Skip to main content
CVE-2021-34833 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
89.5%
CVE-2021-34832 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.0.0.49893. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
4.0%
CVE-2021-34831 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.4.37651. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2021-22124 HIGH This Week

An uncontrolled resource consumption (denial of service) vulnerability in the login modules of FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6; and FortiAuthenticator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fortiauthenticator Fortisandbox
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-32596 HIGH This Week

A use of one-way hash with a predictable salt vulnerability in the password storing mechanism of FortiPortal 6.0.0 through 6.04 may allow an attacker already in possession of the password store to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortiportal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-36765 HIGH This Week

In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests may cause a null pointer dereference in the downloaded vulnerable EtherNet/IP stack that is executed by the CODESYS Control runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Ethernetip
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-36764 HIGH This Week

In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Gateway
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-33338 HIGH PATCH This Week

The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, exposes the CSRF token in URLs, which allows man-in-the-middle attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-29765 HIGH This Week

IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Powervm
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-26098 HIGH This Week

An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortisandbox
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-1593 HIGH This Week

A vulnerability in Cisco Packet Tracer for Windows could allow an authenticated, local attacker to perform a DLL injection attack on an affected device. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Packet Tracer
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2021-34707 MEDIUM PATCH This Month

A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Cisco Information Disclosure Evolved Programmable Network Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-36168 MEDIUM This Month

A Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Fortinet FortiPortal 6.x before 6.0.5, FortiPortal 5.3.x before 5.3.6 and any FortiPortal before 6.2.5 allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortiportal
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-24010 MEDIUM This Month

Improper limitation of a pathname to a restricted directory vulnerabilities in FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated user to obtain unauthorized access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Authentication Bypass Fortisandbox
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-24014 MEDIUM This Month

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortisandbox
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-35463 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33337 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3678 MEDIUM PATCH This Month

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Showdoc
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2021-38114 MEDIUM PATCH This Month

libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of the init_vlc function, a similar issue to CVE-2013-0868. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Ffmpeg Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-3539 MEDIUM This Month

EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Espocrm
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-33336 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-33339 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-1522 MEDIUM This Month

A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, remote attacker to alter their own password to a value that does not comply with. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Connected Mobile Experiences
NVD
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy