Skip to main content
CVE-2021-3490 HIGH POC PATCH THREAT Act Now

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux RCE Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
27.5%
CVE-2021-31251 CRITICAL POC THREAT Act Now

An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Bf 430 Firmware Bf 431 Firmware Bf 450M Firmware Semac S2 Firmware +6
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
35.7%
CVE-2021-30520 HIGH POC This Week

Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-30519 HIGH POC This Week

Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-30518 HIGH POC This Week

Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-30517 HIGH POC This Week

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2021-30516 HIGH POC This Week

Heap buffer overflow in History in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-30515 HIGH POC This Week

Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-30514 HIGH POC This Week

Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-30513 HIGH POC This Week

Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Memory Corruption Information Disclosure Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-30512 HIGH POC This Week

Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-30510 HIGH POC This Week

Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-30509 HIGH POC This Week

Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-30508 HIGH POC This Week

Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-30507 HIGH POC This Week

Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-30511 HIGH POC This Week

Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Information Disclosure Chrome Fedora
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-33839 HIGH POC This Week

Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because the QR code of a Public Location can be intentionally confused with the QR code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Luca
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-33838 HIGH POC This Week

Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because requests related to Check-In State occur shortly after requests for Phone Number. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Information Disclosure Luca
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2021-26928 MEDIUM POC This Month

BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Authentication Bypass Bird
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2021-31249 MEDIUM POC THREAT This Month

A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of validation on the parameter redirect= available on multiple. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Bf 430 Firmware Bf 431 Firmware Bf 450M Firmware
NVD
CVSS 3.1
6.5
EPSS
18.0%
CVE-2021-32641 MEDIUM POC PATCH This Month

auth0-lock is Auth0's signin solution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE XSS Lock
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-31252 MEDIUM POC THREAT This Month

An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Bf 430 Firmware Bf 431 Firmware Bf 450M Firmware Semac S2 Firmware +10
NVD
CVSS 3.1
6.1
EPSS
28.6%
CVE-2021-30475 CRITICAL PATCH Act Now

aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Aomedia Fedora
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-31250 MEDIUM POC THREAT This Month

Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bf 430 Firmware Bf 431 Firmware Bf 450M Firmware
NVD
CVSS 3.1
5.4
EPSS
79.6%
CVE-2021-30506 HIGH This Week

Incorrect security UI in Web App Installs in Google Chrome on Android prior to 90.0.4430.212 allowed an attacker who convinced a user to install a web application to inject scripts or HTML into a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Code Injection Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2021-1539 HIGH This Week

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Staros Virtualized Packet Core
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-27657 HIGH This Week

Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Metasys
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2021-3491 HIGH PATCH This Week

The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Linux RCE Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-1536 HIGH This Week

A vulnerability in Cisco Webex Meetings Desktop App for Windows, Cisco Webex Meetings Server, Cisco Webex Network Recording Player for Windows, and Cisco Webex Teams for Windows could allow an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft RCE Webex Meetings Desktop Webex Meetings Online +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1528 HIGH This Week

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Catalyst Sd Wan Manager Sd Wan Vbond Orchestrator Vsmart Controller +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1526 HIGH This Week

A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Apple Microsoft +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1503 HIGH This Week

A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Apple Microsoft +2
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-1502 HIGH This Week

A vulnerability in Cisco Webex Network Recording Player for Windows and MacOS and Cisco Webex Player for Windows and MacOS could allow an attacker to execute arbitrary code on an affected system. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Cisco Apple Microsoft +5
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2021-3489 HIGH PATCH This Week

The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux RCE Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-29500 HIGH This Week

bubble fireworks is an open source java package relating to Spring Framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jwt Attack Bubble Fireworks
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-33054 HIGH This Week

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Sogo Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-28091 HIGH PATCH This Week

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Lasso Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-22516 HIGH This Week

Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secure Api Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33840 HIGH This Week

The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Luca
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-1540 HIGH This Week

Multiple vulnerabilities in the authorization process of Cisco ASR 5000 Series Software (StarOS) could allow an authenticated, remote attacker to bypass authorization and execute a subset of CLI. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Staros Virtualized Packet Core
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-1538 HIGH This Week

A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Command Injection Common Services Platform Collector
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2021-1564 MEDIUM This Month

Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Video Surveillance 7530Pd Firmware Video Surveillance 7070 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-1563 MEDIUM This Month

Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Video Surveillance 7530Pd Firmware Video Surveillance 7070 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-26994 MEDIUM This Month

Clustered Data ONTAP versions prior to 9.7P13 and 9.8P3 are susceptible to a vulnerability which could allow single workloads to cause a Denial of Service (DoS) on a cluster node. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Clustered Data Ontap
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-1527 MEDIUM This Month

A vulnerability in Cisco Webex Player for Windows and MacOS could allow an attacker to cause the affected software to terminate or to gain access to memory state information that is related to the. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Microsoft Cisco Webex Player
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-1525 MEDIUM This Month

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to redirect users to a malicious file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Webex Meetings Online Webex Meetings Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3565 MEDIUM PATCH This Month

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Tpm2 Tools Enterprise Linux Fedora
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-1544 MEDIUM This Month

A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1537 MEDIUM This Month

A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Thousandeyes Recorder
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1517 MEDIUM This Month

A vulnerability in the multimedia viewer feature of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an authenticated, remote attacker to bypass security protections. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Webex Meetings Online Webex Meetings Server
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy