Skip to main content
CVE-2021-39173 HIGH POC PATCH This Week

Cachet is an open source status page system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Catchet
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-39172 HIGH POC PATCH THREAT This Week

Cachet is an open source status page system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Catchet
NVD GitHub
CVSS 3.1
8.8
EPSS
29.2%
CVE-2021-28233 HIGH POC This Week

Heap-based Buffer Overflow vulnerability exists in ok-file-formats 1 via the ok_jpg_generate_huffman_table function in ok_jpg.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ok File Formats
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36531 HIGH POC This Week

ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLIB_NO_FILE mode, GetByte() reads memory buffer without checking the boundary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ngiflib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36530 HIGH POC This Week

ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NGIFLIB_NO_FILE mode, GetByteStr() copy memory buffer without checking the boundary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Ngiflib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-23434 HIGH POC PATCH This Week

This affects the package object-path before 0.11.6. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Object Path Debian Linux
NVD GitHub
CVSS 3.1
8.6
EPSS
1.9%
CVE-2021-40153 HIGH POC PATCH This Week

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Squashfs Tools Fedora Debian Linux Enterprise Linux
NVD GitHub
CVSS 3.1
8.1
EPSS
2.5%
CVE-2021-3264 HIGH POC This Week

SQL Injection vulnerability in cxuucms 3.1 ivia the pid parameter in public/admin.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cxuucms
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2021-39168 CRITICAL PATCH Act Now

OpenZepplin is a library for smart contract development. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Contracts
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-39167 CRITICAL PATCH Act Now

OpenZepplin is a library for smart contract development. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Contracts
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-28697 HIGH This Week

grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Race Condition Xen Fedora Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-39171 HIGH PATCH This Week

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Node.js Denial Of Service Passport Saml
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-35342 HIGH This Week

The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x before 2.7.1) and 1.13.0 (in Northern.tech Mender Enterprise 2.6.x before 2.6.1) allows users to access the system with their JWT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Useradm
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-40142 HIGH PATCH This Week

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Local Discover Server Simatic Process Historian Opc Ua Server Firmware Simatic Net Pc +4
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-32759 HIGH PATCH This Week

OpenMage magento-lts is an alternative to the Magento CE official releases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Adobe Magento
NVD GitHub
CVSS 3.1
7.2
EPSS
1.3%
CVE-2021-32758 HIGH PATCH This Week

OpenMage Magento LTS is an alternative to the Magento CE official releases. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Adobe Openmage
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-28696 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Amd Authentication Bypass Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-28695 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-28694 MEDIUM This Month

IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Information Disclosure Amd Xen Fedora +1
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-28699 MEDIUM This Month

inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-28698 MEDIUM This Month

long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-29744 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-39169 MEDIUM PATCH This Month

Misskey is a decentralized microblogging platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misskey
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-28700 MEDIUM This Month

xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Xen Fedora Debian Linux
NVD
CVSS 3.1
4.9
EPSS
1.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy