Skip to main content
CVE-2021-22145 MEDIUM POC PATCH THREAT This Month

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Elastic Information Disclosure Elasticsearch Communications Cloud Native Core Automated Test Suite
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
76.2%
CVE-2021-23411 MEDIUM POC This Month

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Anchorme
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-22784 MEDIUM POC THREAT This Month

A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass C Bus Toolkit
NVD
CVSS 3.1
5.7
EPSS
12.1%
CVE-2021-37220 MEDIUM POC This Month

MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Mupdf Fedora
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2021-23408 MEDIUM POC PATCH This Month

This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Graphhopper
NVD GitHub
CVSS 3.1
4.3
EPSS
1.4%
CVE-2021-32775 MEDIUM This Month

Combodo iTop is a web based IT Service Management tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Itop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21407 MEDIUM This Month

Combodo iTop is an open source, web based IT Service Management tool. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Itop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-2421 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Cs Campus Community
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-2404 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway product of Oracle PeopleSoft (component: e-mail notification). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Hcm Candidate Gateway
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-22773 MEDIUM This Month

A CWE-620: Unverified Password Change vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-22770 MEDIUM This Month

A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Easergy T300 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-22728 MEDIUM This Month

A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1),. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20106 MEDIUM This Month

Nessus Agent versions 8.2.5 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nessus
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-2455 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft (component: Person Search). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Hcm Shared Components
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-37159 MEDIUM PATCH This Month

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required.

Linux Information Disclosure Linux Kernel Debian Linux Communications Cloud Native Core Binding Support Function +2
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2021-2366 MEDIUM PATCH This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.1
6.4
EPSS
0.6%
CVE-2021-32745 MEDIUM This Month

Collabora Online is a collaborative online office suite. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Online
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-2408 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft (component: Notification Configuration). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Pt Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-2375 MEDIUM This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-2338 MEDIUM PATCH This Month

Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Email Marketing Stand-Alone). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Siebel Marketing
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-22723 MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-siteScripting) through Cross-Site Request Forgery (CSRF) vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF XSS Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware +3
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-22706 MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-2462 MEDIUM This Month

Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Commerce Service Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-2442 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2021-2417 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
6.0
EPSS
1.7%
CVE-2021-2429 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
5.9
EPSS
41.5%
CVE-2021-2390 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Integer Overflow Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
5.9
EPSS
4.3%
CVE-2021-2389 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Oracle Mysql Server Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
5.9
EPSS
8.2%
CVE-2021-2368 MEDIUM This Month

Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core - Server Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Siebel Crm
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2021-2356 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Denial Of Service Oracle MySQL Oncommand Insight Fedora
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2021-2323 MEDIUM This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Flex-Branch). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Flexcube Universal Banking
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2021-2445 MEDIUM This Month

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass Hyperion Infrastructure Technology
NVD
CVSS 3.1
5.7
EPSS
0.8%
CVE-2021-25701 MEDIUM This Month

The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Pcoip Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1102 MEDIUM PATCH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can lead to floating point exceptions, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Nvidia Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1101 MEDIUM PATCH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Nvidia Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1100 MEDIUM PATCH This Month

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in which a pointer to a user-space buffer is not validated before it is dereferenced, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Nvidia Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-2373 MEDIUM This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-2346 MEDIUM PATCH This Month

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Commerce Experience Manager Commerce Guided Search
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-2345 MEDIUM PATCH This Month

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Commerce Experience Manager Commerce Guided Search
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-22722 MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Stored Cross-site Scripting') vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1),. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-2460 MEDIUM This Month

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-2407 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-2403 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-2401 MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XXE Bi Publisher
NVD
CVSS 3.1
5.3
EPSS
84.8%
CVE-2021-22721 MEDIUM This Month

A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1),. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Evlink City Evc1S22P4 Firmware Evlink City Evc1S7P4 Firmware Evlink Parking Evw2 Firmware Evlink Parking Evf2 Firmware +2
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-2457 MEDIUM This Month

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Request Management & Workflow). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Identity Manager
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-2347 MEDIUM PATCH This Month

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hyperion Infrastructure Technology
NVD
CVSS 3.1
5.2
EPSS
0.9%
CVE-2021-2385 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Oracle Mysql Server Fedora Oncommand Insight +2
NVD
CVSS 3.1
5.0
EPSS
1.9%
CVE-2021-2444 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.8%
CVE-2021-2441 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Mysql Server Oncommand Insight
NVD
CVSS 3.1
4.9
EPSS
1.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy