Skip to main content
CVE-2021-32578 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 2 of 2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32577 HIGH This Week

Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-32576 HIGH This Week

Acronis True Image prior to 2021 Update 4 for Windows allowed local privilege escalation due to improper soft link handling (issue 1 of 2). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation True Image
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-21863 HIGH PATCH This Week

A unsafe deserialization vulnerability exists in the ComponentModel Profile.FromFile() functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Development System
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2021-22924 LOW POC PATCH Monitor

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Libcurl Fedora Debian Linux Cloud Backup +29
NVD
CVSS 3.1
3.7
EPSS
6.3%
CVE-2021-3580 HIGH PATCH This Week

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Nettle Enterprise Linux Debian Linux Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2021-37156 HIGH This Week

Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Redmine
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22919 HIGH This Week

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Application Delivery Controller Firmware Gateway Netscaler Gateway +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-20592 HIGH This Week

Missing synchronization vulnerability in GOT2000 series GT27 model communication driver versions 01.19.000 through 01.39.010, GT25 model communication driver versions 01.19.000 through 01.39.010 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt Softgot2000 Got2000 Gt27 Firmware Got2000 Gt25 Firmware Got2000 Gt23 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-1630 HIGH This Week

XML external entity (XXE) vulnerability affecting certain versions of a Mule runtime component that may affect CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Mule
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-37625 HIGH PATCH This Week

Skytable is an open source NoSQL database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Skytable
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-37605 HIGH This Week

In version 6.5 Microchip MiWi software and all previous versions including legacy products, the stack is validating only two out of four Message Integrity Check (MIC) bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Miwi
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-37604 HIGH This Week

In version 6.5 of Microchip MiWi software and all previous versions including legacy products, there is a possibility of frame counters being validated/updated prior to the message authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Miwi
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-34638 MEDIUM This Month

Authenticated Directory Traversal in WordPress Download Manager <= 3.1.24 allows authenticated (Contributor+) users to obtain sensitive configuration file information, as well as allowing Author+. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Path Traversal Download Manager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-22920 MEDIUM This Month

A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Application Delivery Management Gateway
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-32603 MEDIUM This Month

A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiManager and FortiAnalyser GUI 7.0.0, 6.4.5 and below, 6.2.7 and below, 6.0.11 and below, 5.6.11 and below may allow a remote and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-37859 MEDIUM This Month

Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost XSS
NVD
CVSS 3.1
6.1
EPSS
3.3%
CVE-2021-21738 MEDIUM This Month

ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Zxiptv Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-29969 MEDIUM This Month

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Path Traversal Information Disclosure Thunderbird
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-3566 MEDIUM PATCH This Month

Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_probe' function assigned to it. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ffmpeg Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32003 MEDIUM This Month

Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sitemanager Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-3679 MEDIUM PATCH This Month

A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Linux Denial Of Service Linux Kernel Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-33597 MEDIUM This Month

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the SAVAPI component used in certain F-Secure products can crash while scanning fuzzed files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Linux Security Business Suite Elements Endpoint Protection
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-25444 MEDIUM This Month

An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-22241 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-3642 MEDIUM PATCH This Month

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Wildfly Elytron Build Of Quarkus Codeready Studio Data Grid +9
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25448 MEDIUM This Month

Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Touch Call
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25447 MEDIUM This Month

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartthings Firmware
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25446 MEDIUM This Month

Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartthings Firmware
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25445 MEDIUM This Month

Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25443 MEDIUM This Month

A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-21739 MEDIUM This Month

A ZTE's product of the transport network access layer has a security vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Authentication Bypass Zxctn 6120H Firmware
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-29974 MEDIUM This Month

When network partitioning was enabled, e.g. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-22240 MEDIUM This Month

Improper access control in GitLab EE versions 13.11.6, 13.12.6, and 14.0.2 allows users to be created via single sign on despite user cap being enabled. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-32598 MEDIUM This Month

An improper neutralization of CRLF sequences in HTTP headers ('HTTP Response Splitting') vulnerability In FortiManager and FortiAnalyzer GUI 7.0.0, 6.4.6 and below, 6.2.8 and below, 6.0.11 and below,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Request Smuggling Information Disclosure Fortianalyzer Fortimanager
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-33596 MEDIUM This Month

Showing the legitimate URL in the address bar while loading the content from other domain. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Safe
NVD
CVSS 3.1
4.1
EPSS
0.8%
CVE-2021-3655 LOW PATCH Monitor

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Linux Information Disclosure Linux Kernel Enterprise Linux Debian Linux
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2021-32002 LOW Monitor

Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sitemanager Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy