Skip to main content
CVE-2021-21994 CRITICAL Act Now

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Cloud Foundation ESXi
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-34552 CRITICAL PATCH Act Now

Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Python Pillow Debian Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2021-36124 CRITICAL Act Now

An issue was discovered in Echo ShareCare 8.15.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Sharecare
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-33578 CRITICAL Act Now

Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities when processing remote input from both authenticated and unauthenticated users, leading to the ability to bypass authentication,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sharecare
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2021-1965 CRITICAL POC PATCH Act Now

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Qualcomm Aqt1000 Firmware Ar9380 Firmware Csr8811 Firmware +123
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2021-31217 CRITICAL Act Now

In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure file permissions allow file deletion as SYSTEM. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Dameware Mini Remote Control
NVD
CVSS 3.1
9.1
EPSS
3.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy