Skip to main content
CVE-2021-25321 HIGH POC This Week

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Arpwatch
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-35970 HIGH POC PATCH This Week

Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Coral Talk
NVD GitHub
CVSS 3.1
7.5
EPSS
2.3%
CVE-2021-25951 HIGH POC This Week

XXE vulnerability in 'XML2Dict' version 0.2.2 allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XXE Xml2Dict
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-22376 HIGH This Week

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-22351 HIGH This Week

There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-22369 HIGH This Week

There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability in Huawei Smartphone. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-22352 HIGH This Week

There is a Configuration Defect Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-34384 HIGH This Week

Bootloader contains a vulnerability in NVIDIA MB2 where a potential heap overflow could cause memory corruption, which might lead to denial of service or code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34382 HIGH This Week

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel’s tz_map_shared_mem function where an integer overflow on the size parameter causes the request buffer and the logging buffer to overflow,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Nvidia Jetson Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34381 HIGH This Week

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Integer Overflow Nvidia Information Disclosure Jetson Linux
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34380 HIGH This Week

Bootloader contains a vulnerability in NVIDIA MB2 where potential heap overflow might cause corruption of the heap metadata, which might lead to arbitrary code execution, denial of service, and. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Information Disclosure Denial Of Service +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28993 HIGH This Week

Plixer Scrutinizer 19.0.2 is affected by: SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Scrutinizer
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22350 HIGH This Week

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Huawei Memory Corruption Emui +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22349 HIGH This Week

There is an Input Verification Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-32736 HIGH PATCH This Week

think-helper defines a set of helper functions for ThinkJS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Think Helper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22368 HIGH This Week

There is a Permission Control Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-22353 HIGH This Week

There is a Memory Buffer Improper Operation Limit Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Huawei Memory Corruption Information Disclosure Emui +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-21671 HIGH PATCH This Week

Jenkins 2.299 and earlier, LTS 2.289.1 and earlier does not invalidate the previous session on login. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-22374 HIGH This Week

There is an Improper Validation of Array Index Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22371 HIGH This Week

There is an Improper Permission Management Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Privilege Escalation Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22372 HIGH This Week

There is a Security Features Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-22370 HIGH This Week

There is a Credentials Management Errors Vulnerability in Huawei Smartphone. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Emui Magic Ui
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-32567 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-32566 HIGH This Week

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Debian Linux
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2021-22326 HIGH This Week

A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-28692 HIGH This Week

inappropriate x86 IOMMU timeout detection / handling IOMMUs process commands issued to them in parallel with the operation of the CPU(s) issuing such commands. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Amd Xen
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy