Skip to main content
CVE-2021-30129 MEDIUM PATCH This Month

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.0.0 and later versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Apache Sshd Banking Payments Banking Trade Finance +6
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2021-22917 MEDIUM This Month

Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Browser
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-22515 MEDIUM This Month

Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netiq Advanced Authentication
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-32733 MEDIUM PATCH This Month

Nextcloud Text is a collaborative document editing application that uses Markdown. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Nextcloud XSS Nextcloud Server
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-35037 MEDIUM This Month

Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Jamf
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-22916 MEDIUM This Month

In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2021-29822 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29805 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29804 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29803 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Gui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32754 MEDIUM This Month

FlowDroid is a data flow analysis tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

XXE Flowdroid
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-32741 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-32734 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-32725 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-32703 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-33037 MEDIUM PATCH This Month

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Tomcat Request Smuggling Apache Information Disclosure Tomee +20
NVD
CVSS 3.1
5.3
EPSS
75.4%
CVE-2021-32678 MEDIUM PATCH This Month

Nextcloud Server is a Nextcloud package that handles data storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Authentication Bypass Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-20414 MEDIUM This Month

IBM Guardium Data Encryption (GDE) 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Guardium Data Encryption
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-26099 MEDIUM This Month

Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortimail
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-21588 MEDIUM This Month

Dell EMC PowerFlex, v3.5.x contain a Cross-Site WebSocket Hijacking Vulnerability in the Presentation Server/WebUI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Powerflex Presentation Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2021-36382 LOW Monitor

Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
3.7
EPSS
0.5%
CVE-2021-32680 LOW PATCH Monitor

Nextcloud Server is a Nextcloud package that handles data storage. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Nextcloud Information Disclosure Nextcloud Server Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy