Skip to main content
CVE-2021-25699 HIGH This Week

The OpenSSL component of the Teradici PCoIP Software Client prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Pcoip Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25698 HIGH This Week

The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

OpenSSL Information Disclosure Pcoip Standard Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-25695 HIGH This Week

The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pcoip
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-22777 HIGH This Week

A CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause code execution by opening a malicious project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Sosafe Configurable
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2021-1099 HIGH PATCH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Information Disclosure Denial Of Service Nvidia +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1098 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Nvidia Information Disclosure Virtual Gpu
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-1097 HIGH PATCH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it improperly validates the length field in a request from a guest. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Nvidia Information Disclosure Virtual Gpu
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-2380 HIGH This Week

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle File Upload Authentication Bypass Applications Framework
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2021-2458 HIGH This Week

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Identity Manager
NVD
CVSS 3.1
7.6
EPSS
0.7%
CVE-2021-32761 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Redis RCE Information Disclosure Debian Linux +1
NVD GitHub
CVSS 3.1
7.5
EPSS
31.0%
CVE-2021-32744 HIGH This Week

Collabora Online is a collaborative online office suite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Online
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2433 HIGH This Week

Vulnerability in the Essbase Analytic Provider Services product of Oracle Essbase (component: Web Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Essbase Analytic Provider Services
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-2431 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2430 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-2423 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-2420 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2419 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2400 HIGH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
7.5
EPSS
83.3%
CVE-2021-2388 HIGH PATCH This Week

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Java Openjdk Graalvm +3
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2021-2378 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-2376 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-2371 HIGH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Coherence
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-2350 HIGH PATCH This Week

Vulnerability in the Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion Essbase Administration Services
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-2344 HIGH PATCH This Week

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Coherence
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-22774 HIGH This Week

A CWE-759: Use of a One-Way Hash without a Salt vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-23409 HIGH PATCH This Week

The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Go Proxyproto
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-2453 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2452 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2451 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2450 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2449 HIGH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-2443 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2021-22771 HIGH This Week

A CWE-1236: Improper Neutralization of Formula Elements in a CSV File vulnerability exists in Easergy T300 with firmware V2.7.1 and older that would allow arbitrary command execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Easergy T300 Firmware
NVD
CVSS 3.1
7.3
EPSS
1.1%
CVE-2021-2337 HIGH PATCH This Week

Vulnerability in the Oracle XML DB component of Oracle Database Server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Database
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-22708 HIGH This Week

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jwt Attack Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2021-2329 HIGH This Week

Vulnerability in the Oracle XML DB component of Oracle Database Server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Xml Database
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-2328 HIGH This Week

Vulnerability in the Oracle Text component of Oracle Database Server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Text
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-2454 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.0). No vendor patch available.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2021-32775 MEDIUM This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21407 MEDIUM This Month

Combodo iTop is an open source, web based IT Service Management tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-2421 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Cs Campus Community
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-2404 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway product of Oracle PeopleSoft (component: e-mail notification). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Hcm Candidate Gateway
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-22773 MEDIUM This Month

A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-22770 MEDIUM This Month

A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Easergy T300 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-22728 MEDIUM This Month

A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1),. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20106 MEDIUM This Month

Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nessus
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-2455 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Hcm Shared Components
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-37159 MEDIUM PATCH This Month

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Linux Information Disclosure Linux Kernel Debian Linux Communications Cloud Native Core Binding Support Function +2
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2021-2366 MEDIUM PATCH This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2021-32745 MEDIUM This Month

Collabora Online is a collaborative online office suite. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Online
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy