Skip to main content
CVE-2021-31948 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.6
EPSS
1.3%
CVE-2021-33742 HIGH KEV PATCH THREAT This Week

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption RCE Windows 10 1507 +13
NVD
CVSS 3.1
7.5
EPSS
59.1%
CVE-2021-31976 HIGH PATCH This Week

Server for NFS Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2021-31975 HIGH PATCH This Week

Server for NFS Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
7.5
EPSS
3.7%
CVE-2021-31974 HIGH PATCH This Week

Server for NFS Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
7.5
EPSS
6.7%
CVE-2021-31968 HIGH PATCH This Week

Windows Remote Desktop Services Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-31958 HIGH PATCH This Week

Windows NTLM Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-31340 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Simatic Rf166C Firmware Simatic Rf185C Firmware Simatic Rf186C Firmware Simatic Rf186Ci Firmware +21
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33571 HIGH PATCH This Week

In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Python SSRF Django Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2021-33176 HIGH This Week

VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Vernemq
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-33175 HIGH PATCH This Week

EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Denial Of Service Emq X Broker
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-22116 HIGH This Week

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rabbitmq Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-33560 HIGH PATCH This Week

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Libgcrypt Debian Linux Fedora Communications Cloud Native Core Binding Support Function +4
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-28810 HIGH This Week

If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Roon Server
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22212 HIGH PATCH This Week

ntpkeygen can generate keys that ntpd fails to parse. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Ntpsec Fedora
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-31949 HIGH PATCH This Week

Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft 365 Apps Office +1
NVD
CVSS 3.1
7.3
EPSS
2.6%
CVE-2021-31938 HIGH PATCH This Week

Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Kubernetes Microsoft Information Disclosure Kubernetes Tools
NVD
CVSS 3.1
7.3
EPSS
2.0%
CVE-2021-31966 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
4.6%
CVE-2021-28811 HIGH This Week

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Roon Server
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-31963 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.1
EPSS
2.1%
CVE-2021-26420 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable.

Microsoft RCE Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.1
EPSS
3.0%
CVE-2021-31971 MEDIUM PATCH This Month

Windows HTML Platforms Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
2.1%
CVE-2021-22216 MEDIUM This Month

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22221 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-22217 MEDIUM This Month

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-22213 MEDIUM This Month

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-31959 MEDIUM PATCH This Month

Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
6.4
EPSS
9.2%
CVE-2021-32015 MEDIUM This Month

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Npct75X Firmware
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2021-31957 MEDIUM PATCH This Month

ASP.NET Core Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Net Net Core Visual Studio 2019 Fedora
NVD
CVSS 3.1
5.9
EPSS
5.1%
CVE-2021-31965 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.7
EPSS
4.5%
CVE-2021-31978 MEDIUM PATCH This Month

Microsoft Defender Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Malware Protection Engine
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-31972 MEDIUM PATCH This Month

Event Tracing for Windows Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-31970 MEDIUM PATCH This Month

Windows TCP/IP Driver Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31960 MEDIUM PATCH This Month

Windows Bind Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-31955 MEDIUM KEV PATCH THREAT This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1809 Windows 10 1909 Windows 10 2004 +5
NVD
CVSS 3.1
5.5
EPSS
81.1%
CVE-2021-26945 MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Buffer Overflow Denial Of Service Openexr
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-26260 MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Buffer Overflow Denial Of Service Openexr Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-23215 MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Buffer Overflow Denial Of Service Openexr Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-22220 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting with 13.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-21559 MEDIUM PATCH This Month

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2021-33190 MEDIUM This Month

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Apisix Dashboard
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2021-30357 MEDIUM This Month

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ssl Network Extender
NVD
CVSS 3.1
5.3
EPSS
22.8%
CVE-2021-31201 MEDIUM KEV PATCH THREAT This Month

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.2
EPSS
2.6%
CVE-2021-31199 MEDIUM KEV PATCH THREAT This Month

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.2
EPSS
3.0%
CVE-2021-31944 MEDIUM PATCH This Month

3D Viewer Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Information Disclosure 3D Viewer
NVD
CVSS 3.1
5.0
EPSS
2.8%
CVE-2021-22219 MEDIUM This Month

All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-33203 MEDIUM PATCH This Month

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django Fedora
NVD
CVSS 3.1
4.9
EPSS
2.7%
CVE-2021-26414 MEDIUM PATCH This Month

Windows DCOM Server Security Feature Bypass. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +7
NVD
CVSS 3.1
4.8
EPSS
50.0%
CVE-2021-21558 MEDIUM PATCH This Month

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-22215 LOW Monitor

An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project owner to leak information about the members' on-call rotations in other projects. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.8%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy