Skip to main content
CVE-2021-22898 LOW POC PATCH Monitor

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Curl Debian Linux Fedora Communications Cloud Native Core Binding Support Function +8
NVD GitHub
CVSS 3.1
3.1
EPSS
0.1%
CVE-2021-25399 HIGH This Week

Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Smart Manager
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-25388 HIGH This Week

Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2021-0482 HIGH PATCH This Week

In BinderDiedCallback of MediaCodec.cpp, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.0).

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2021-0476 HIGH PATCH This Week

In FindOrCreatePeer of btif_av.cc, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).

Google Denial Of Service Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2021-25396 MEDIUM This Month

An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-23204 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command Centre Server allows OSDP key material to be exposed to Command Centre Operators. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-23136 MEDIUM This Month

Improper Authorization vulnerability in Gallagher Command Centre Server allows macro overrides to be performed by an unprivileged Command Centre Operator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-22913 MEDIUM This Month

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Deck
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-22181 MEDIUM This Month

A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 allows an attacker to create a recursive pipeline relationship and exhaust resources. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-25419 MEDIUM This Month

Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-25416 MEDIUM This Month

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2021-25406 MEDIUM This Month

Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gear S
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-26997 MEDIUM This Month

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to discover information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure E Series Santricity Os Controller
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-25395 MEDIUM KEV THREAT This Month

A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Authentication Bypass Android
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2021-25394 MEDIUM KEV THREAT This Month

A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. Rated medium severity (CVSS 6.4). No vendor patch available.

Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2021-22903 MEDIUM PATCH This Month

The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Rails
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-25389 MEDIUM This Month

Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2021-0484 MEDIUM PATCH This Month

In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0480 MEDIUM PATCH This Month

In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-28689 MEDIUM This Month

x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Xen
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-28687 MEDIUM This Month

HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-25423 MEDIUM This Month

Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Watch Active2 Plugin
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25422 MEDIUM This Month

Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Watch Active Plugin
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25421 MEDIUM This Month

Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Galaxy Watch 3 Plugin
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25420 MEDIUM This Month

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Galaxy Watch Plugin
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25415 MEDIUM This Month

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-25405 MEDIUM This Month

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Notes
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-28805 MEDIUM This Month

Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qnap Information Disclosure Qss
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-23393 MEDIUM PATCH This Month

This affects the package Flask-Unchained before 0.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Python Flask Unchained
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22764 MEDIUM This Month

A CWE-287: Improper Authentication vulnerability exists in PowerLogic PM55xx, PowerLogic PM8ECC, PowerLogic EGX100 and PowerLogic EGX300 (see security notification for version infromation) that could. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerlogic Pm5560 Firmware Powerlogic Pm5561 Firmware Powerlogic Pm5562 Firmware Powerlogic Pm5563 Firmware
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2021-22749 MEDIUM This Month

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon X80 Bmxnor0200H Rtu Firmware
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-25425 MEDIUM This Month

Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-26993 MEDIUM This Month

E-Series SANtricity OS Controller Software 11.x versions prior to 11.70.1 are susceptible to a vulnerability which when successfully exploited could allow a remote attacker to cause a partial Denial. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service E Series Santricity Os Controller
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-22769 MEDIUM This Month

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Easergy T300 with firmware V2.7.1 and older that could expose files or directory content when access from an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Easergy T300 Firmware
NVD VulDB
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-23211 MEDIUM This Month

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-23182 MEDIUM This Month

Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows OSDP reader master keys to be discoverable in server memory dumps. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-25411 MEDIUM This Month

Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-23230 MEDIUM This Month

A SQL Injection vulnerability in the OPCUA interface of Gallagher Command Centre allows a remote unprivileged Command Centre Operator to modify Command Centre databases undetected. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Command Centre
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-22896 MEDIUM PATCH This Month

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Nextcloud Authentication Bypass
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-25404 LOW Monitor

Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Smartthings Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25403 LOW Monitor

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure Account
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25402 LOW Monitor

Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Notes
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25398 LOW Monitor

Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bixby Voice
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-20396 LOW Monitor

IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Security Qradar Analyst Workflow
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25409 LOW Monitor

Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
2.4
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy