial of service through information disclosure or application crash. The vulnerability affects GStreamer itself and multiple NetApp products (Active IQ Unified Manager, E-Series Santricity, OnCommand suite, and HCI Management Node) that embed or depend on GStreamer libraries. An attacker can trigger this vulnerability by crafting a malicious audio file with specially formatted ID3v2 metadata and providing it to an application that uses the affected GStreamer library, though the EPSS score of 0.13% (32nd percentile) suggests limited real-world exploitation likelihood despite the moderate CVSS 5.5 rating.

Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-3468 MEDIUM This Month

A flaw was found in avahi in versions 0.6 up to 0.8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-28678 MEDIUM PATCH This Month

An issue was discovered in Pillow before 8.2.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-28675 MEDIUM PATCH This Month

An issue was discovered in Pillow before 8.2.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pillow Fedora
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-29670 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29668 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20348 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20347 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20346 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20345 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20343 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20338 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-23896 MEDIUM This Month

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Database Security
NVD
CVSS 3.1
4.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy