Skip to main content
CVE-2021-22001 HIGH This Week

In UAA versions prior to 75.3.0, sensitive information like relaying secret of the provider was revealed in response when deletion request of an identity provider( IdP) of type “oauth 1.0” was sent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment User Account And Authentication
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-30110 HIGH This Week

dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Domain Time Ii
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-20596 HIGH PATCH This Week

NULL Pointer Dereference in MELSEC-F Series FX3U-ENET firmware version 1.14 and prior, FX3U-ENET-L firmware version 1.14 and prior and FX3U-ENET-P502 firmware version 1.14 and prior allows a remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Fx3U Enet L Firmware Fx3U Enet P502 Firmware Fx3U Enet Firmware
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-28131 HIGH This Week

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Apache Privilege Escalation Impala
NVD
CVSS 3.1
7.5
EPSS
3.3%
CVE-2021-1618 HIGH PATCH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Cisco Path Traversal Command Injection Intersight Virtual Appliance
NVD
CVSS 3.1
7.2
EPSS
2.7%
CVE-2021-29143 HIGH This Week

A remote execution of arbitrary commands vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Aos Cx Firmware
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-22522 HIGH This Week

Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Verastream Host Integrator
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2021-1092 HIGH PATCH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in the NVIDIA Control Panel application where it is susceptible to a Windows file system symbolic link attack where an unprivileged. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Microsoft Nvidia Gpu Display Driver
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-1091 HIGH PATCH This Week

NVIDIA GPU Display driver for Windows contains a vulnerability where an unprivileged user can create a file hard link that causes the driver to overwrite a file that requires elevated privilege to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Microsoft Nvidia Gpu Display Driver
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-1090 HIGH PATCH This Week

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Linux Microsoft Nvidia +1
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-33478 MEDIUM This Month

The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco RCE Broadcom Ip Phone 8800 Firmware +14
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-1617 MEDIUM PATCH This Month

Multiple vulnerabilities in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to conduct a path traversal or command injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Cisco Path Traversal Command Injection Intersight Virtual Appliance
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-34431 MEDIUM This Month

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mosquitto
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-29149 MEDIUM PATCH This Month

A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Authentication Bypass Aruba Aos Cx Firmware
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2021-35520 MEDIUM PATCH This Month

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Information Disclosure Morphowave Compact Mdpi Firmware +3
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-37403 MEDIUM This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-37402 MEDIUM This Month

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29148 MEDIUM PATCH This Month

A local cross-site scripting (XSS) vulnerability was discovered in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Aruba Aos Cx Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-1094 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Microsoft Information Disclosure +3
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-35521 MEDIUM PATCH This Month

A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Path Traversal Information Disclosure Morphowave Compact Mdpi Firmware Morphowave Compact Mdpi M Firmware Visionpass Mdpi Firmware +3
NVD
CVSS 3.1
5.9
EPSS
1.4%
CVE-2021-34700 MEDIUM This Month

A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1096 MEDIUM PATCH This Month

NVIDIA Windows GPU Display Driver for Windows contains a vulnerability in the NVIDIA kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where dereferencing a NULL pointer may lead to a system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Microsoft Denial Of Service Nvidia Gpu Display Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1095 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Linux Microsoft Null Pointer Dereference Denial Of Service Nvidia +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-1093 MEDIUM PATCH This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Nvidia Gpu Display Driver Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-26699 MEDIUM This Month

OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
2.0%
CVE-2021-1599 MEDIUM PATCH This Month

A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Cisco RCE XSS Unified Customer Voice Portal
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-1614 MEDIUM PATCH This Month

A vulnerability in the Multiprotocol Label Switching (MPLS) packet handling function of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to gain access to information stored in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Cisco Authentication Bypass Sd Wan
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-3619 MEDIUM PATCH This Month

Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Velociraptor
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy