Skip to main content
CVE-2021-3573 MEDIUM POC PATCH This Month

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call. Rated medium severity (CVSS 6.4). Public exploit code available.

Linux Denial Of Service Race Condition Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2021-38619 MEDIUM POC This Month

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openbaraza Human Capital Management
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-38583 MEDIUM POC This Month

openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openbaraza Human Capital Management
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-36787 MEDIUM POC PATCH This Month

The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Femanager
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-37028 MEDIUM This Month

There is a command injection vulnerability in the HG8045Q product. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Hg8045Q Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-37690 MEDIUM PATCH This Month

TensorFlow is an end-to-end open source platform for machine learning. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Tensorflow
NVD GitHub
CVSS 3.1
6.6
EPSS
0.2%
CVE-2021-32072 MEDIUM This Month

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information (disclosing sensitive application data) due to insufficient output. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Micollab
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-32067 MEDIUM This Month

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to view sensitive system information through an HTTP response due to insufficient output sanitization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micollab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-29880 MEDIUM PATCH This Month

IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-27402 MEDIUM This Month

The SAS Admin portal of Mitel MiCollab before 9.2 FP2 could allow an unauthenticated attacker to access (view and modify) user data by injecting arbitrary directory paths due to improper URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Micollab
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-36790 MEDIUM This Month

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dated News
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-27401 MEDIUM This Month

The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Micollab
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-37352 MEDIUM This Month

An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Nagios Xi
NVD
CVSS 3.1
6.1
EPSS
6.1%
CVE-2021-31399 MEDIUM This Month

On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Access Unit 2 0 Firmware
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-36788 MEDIUM PATCH This Month

The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36785 MEDIUM PATCH This Month

The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Saml
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32070 MEDIUM This Month

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Micollab
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-37695 MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Debian Linux Fedora Application Express +8
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-36791 MEDIUM This Month

The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dated News
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-38554 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-37351 MEDIUM This Month

Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Nagios Xi
NVD
CVSS 3.1
5.3
EPSS
2.8%
CVE-2021-37586 MEDIUM This Month

The PowerPlay Web component of Mitel Interaction Recording Multitenancy systems before 6.7 could allow a user (with Administrator rights) to replay a previously recorded conversation of another. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Interaction Recording
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-32069 MEDIUM This Month

The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Micollab
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-38553 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-3635 MEDIUM This Month

A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-37703 MEDIUM PATCH This Month

Discourse is an open-source platform for community discussion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy