Skip to main content
CVE-2021-27847 MEDIUM POC This Month

Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libvips
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-32750 MEDIUM POC This Month

MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Muwire
NVD GitHub
CVSS 3.1
5.7
EPSS
0.8%
CVE-2021-27845 MEDIUM POC This Month

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jasper
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-34429 MEDIUM POC PATCH THREAT This Month

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jetty E Series Santricity Os Controller E Series Santricity Web Services Element Plug In For Vcenter Server +14
NVD GitHub Exploit-DB
CVSS 3.1
5.3
EPSS
99.3%
CVE-2021-29699 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote priviled user to upload arbitrary files with a dangerous file type that could be excuted by an user. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Docker IBM File Upload Security Verify Access
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2021-35056 MEDIUM PATCH This Month

Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an unquoted Windows search path for a scheduled task. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft Information Disclosure Stealth
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-0292 MEDIUM This Month

An Uncontrolled Resource Consumption vulnerability in the ARP daemon (arpd) and Network Discovery Protocol (ndp) process of Juniper Networks Junos OS Evolved allows a malicious attacker on the local. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0291 MEDIUM This Month

An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-0290 MEDIUM This Month

Improper Handling of Exceptional Conditions in Ethernet interface frame processing of Juniper Networks Junos OS allows an attacker to send specially crafted frames over the local Ethernet segment,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0288 MEDIUM This Month

A vulnerability in the processing of specific MPLS packets in Juniper Networks Junos OS on MX Series and EX9200 Series devices with Trio-based MPCs (Modular Port Concentrators) may cause FPC to crash. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0287 MEDIUM This Month

In a Segment Routing ISIS (SR-ISIS)/MPLS environment, on Juniper Networks Junos OS and Junos OS Evolved devices, configured with ISIS Flexible Algorithm for Segment Routing and sensor-based. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-20537 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Docker IBM Authentication Bypass Security Verify Access
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-21586 MEDIUM This Month

Wyse Management Suite versions 3.2 and earlier contain an absolute path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
4.0%
CVE-2021-34558 MEDIUM PATCH This Month

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Go Fedora Cloud Insights Telegraf +3
NVD
CVSS 3.1
6.5
EPSS
7.0%
CVE-2021-0295 MEDIUM This Month

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) of Juniper Networks Junos OS on the QFX10K Series switches allows an attacker to trigger a packet forwarding loop, leading to. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-0293 MEDIUM This Month

A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0279 MEDIUM This Month

Juniper Networks Contrail Cloud (CC) releases prior to 13.6.0 have RabbitMQ service enabled by default with hardcoded credentials. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Juniper Authentication Bypass Contrail Cloud
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-34689 MEDIUM This Month

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Remotepc
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-32764 MEDIUM This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29749 MEDIUM PATCH This Month

IBM Secure External Authentication Server 6.0.2 and IBM Secure Proxy 6.0.2 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Secure External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-0294 MEDIUM This Month

A vulnerability in Juniper Networks Junos OS, which only affects the release 18.4R2-S5, where a function is inconsistently implemented on Juniper Networks Junos QFX5000 Series and EX4600 Series, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-0289 MEDIUM This Month

When user-defined ARP Policer is configured and applied on one or more Aggregated Ethernet (AE) interface units, a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability between the Device. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2021-20498 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-34687 MEDIUM This Month

iDrive RemotePC before 7.6.48 on Windows allows information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Remotepc
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2021-20511 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Docker IBM Path Traversal Security Verify Access
NVD
CVSS 3.1
4.9
EPSS
1.9%
CVE-2021-20496 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Docker IBM Authentication Bypass Security Verify Access
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2021-20524 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Docker IBM XSS Security Verify Access
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-3043 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Prisma Cloud
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-20510 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2021-20500 MEDIUM PATCH This Month

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Docker IBM Information Disclosure Security Verify Access
NVD
CVSS 3.1
4.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy