Skip to main content
CVE-2021-34468 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required.

Microsoft RCE Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-22780 HIGH This Week

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-22778 HIGH This Week

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-33774 HIGH PATCH This Week

Windows Event Tracing Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2021-33751 HIGH PATCH This Week

Storage Spaces Controller Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2021-34497 MEDIUM PATCH This Month

Windows MSHTML Platform Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.8
EPSS
1.8%
CVE-2021-34493 MEDIUM PATCH This Month

Windows Partition Management Driver Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2021-0585 MEDIUM This Month

In beginWrite and beginRead of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-0144 MEDIUM This Month

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Core I7 6700K Xeon E3 1240 V5 Intel Core I5 Core I7 +940
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-22867 MEDIUM This Month

A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Command Injection Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-34507 MEDIUM PATCH This Month

Windows Remote Assistance Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2021-34499 MEDIUM PATCH This Month

Windows DNS Server Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2021-33783 MEDIUM PATCH This Month

Windows SMB Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2021-33745 MEDIUM PATCH This Month

Windows DNS Server Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2021-36740 MEDIUM PATCH This Month

Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Varnish Cache Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2021-33681 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-33680 MEDIUM This Month

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-34500 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.3
EPSS
2.3%
CVE-2021-33755 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable.

Microsoft Denial Of Service Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.3
EPSS
2.7%
CVE-2021-33765 MEDIUM PATCH This Month

Windows Installer Spoofing Vulnerability. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
6.2
EPSS
0.6%
CVE-2021-31961 MEDIUM PATCH This Month

Windows InstallService Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-20784 MEDIUM This Month

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Everything
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-33764 MEDIUM PATCH This Month

Windows Key Distribution Center Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +1
NVD
CVSS 3.1
5.9
EPSS
3.0%
CVE-2021-34509 MEDIUM PATCH This Month

Storage Spaces Controller Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-34496 MEDIUM PATCH This Month

Windows GDI Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2021-34491 MEDIUM PATCH This Month

Win32k Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 Windows Server 2012 +2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-33782 MEDIUM PATCH This Month

Windows Authenticode Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.5
EPSS
2.1%
CVE-2021-33763 MEDIUM PATCH This Month

Windows Remote Access Connection Manager Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +3
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-33760 MEDIUM PATCH This Month

Media Foundation Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-22782 MEDIUM This Month

Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22781 MEDIUM This Month

Insufficiently Protected Credentials vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ecostruxure Control Expert Ecostruxure Process Expert Remoteconnect
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0654 MEDIUM This Month

In isRealSnapshot of TaskThumbnailView.java, there is possible data exposure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-0604 MEDIUM PATCH This Month

In generateFileInfo of BluetoothOppSendFileInfo.java, there is a possible way to share private files over Bluetooth due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0601 MEDIUM This Month

In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0599 MEDIUM This Month

In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a sensitive identifier via broadcasted intent due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0597 MEDIUM This Month

In notifyProfileAdded and notifyProfileRemoved of SipService.java, there is a possible way to retrieve SIP account names due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0588 MEDIUM This Month

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0518 MEDIUM This Month

In Wi-Fi, there is a possible leak of location-sensitive data due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-22318 MEDIUM This Month

A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-36374 MEDIUM PATCH This Month

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Apache Ant Agile Engineering Data Management +34
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2021-36373 MEDIUM PATCH This Month

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Ant Agile Plm Banking Trade Finance +29
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2021-33682 MEDIUM This Month

SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Lumira Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-34519 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
4.4%
CVE-2021-34517 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-33757 MEDIUM PATCH This Month

Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
5.3
EPSS
2.9%
CVE-2021-33744 MEDIUM PATCH This Month

Windows Secure Kernel Mode Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3).

Microsoft Authentication Bypass Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-33684 MEDIUM This Month

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption SAP Netweaver Abap Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-24117 MEDIUM PATCH This Month

In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Intel Information Disclosure Apache Teaclave Sgx Sdk
NVD GitHub
CVSS 3.1
4.9
EPSS
2.2%
CVE-2021-24119 MEDIUM This Month

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Mbed Tls Fedora Debian Linux
NVD GitHub
CVSS 3.1
4.9
EPSS
1.4%
CVE-2021-24116 MEDIUM This Month

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy