Skip to main content
CVE-2021-39256 HIGH This Week

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-39255 HIGH This Week

A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39254 HIGH This Week

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39253 HIGH This Week

A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39252 HIGH This Week

A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ntfs 3G Debian Linux Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39251 HIGH This Week

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Ntfs 3G Debian Linux Enterprise Linux +1
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-33285 HIGH This Week

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfs_get_attribute_value, a heap buffer overflow can occur allowing for memory disclosure or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Ntfs 3G Enterprise Linux +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-39500 HIGH This Week

Eyoucms 1.5.4 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Eyoucms
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-37628 HIGH PATCH This Week

Nextcloud Richdocuments is an open source collaborative office suite. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Nextcloud Authentication Bypass Richdocuments
NVD GitHub
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-36717 HIGH This Week

Synerion TimeNet version 9.21 contains a directory traversal vulnerability where, on the "Name" parameter, the attacker can return to the root directory and open the host file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Timenet
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-37145 HIGH This Week

A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Command Injection Cx5500 Firmware Cx5100 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2021-37724 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Aruba Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37723 HIGH PATCH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.7.1.2, 8.6.0.8, 8.5.0.12, 8.3.0.16. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Aruba Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37722 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37721 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37720 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37719 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.4; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2021-37718 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37717 HIGH This Week

A remote arbitrary command execution vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.4-2.2.0.6; Prior to 8.7.1.4,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2021-37631 MEDIUM PATCH This Month

Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Deck
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-37630 MEDIUM PATCH This Month

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Authentication Bypass Circles
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-39196 MEDIUM PATCH This Month

pcapture is an open source dumpcap web service interface . Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Pcapture
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-39195 MEDIUM PATCH This Month

Misskey is an open source, decentralized microblogging platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Misskey
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-37729 MEDIUM PATCH This Month

A remote path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.3, 8.6.0.9, 8.5.0.12,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37728 MEDIUM This Month

A remote path traversal vulnerability was discovered in Aruba Operating System Software version(s): Prior to 8.8.0.1, 8.7.1.4, 8.6.0.11, 8.5.0.13. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-38698 MEDIUM PATCH This Month

HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Hashicorp Authentication Bypass HashiCorp Consul
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2021-34149 MEDIUM This Month

The Bluetooth Classic implementation on the Texas Instruments CC256XCQFN-EM does not properly handle the reception of continuous LMP_AU_Rand packets, allowing attackers in radio range to trigger a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cc256Xcqfn Em Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-34148 MEDIUM This Month

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireless Internet Connectivity For Embedded Devices
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-34147 MEDIUM This Month

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireless Internet Connectivity For Embedded Devices
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-34146 MEDIUM This Month

The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cyw920735Q60Evb 01 Firmware Cyw20735B1 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-34143 MEDIUM This Month

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_V1.0 does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fw Ac63 Bt Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-31786 MEDIUM This Month

The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2819 devices does not properly handle a connection attempt from a host with the same BDAddress as the current connected BT host,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ats2819P Firmware Ats2815 Firmware Ats2819 Firmware Ats2819S Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31785 MEDIUM This Month

The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 chipsets does not properly handle the reception of multiple LMP_host_connection_req packets, allowing attackers in radio range to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ats2819P Firmware Ats2815 Firmware Ats2819 Firmware Ats2819S Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31612 MEDIUM This Month

The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices does not properly handle the reception of an oversized LMP packet greater than 17 bytes during the LMP auto rate procedure,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ac6901 Firmware Ac690N Firmware Ac692N Firmware Ac6902 Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-31610 MEDIUM This Month

The Bluetooth Classic implementation on AB32VG1 devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mi True Wireless Earbuds Basic 2 Firmware Ab5376T Firmware Bt8896A Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-31609 MEDIUM This Month

The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Iwrap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-34150 MEDIUM This Month

The Bluetooth Classic implementation on Bluetrum AB5301A devices with unknown firmware versions does not properly handle the reception of oversized DM1 LMP packets while no other BT connections are. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ab5301A Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-34144 MEDIUM This Month

The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SDK through 0.9.1 does not properly handle the reception of truncated LMP_SCO_Link_Request packets while no other BT connections. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fw Ac63 Bt Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-33831 MEDIUM This Month

api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Covid 19 Contact Tracing
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-31613 MEDIUM This Month

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ac6901 Firmware Ac6925 Firmware Ac6926 Firmware Ac6928 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-28155 MEDIUM This Month

The Bluetooth Classic implementation on JBL TUNE500BT devices does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tune500Bt Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-28136 MEDIUM This Month

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple LMP IO Capability Request packets during the pairing process, allowing. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-28135 MEDIUM This Month

The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Esp Idf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-37731 MEDIUM PATCH This Month

A local path traversal vulnerability was discovered in Aruba SD-WAN Software and Gateways; Aruba Operating System Software version(s): Prior to 8.6.0.0-2.2.0.4; Prior to 8.7.1.1, 8.6.0.7, 8.5.0.12,. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity.

Path Traversal Aruba Sd Wan Arubaos Scalance W1750D Firmware
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-39199 MEDIUM PATCH This Month

remark-html is an open source nodejs library which compiles Markdown to HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Remark Html
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-38123 MEDIUM This Month

Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Network Automation
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-31611 MEDIUM This Month

The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ac6901 Firmware Ac6925 Firmware Ac6926 Firmware Ac6928 Firmware +1
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2021-32801 MEDIUM This Month

Nextcloud server is an open source, self hosted personal cloud. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-39257 MEDIUM This Month

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G < 2021.8.22. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ntfs 3G Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-33599 MEDIUM This Month

A vulnerability affecting F-Secure Antivirus engine was discovered whereby scanning WIM archive file can lead to denial-of-service (infinite loop and freezes AV engine scanner). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Atlant Cloud Protection For Salesforce Linux Security Elements Endpoint Protection
NVD
CVSS 3.1
5.5
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy