Skip to main content
CVE-2021-33393 HIGH POC PATCH THREAT Act Now

lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Ipfire
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
58.7%
CVE-2021-33833 CRITICAL POC Act Now

ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Connection Manager Debian Linux
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2021-33357 CRITICAL POC THREAT Act Now

A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Raspap
NVD GitHub
CVSS 3.1
9.8
EPSS
17.9%
CVE-2021-33358 HIGH POC This Week

Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.7%
CVE-2021-33356 HIGH POC This Week

Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
5.3%
CVE-2021-3196 HIGH POC This Week

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Jwt Attack Id Bravura Security Fabric
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29995 HIGH POC This Week

A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cloverdx
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-34369 MEDIUM POC This Month

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Civic Platform
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
8.2%
CVE-2021-21473 MEDIUM POC This Month

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
6.3
EPSS
1.2%
CVE-2021-34370 MEDIUM POC This Month

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Civic Platform
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
10.0%
CVE-2021-33829 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ckeditor Fedora Drupal Debian Linux
NVD
CVSS 3.1
6.1
EPSS
3.2%
CVE-2021-23853 CRITICAL Act Now

In Bosch IP cameras, improper validation of the HTTP header allows an attacker to inject arbitrary HTTP headers through crafted URLs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Cpp4 Firmware Cpp6 Firmware Cpp7 Firmware Cpp7 3 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-33841 CRITICAL Act Now

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sge Plc1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2021-26314 MEDIUM POC This Month

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xen Cortex A72 Bcm2711 Core I7 10700K +4
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-28169 MEDIUM POC PATCH THREAT This Month

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jetty Debian Linux Communications Cloud Native Core Policy Rest Data Services +4
NVD GitHub
CVSS 3.1
5.3
EPSS
78.5%
CVE-2021-23847 CRITICAL Act Now

A Missing Authentication in Critical Function in Bosch IP cameras allows an unauthenticated remote attacker to extract sensitive information or change settings of the camera by sending crafted. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cpp6 Firmware Cpp7 Firmware Cpp7 3 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2021-33894 HIGH PATCH This Week

In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before 2019.1.5 (11.1.5), 2019.2.x before 2019.2.2 (11.2.2), 2020.x before 2020.0.5 (12.0.5), 2020.1.x before 2020.1.4 (12.1.4), and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Authentication Bypass SQLi Microsoft Moveit Transfer
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-0101 HIGH This Week

Buffer overflow in the BMC firmware for Intel(R) Server BoardM10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Privilege Escalation Efi Bios 7215
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-0070 HIGH This Week

Improper input validation in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation Efi Bios 7215
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-33842 HIGH This Week

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sge Plc1000 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-20731 HIGH This Week

WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Wsr 1166Dhp4 Firmware Wsr 1166Dhp3 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-0133 HIGH This Week

Key exchange without entity authentication in the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Secl Dc
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-32677 HIGH PATCH This Week

FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Python Fastapi Fedora
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2021-0106 HIGH This Week

Incorrect default permissions in the Intel(R) Optane(TM) DC Persistent Memory for Windows software versions before 2.00.00.3842 or 1.00.00.3515 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Ipmctl
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0104 HIGH PATCH This Week

Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Intel Privilege Escalation Rapid Storage Technology
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-0102 HIGH This Week

Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Unite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0100 HIGH This Week

Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Ssd Data Center Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0098 HIGH This Week

Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Unite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0094 HIGH This Week

Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Driver Support Assistant
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0077 HIGH PATCH This Week

Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Intel Privilege Escalation Vtune Profiler
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0074 HIGH This Week

Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0073 HIGH This Week

Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Driver Support Assistant
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0058 HIGH This Week

Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Lapbc510 Firmware Lapbc710 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0057 HIGH This Week

Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation Lapbc510 Firmware Lapbc710 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0056 HIGH This Week

Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Lapbc510 Firmware Lapbc710 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0055 HIGH This Week

Insecure inherited permissions for some Intel(R) NUC 9 Extreme Laptop Kit LAN Drivers before version 10.42 may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Lapqc71A Firmware Lapqc71B Firmware Lapqc71C Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0052 HIGH This Week

Incorrect default privileges in the Intel(R) Computing Improvement Program before version 2.4.6522 may allow an authenticated user to potentially enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33669 HIGH PATCH This Week

Under certain conditions, SAP Mobile SDK Certificate Provider allows a local unprivileged attacker to exploit an insecure temporary file storage. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

SAP Information Disclosure Mobile Sdk Certificate Provider
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-31837 HIGH This Week

Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Getsusp
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-33359 HIGH PATCH This Week

A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Gowitness
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-27633 HIGH This Week

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver Abap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27632 HIGH This Week

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service SAP Netweaver As Abap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27631 HIGH This Week

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service SAP Netweaver As Abap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27630 HIGH This Week

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service SAP Netweaver As Abap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27629 HIGH This Week

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Information Disclosure Netweaver As Abap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27628 HIGH This Week

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver As Abap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27607 HIGH This Week

SAP NetWeaver ABAP Server and ABAP Platform (Dispatcher), versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service SAP Netweaver As Abap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27606 HIGH This Week

SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Information Disclosure Netweaver As Abap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-27597 HIGH This Week

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP Information Disclosure Netweaver Abap
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-33668 HIGH This Week

Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Infrabox
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy