Skip to main content
CVE-2021-31807 MEDIUM POC PATCH THREAT This Month

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Squid Fedora Cloud Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
16.0%
CVE-2021-31738 MEDIUM POC This Month

Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Loganalyzer
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-3564 MEDIUM POC This Month

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Linux Linux Kernel Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-32106 MEDIUM POC PATCH This Month

In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Icecoder
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-32658 MEDIUM POC PATCH This Month

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Nextcloud Information Disclosure
NVD GitHub
CVSS 3.1
4.6
EPSS
0.3%
CVE-2021-31971 MEDIUM PATCH This Month

Windows HTML Platforms Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
2.1%
CVE-2021-22216 MEDIUM This Month

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-22221 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.10.5, all versions starting from 13.11.0 before 13.11.5, all versions starting from 13.12.0 before. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-22217 MEDIUM This Month

A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-22213 MEDIUM This Month

A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-31959 MEDIUM PATCH This Month

Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
6.4
EPSS
9.2%
CVE-2021-32015 MEDIUM This Month

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Npct75X Firmware
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2021-31957 MEDIUM PATCH This Month

ASP.NET Core Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Net Net Core Visual Studio 2019 Fedora
NVD
CVSS 3.1
5.9
EPSS
5.1%
CVE-2021-31965 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.7
EPSS
4.5%
CVE-2021-31978 MEDIUM PATCH This Month

Microsoft Defender Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Malware Protection Engine
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-31972 MEDIUM PATCH This Month

Event Tracing for Windows Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-31970 MEDIUM PATCH This Month

Windows TCP/IP Driver Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-31960 MEDIUM PATCH This Month

Windows Bind Filter Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-31955 MEDIUM KEV PATCH THREAT This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1809 Windows 10 1909 Windows 10 2004 +5
NVD
CVSS 3.1
5.5
EPSS
81.1%
CVE-2021-26945 MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Buffer Overflow Denial Of Service Openexr
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-26260 MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Buffer Overflow Denial Of Service Openexr Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-23215 MEDIUM PATCH This Month

An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Buffer Overflow Denial Of Service Openexr Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-22220 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting with 13.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-21559 MEDIUM PATCH This Month

Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2021-33190 MEDIUM This Month

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Apisix Dashboard
NVD
CVSS 3.1
5.3
EPSS
2.7%
CVE-2021-30357 MEDIUM This Month

SSL Network Extender Client for Linux before build 800008302 reveals part of the contents of the configuration file supplied, which allows partially disclosing files to which the user did not have. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ssl Network Extender
NVD
CVSS 3.1
5.3
EPSS
22.8%
CVE-2021-31201 MEDIUM KEV PATCH THREAT This Month

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.2
EPSS
2.6%
CVE-2021-31199 MEDIUM KEV PATCH THREAT This Month

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.2
EPSS
3.0%
CVE-2021-31944 MEDIUM PATCH This Month

3D Viewer Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Information Disclosure 3D Viewer
NVD
CVSS 3.1
5.0
EPSS
2.8%
CVE-2021-22219 MEDIUM This Month

All versions of GitLab CE/EE starting from 9.5 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 allow a high privilege user to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-33203 MEDIUM PATCH This Month

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Python Path Traversal Django Fedora
NVD
CVSS 3.1
4.9
EPSS
2.7%
CVE-2021-26414 MEDIUM PATCH This Month

Windows DCOM Server Security Feature Bypass. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +7
NVD
CVSS 3.1
4.8
EPSS
50.0%
CVE-2021-21558 MEDIUM PATCH This Month

Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy