Skip to main content
CVE-2021-38587 HIGH This Week

In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC-586). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Race Condition Cpanel
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-38569 HIGH This Week

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Foxit Reader Phantompdf
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-38567 HIGH This Week

An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Reader before 11.0.1 on macOS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Apple Denial Of Service Pdf Reader Pdf Editor
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-38566 HIGH This Week

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-38565 HIGH This Week

An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Editor before 11.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-20427 HIGH This Week

IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-38526 HIGH This Week

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Rax35 Firmware Rax38 Firmware Rax40 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-38515 HIGH This Week

Certain NETGEAR devices are affected by denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Denial Of Service R6400 Firmware R6700 Firmware R7900 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-1108 HIGH This Week

NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity,. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Linux Integer Overflow Nvidia Denial Of Service Jetson Linux +1
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-38585 HIGH This Week

The WHM Locale Upload feature in cPanel before 98.0.1 allows unserialization attacks (SEC-585). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Cpanel
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-38584 HIGH This Week

The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attacks (SEC-585). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Cpanel
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-37627 HIGH PATCH This Week

Contao is an open source CMS that allows creation of websites and scalable web applications. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Contao
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-37626 HIGH PATCH This Week

Contao is an open source CMS that allows you to create websites and scalable web applications. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Code Injection Contao
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-38532 HIGH This Week

NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect configuration of security settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Information Disclosure Wac104 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-38531 HIGH This Week

Certain NETGEAR devices are affected by incorrect configuration of security settings. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Information Disclosure D6200 Firmware D7000 Firmware R6020 Firmware +9
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2021-38525 HIGH This Week

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption D3600 Firmware D6000 Firmware +24
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2021-38523 HIGH This Week

NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption R6400 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2021-38522 HIGH This Week

NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authenticated user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption R6400 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2021-38521 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection R6400 Firmware R7900P Firmware R8000P Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-38520 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection R6400 Firmware R6700 Firmware R6900 Firmware +1
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-38519 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection R6250 Firmware R6300 Firmware R6400 Firmware +11
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-38518 HIGH This Week

Certain NETGEAR devices are affected by command injection by an authenticated user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Rax200 Firmware Rax75 Firmware Rax80 Firmware +3
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2021-38517 HIGH This Week

Certain NETGEAR devices are affected by out-of-bounds reads and writes. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Information Disclosure R6400 Firmware Rax75 Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2021-1110 HIGH This Week

NVIDIA Linux kernel distributions on Jetson Xavier contain a vulnerability in camera firmware where a user can change input data after validation, which may lead to complete denial of service and. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Linux Nvidia Denial Of Service Jetson Linux
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-0002 HIGH This Week

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Information Disclosure Ethernet Controller E810 Firmware Fedora
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-1111 MEDIUM This Month

Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-37697 MEDIUM PATCH This Month

tmerc-cogs are a collection of open source plugins for the Red Discord bot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Tmerc Cogs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-37696 MEDIUM PATCH This Month

tmerc-cogs are a collection of open source plugins for the Red Discord bot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Tmerc Cogs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-3046 MEDIUM This Month

An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto Authentication Bypass Pan Os
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-0009 MEDIUM This Month

Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Intel Denial Of Service Information Disclosure Ethernet Controller E810 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-1109 MEDIUM This Month

NVIDIA camera firmware contains a multistep, timing-related vulnerability where an unauthorized modification by camera resources may result in loss of data integrity or denial of service across. Rated medium severity (CVSS 6.3). No vendor patch available.

Denial Of Service Nvidia Jetson Linux
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2021-22098 MEDIUM This Month

UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Cf Deployment User Account And Authentication
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-38538 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear XSS D7800 Firmware R7800 Firmware R8900 Firmware +12
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-3048 MEDIUM This Month

Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Paloalto Information Disclosure Pan Os
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-38590 MEDIUM This Month

In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1112 MEDIUM This Month

NVIDIA Linux kernel distributions contain a vulnerability in nvmap, where a null pointer dereference may lead to complete denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Linux Denial Of Service Nvidia Jetson Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0012 MEDIUM PATCH This Month

Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Use After Free Denial Of Service Intel Memory Corruption Graphics Driver +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0003 MEDIUM This Month

Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Ethernet Controller E810 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-38533 MEDIUM This Month

NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS Rax40 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-3045 MEDIUM This Month

An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto Pan Os
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-38524 MEDIUM This Month

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Memory Corruption Mk62 Firmware Mr60 Firmware +11
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-38537 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware D7000 Firmware R6020 Firmware +15
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-38536 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware D7000 Firmware R6020 Firmware +16
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-38535 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D6200 Firmware D7000 Firmware R6020 Firmware +16
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-38534 MEDIUM This Month

Certain NETGEAR devices are affected by stored XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear XSS D3600 Firmware D6000 Firmware D6100 Firmware +40
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-1113 MEDIUM This Month

NVIDIA camera firmware contains a difficult to exploit vulnerability where a highly privileged attacker can cause unauthorized modification to camera resources, which may result in complete denial of. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Nvidia Authentication Bypass Jetson Linux
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2021-38586 MEDIUM This Month

In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operations on files (SEC-589). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cpanel
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-1114 MEDIUM This Month

NVIDIA Linux kernel distributions contain a vulnerability in the kernel crypto node, where use after free may lead to complete denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Memory Corruption Use After Free Nvidia +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0083 MEDIUM This Month

Improper input validation in some Intel(R) Optane(TM) PMem versions before versions 1.2.0.5446 or 2.2.0.1547 may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Optane Persistent Memory Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0008 MEDIUM This Month

Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Ethernet Controller E810 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy