Skip to main content
CVE-2021-20371 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-31855 MEDIUM This Month

KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Messagelib
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-3545 MEDIUM This Month

An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-3544 MEDIUM This Month

Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Qemu Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-29091 MEDIUM This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file management component in Synology Photo Station before 6.8.14-3500 allows remote authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Synology Path Traversal Photo Station
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-3499 MEDIUM This Month

A vulnerability was found in OVN Kubernetes in versions up to and including 0.3.0 where the Egress Firewall does not reliably apply firewall rules when there is multiple DNS rules. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Kubernetes Authentication Bypass Ovn Kubernetes
NVD
CVSS 3.1
5.6
EPSS
0.8%
CVE-2021-3522 MEDIUM PATCH This Month

GStreamer versions prior to 1.18.4 contain an out-of-bounds read vulnerability when processing malformed ID3v2 tags, potentially leading to denial of service through information disclosure or application crash. The vulnerability affects GStreamer itself and multiple NetApp products (Active IQ Unified Manager, E-Series Santricity, OnCommand suite, and HCI Management Node) that embed or depend on GStreamer libraries. An attacker can trigger this vulnerability by crafting a malicious audio file with specially formatted ID3v2 metadata and providing it to an application that uses the affected GStreamer library, though the EPSS score of 0.13% (32nd percentile) suggests limited real-world exploitation likelihood despite the moderate CVSS 5.5 rating.

Buffer Overflow Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-3468 MEDIUM This Month

A flaw was found in avahi in versions 0.6 up to 0.8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-28678 MEDIUM PATCH This Month

An issue was discovered in Pillow before 8.2.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Pillow Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-28675 MEDIUM PATCH This Month

An issue was discovered in Pillow before 8.2.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pillow Fedora
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-29670 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29668 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20348 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20347 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20346 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20345 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20343 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20338 MEDIUM PATCH This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Collaborative Lifecycle Management Engineering Lifecycle Management Engineering Lifecycle Optimization Engineering Insights +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-23896 MEDIUM This Month

Cleartext Transmission of Sensitive Information vulnerability in the administrator interface of McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to view the unencrypted. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Database Security
NVD
CVSS 3.1
4.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy