Skip to main content
CVE-2021-1888 HIGH This Week

Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8037 Firmware Apq8053 Firmware +152
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1886 HIGH This Week

Incorrect handling of pointers in trusted application key import mechanism could cause memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8017 Firmware Apq8037 Firmware +156
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21995 HIGH This Week

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Cloud Foundation ESXi
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20422 HIGH This Week

IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-20360 HIGH This Week

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-36090 HIGH PATCH This Week

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Banking Apis Banking Digital Experience Banking Enterprise Default Management +30
NVD
CVSS 3.1
7.5
EPSS
12.9%
CVE-2021-35517 HIGH PATCH This Week

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Apis +23
NVD
CVSS 3.1
7.5
EPSS
10.6%
CVE-2021-35516 HIGH PATCH This Week

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Digital Experience +20
NVD
CVSS 3.1
7.5
EPSS
12.4%
CVE-2021-35515 HIGH PATCH This Week

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Commons Compress Active Iq Unified Manager Oncommand Insight Banking Digital Experience +22
NVD
CVSS 3.1
7.5
EPSS
11.6%
CVE-2021-1970 HIGH PATCH This Week

Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Apq8053 Firmware Aqt1000 Firmware Ar8031 Firmware +115
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1964 HIGH PATCH This Week

Possible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Aqt1000 Firmware +186
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1955 HIGH PATCH This Week

Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Denial Of Service SAP Apq8009 Firmware Apq8009W Firmware +176
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1954 HIGH PATCH This Week

Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Aqt1000 Firmware +148
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1953 HIGH This Week

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +202
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1945 HIGH PATCH This Week

Possible out of bound read due to lack of length check of Bandwidth-NSS IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Apq8064au Firmware +204
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1943 HIGH PATCH This Week

Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Aqt1000 Firmware +175
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1938 HIGH This Week

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +204
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1907 HIGH PATCH This Week

Possible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Apq8053 Firmware Csrb31024 Firmware Msm8953 Firmware +81
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1887 HIGH This Week

An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure and Networking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Ar7420 Firmware Ar9380 Firmware Csr8811 Firmware +36
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-31892 HIGH This Week

A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions),. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sinumerik Analyse Mycondition Firmware Sinumerik Analyze Myperformance Firmware Sinumerik Integrate Client Firmware Sinumerik Integrate For Production Firmware +6
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-31225 HIGH This Week

SES Evolution before 2.1.0 allows deleting some resources not currently in use by any security policy by leveraging access to a computer having the administration console installed. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-20593 HIGH This Week

Incorrect Implementation of Authentication Algorithm in Mitsubishi Electric Air Conditioning System/Centralized Controllers (G-50A Ver.2.50 to Ver. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass G 50A Firmware Gb 50A Firmware Ag 150A A Firmware Ag 150A J Firmware +15
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-35957 MEDIUM This Month

Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not accomplish the intended defense against local administrators who can replace the Visual C++ runtime DLLs (in %WINDIR%\system32). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-1931 MEDIUM PATCH This Month

Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +118
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-36123 MEDIUM This Month

An issue was discovered in Echo ShareCare 8.15.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sharecare
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-36214 MEDIUM This Month

LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Line
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2021-33710 MEDIUM This Month

A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcenter Active Workspace
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20369 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM Information Disclosure Cloud Pak For Applications
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2021-31223 MEDIUM This Month

SES Evolution before 2.1.0 allows reading some parts of a security policy by leveraging access to a computer having the administration console installed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-31222 MEDIUM This Month

SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-31221 MEDIUM This Month

SES Evolution before 2.1.0 allows deleting some parts of a security policy by leveraging access to a computer having the administration console installed. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-22399 MEDIUM This Month

The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Huawei Denial Of Service P30 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-34333 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-34332 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-34325 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-34322 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-34321 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-34320 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-34308 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-34307 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-34304 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-34303 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-34302 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-34299 MEDIUM This Month

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-33715 MEDIUM This Month

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Jt Utilities
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-33714 MEDIUM This Month

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Jt Utilities
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-33713 MEDIUM This Month

A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Jt Utilities
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-20368 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20366 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-20365 MEDIUM This Month

IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Cloud Pak For Applications
NVD
CVSS 3.1
5.4
EPSS
0.5%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy