Skip to main content
CVE-2021-34369 MEDIUM POC This Month

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Civic Platform
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
8.2%
CVE-2021-21473 MEDIUM POC This Month

SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
6.3
EPSS
1.2%
CVE-2021-34370 MEDIUM POC This Month

Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Civic Platform
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
10.0%
CVE-2021-33829 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ckeditor Fedora Drupal Debian Linux
NVD
CVSS 3.1
6.1
EPSS
3.2%
CVE-2021-26314 MEDIUM POC This Month

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xen Cortex A72 Bcm2711 Core I7 10700K +4
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-28169 MEDIUM POC PATCH THREAT This Month

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Jetty Debian Linux Communications Cloud Native Core Policy Rest Data Services +4
NVD GitHub
CVSS 3.1
5.3
EPSS
78.5%
CVE-2021-0067 MEDIUM PATCH This Month

&nbsp;Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Intel Privilege Escalation Nuc M15 Laptop Kit Lapbc510 Firmware Nuc M15 Laptop Kit Lapbc710 Firmware Nuc 11 Compute Element Cm11Ebc4 Firmware +74
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0054 MEDIUM PATCH This Month

Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Intel Privilege Escalation Nuc M15 Laptop Kit Lapbc510 Firmware Nuc M15 Laptop Kit Lapbc710 Firmware +75
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0131 MEDIUM This Month

Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Secl Dc
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-0089 MEDIUM This Month

Observable response discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Debian Linux Fedora Pentium Processors Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0086 MEDIUM This Month

Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Brand Verification Tool Fedora Pentium Processors Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0113 MEDIUM This Month

Out of bounds write in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Intel Memory Corruption Efi Bios 7215
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0097 MEDIUM This Month

Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Intel Path Traversal Efi Bios 7215
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-27635 MEDIUM PATCH This Month

SAP NetWeaver AS for JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker authenticated as an administrator to connect over a network and submit a specially crafted XML file in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE SAP Netweaver Application Server For Java
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-29049 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Dxp
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-30133 MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Cloverdx
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-23854 MEDIUM This Month

An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpp6 Firmware Cpp7 Firmware Cpp7 3 Firmware Cpp13 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23848 MEDIUM This Month

An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cpp4 Firmware Cpp6 Firmware Cpp7 Firmware Cpp7 3 Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-33666 MEDIUM This Month

When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Commerce Cloud
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-21490 MEDIUM This Month

SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-34364 MEDIUM This Month

The Refined GitHub browser extension before 21.6.8 might allow XSS via a link in a document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Refined Github
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-27634 MEDIUM This Month

SAP NetWeaver AS for ABAP (RFC Gateway), versions - KRNL32NUC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver Abap
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-27627 MEDIUM This Month

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver As Internet Graphics Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-27626 MEDIUM This Month

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver As Internet Graphics Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-27625 MEDIUM This Month

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver As Internet Graphics Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-27624 MEDIUM This Month

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver As Internet Graphics Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-27623 MEDIUM This Month

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver As Internet Graphics Server
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2021-27622 MEDIUM This Month

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver As Internet Graphics Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-27620 MEDIUM This Month

SAP Internet Graphics Service, versions - 7.20,7.20EXT,7.53,7.20_EX2,7.81, allows an unauthenticated attacker after retrieving an existing system state value can submit a malicious IGS request over a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver As Internet Graphics Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-20732 MEDIUM This Month

The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2) does not verify server certificate properly, which allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Apple Information Disclosure Smart Life
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2021-0129 MEDIUM This Month

Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bluez Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.7
EPSS
0.8%
CVE-2021-32942 MEDIUM PATCH This Month

The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intouch 2017 Intouch 2020
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-33661 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-33660 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FLI file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-33659 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-27643 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-27642 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PCX file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-27641 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TIF file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-27640 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PSD file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-27639 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-27638 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated JT file received from untrusted sources which results in crashing of the application and becoming temporarily. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-26313 MEDIUM This Month

Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Cortex A72 Bcm2711 Core I7 10700K +4
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-33665 MEDIUM This Month

SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33664 MEDIUM This Month

SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-27615 MEDIUM This Month

SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Manufacturing Execution
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-33663 MEDIUM This Month

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL -. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20728 MEDIUM This Month

Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Goo Blog
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-0134 MEDIUM This Month

Improper input validation in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Denial Of Service Secl Dc
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-0132 MEDIUM This Month

Missing release of resource after effective lifetime in an API for the Intel(R) Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Denial Of Service Secl Dc
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-23852 MEDIUM This Month

An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Cpp4 Firmware Cpp6 Firmware Cpp7 Firmware Cpp7 3 Firmware +1
NVD
CVSS 3.1
4.9
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy