Skip to main content
CVE-2021-34375 MEDIUM This Month

Trusty contains a vulnerability in all trusted applications (TAs) where the stack cookie was not randomized, which might result in stack-based buffer overflow, leading to denial of service,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Information Disclosure Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-34374 MEDIUM This Month

Trusty contains a vulnerability in command handlers where the length of input buffers is not verified. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-21675 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins requests-plugin Plugin 2.2.12 and earlier allows attackers to create requests and/or have administrators apply pending requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Requests
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-20461 MEDIUM This Month

IBM Cognos Analytics 10.0 and 11.1 is susceptible to a weakness in the implementation of the System Appearance configuration setting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cognos Analytics Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21673 MEDIUM PATCH This Month

Jenkins CAS Plugin 1.6.0 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cas
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-27902 MEDIUM PATCH This Month

An issue was discovered in Craft CMS before 3.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-34373 MEDIUM This Month

Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVIDIA TLK kernel where a lack of heap hardening could cause heap overflows, which might lead to information disclosure and denial of. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Linux Memory Corruption Information Disclosure +2
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2021-3630 MEDIUM PATCH This Month

An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::DjVuTXT::decode() in DjVuText.cpp via a crafted djvu file which may lead to crash and segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Memory Corruption Djvulibre Debian Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2021-28693 MEDIUM This Month

xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-35959 MEDIUM PATCH This Month

In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plone
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22346 MEDIUM This Month

There is an Improper Permission Management Vulnerability in Huawei Smartphone. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-21676 MEDIUM PATCH This Month

Jenkins requests-plugin Plugin 2.2.7 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to send test emails to an attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Requests
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2021-21674 MEDIUM PATCH This Month

A missing permission check in Jenkins requests-plugin Plugin 2.2.6 and earlier allows attackers with Overall/Read permission to view the list of pending requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Requests
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-21672 MEDIUM PATCH This Month

Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Selenium Html Report
NVD
CVSS 3.1
4.3
EPSS
42.5%
CVE-2021-21670 MEDIUM PATCH This Month

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier allows users to cancel queue items and abort builds of jobs for which they have Item/Cancel permission even when they do not have Item/Read. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
2.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy