Skip to main content
CVE-2021-23405 HIGH POC PATCH This Week

This affects the package pimcore/pimcore before 10.0.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2021-30201 HIGH POC PATCH THREAT This Week

The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE Vsa
NVD
CVSS 3.1
7.5
EPSS
25.4%
CVE-2021-33012 HIGH This Week

Rockwell Automation MicroLogix 1100, all versions, allows a remote, unauthenticated attacker sending specially crafted commands to cause the PLC to fault when the controller is switched to RUN mode,. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rockwell Micrologix 1100 Firmware
NVD VulDB
CVSS 3.1
8.6
EPSS
2.7%
CVE-2021-27033 HIGH This Week

A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Design Review
NVD VulDB
CVSS 3.1
8.1
EPSS
4.2%
CVE-2021-22129 HIGH This Week

Multiple instances of incorrect calculation of buffer size in the Webmail and Administrative interface of FortiMail before 6.4.5 may allow an authenticated attacker with regular webmail access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Fortimail
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-29730 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

IBM SQLi Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-30117 HIGH This Week

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mozilla SQLi Intel Vsa
NVD
CVSS 3.1
8.8
EPSS
72.1%
CVE-2021-3570 HIGH PATCH This Week

A flaw was found in the ptp4l program of the linuxptp package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow RCE Linuxptp Enterprise Linux Enterprise Linux Aus +4
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2021-20024 HIGH This Week

Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Sonicwall Information Disclosure Switch
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2021-36367 HIGH This Week

PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Putty
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-26106 HIGH This Week

An improper neutralization of special elements used in an OS Command vulnerability in FortiAP's console 6.4.1 through 6.4.5 and 6.2.4 through 6.2.5 may allow an authenticated attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortiap Fortiap S Fortiap W2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-33792 HIGH This Week

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write via a crafted /Size key in the Trailer dictionary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Foxit Reader Phantompdf
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2021-27039 HIGH This Week

A maliciously crafted TIFF and PCX file can be forced to read and write beyond allocated boundaries when parsing the TIFF and PCX file for based overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Autocad Design Review
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-27038 HIGH PATCH This Week

A Type Confusion vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can occur when processing a maliciously crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Memory Corruption Design Review
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2021-27037 HIGH This Week

A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Design Review
NVD
CVSS 3.1
7.8
EPSS
1.6%
CVE-2021-27036 HIGH PATCH This Week

A maliciously crafted PCX, PICT, RCL, TIF, BMP, PSD or TIFF file can be used to write beyond the allocated buffer while parsing PCX, PDF, PICT, RCL, BMP, PSD or TIFF files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Design Review
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-27035 HIGH PATCH This Week

A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Design Review
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-27034 HIGH This Week

A heap-based buffer overflow could occur while parsing PICT, PCX, RCL or TIFF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Design Review
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2021-3612 HIGH PATCH This Week

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel Enterprise Linux Fedora +14
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-26100 HIGH This Week

A missing cryptographic step in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an unauthenticated attacker who intercepts the encrypted messages to manipulate them in such. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Fortimail
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-30120 HIGH PATCH This Week

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Vsa
NVD
CVSS 3.1
7.5
EPSS
5.7%
CVE-2021-36155 HIGH This Week

LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Grpc Swift
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-36154 HIGH This Week

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Grpc Swift
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-36153 HIGH This Week

Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Grpc Swift
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-3637 HIGH PATCH This Week

A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Keycloak Single Sign On
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-3571 HIGH PATCH This Week

A flaw was found in the ptp4l program of the linuxptp package. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linuxptp Enterprise Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy