Skip to main content
CVE-2021-23991 MEDIUM POC This Month

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2021-33348 MEDIUM POC PATCH This Month

An issue was discovered in JFinal framework v4.9.10 and below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23398 MEDIUM POC This Month

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS React Bootstrap Table
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-29957 MEDIUM POC This Month

If a MIME encoded email contains an OpenPGP inline signed or encrypted message part, but also contains an additional unprotected part, Thunderbird did not indicate that only parts of the message are. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-29956 MEDIUM POC This Month

OpenPGP secret keys that were imported using Thunderbird version 78.8.1 up to version 78.10.1 were stored unencrypted on the user's local disk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29777 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-20579 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Microsoft Information Disclosure Db2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21571 MEDIUM This Month

Dell UEFI BIOS https stack leveraged by the Dell BIOSConnect feature and Dell HTTPS Boot feature contains an improper certificate validation vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Denial Of Service Alienware M15 R6 Firmware Chengming 3990 Firmware Chengming 3991 Firmware +125
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-29951 MEDIUM This Month

The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft Privilege Escalation Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2021-29945 MEDIUM This Month

The WebAssembly JIT could miscalculate the size of a return type, which could lead to a null read and result in a crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-23998 MEDIUM This Month

Through complicated navigations with new windows, an HTTP page could have inherited a secure lock icon from an HTTPS page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-23996 MEDIUM This Month

By utilizing 3D CSS in conjunction with Javascript, content could have been rendered outside the webpage's viewport, resulting in a spoofing attack that could have been used for phishing or other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-23993 MEDIUM This Month

An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Jwt Attack Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-29953 MEDIUM This Month

A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29944 MEDIUM This Month

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google RCE XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-27659 MEDIUM This Month

exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Exacqvision Web Service
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-25655 MEDIUM PATCH This Month

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Aura Experience Portal
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-26585 MEDIUM This Month

A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview Global Dashboard
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25652 MEDIUM This Month

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aura Appliance Virtualization Platform
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-25649 MEDIUM This Month

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aura Utility Services
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-27658 MEDIUM This Month

exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exacqvision Enterprise Manager
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-25656 MEDIUM PATCH This Month

Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Aura Experience Portal
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-32712 MEDIUM PATCH This Month

Shopware is an open source eCommerce platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-29965 MEDIUM This Month

A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built-in password manager to suggest passwords for the currently active website instead of the website that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-29955 MEDIUM This Month

A transient execution vulnerability, named Floating Point Value Injection (FPVI) allowed an attacker to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla RCE Firefox Firefox Esr
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-31412 MEDIUM PATCH This Month

Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14),. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Flow Vaadin
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-32716 MEDIUM PATCH This Month

Shopware is an open source eCommerce platform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
4.9
EPSS
1.1%
CVE-2021-32709 MEDIUM PATCH This Month

Shopware is an open source eCommerce platform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Shopware
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-32713 MEDIUM PATCH This Month

Shopware is an open source eCommerce platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shopware
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-29963 MEDIUM This Month

Address bar search suggestions in private browsing mode were re-using session data from normal mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2021-29962 MEDIUM This Month

Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-29961 MEDIUM This Month

When styling and rendering an oversized `<select>` element, Firefox did not apply correct clipping which allowed an attacker to paint over the user interface. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29960 MEDIUM This Month

Firefox used to cache the last filename used for printing a file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29959 MEDIUM This Month

When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-29958 MEDIUM This Month

When a download was initiated, the client did not check whether it was in normal or private browsing mode, which led to private mode cookies being shared in normal browsing mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple Authentication Bypass Firefox
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-24001 MEDIUM This Month

A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-23992 MEDIUM This Month

Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Jwt Attack Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy