Skip to main content
CVE-2020-21050 MEDIUM POC PATCH This Month

Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Memory Corruption Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-21049 MEDIUM POC PATCH This Month

An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Information Disclosure Buffer Overflow Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-21048 MEDIUM POC PATCH This Month

An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Libsixel
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-39391 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Beego
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-23043 MEDIUM This Month

On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +7
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-38175 MEDIUM This Month

SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft SAP Analysis For Microsoft Office
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38174 MEDIUM This Month

When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service SAP 3D Visual Enterprise Viewer
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38150 MEDIUM This Month

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Business Client
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-33685 MEDIUM This Month

SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal SAP Business One
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-37183 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Sinema Remote Connect Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-37177 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-33716 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Simatic Cp 1543 1 Firmware Simatic Cp 1545 1 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-23027 MEDIUM This Month

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +10
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23041 MEDIUM This Month

On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a DOM based cross-site scripting (XSS) vulnerability exists. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +7
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-23052 MEDIUM This Month

On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Big Ip Access Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-33675 MEDIUM This Month

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS SAP Contact Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33674 MEDIUM This Month

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS SAP Contact Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-33673 MEDIUM This Month

Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS SAP Contact Center
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-32202 MEDIUM This Month

In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cs Cart
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-35493 MEDIUM This Month

The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webfocus Client Webfocus Installer Webfocus Reporting Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-29841 MEDIUM This Month

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Financial Transaction Manager
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-38164 MEDIUM This Month

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Erp Financial Accounting
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33679 MEDIUM This Month

The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-37186 MEDIUM PATCH This Month

A vulnerability has been identified in LOGO!. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Logo Cmr2020 Firmware Logo Cmr2040 Firmware Simatic Rtu3010C Firmware Simatic Rtu3030C Firmware +2
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-23047 MEDIUM This Month

On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2021-20582 MEDIUM This Month

IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20569 MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow an attacker to enumerate usernames due to improper input validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-23053 MEDIUM This Month

On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-33686 MEDIUM This Month

Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Business One
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-37175 MEDIUM PATCH This Month

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ruggedcom Rox Rx1400 Firmware Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Rx1500 Firmware Ruggedcom Rox Rx1501 Firmware +6
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-39125 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Data Center Jira Jira Server
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-39118 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Information Disclosure Data Center Jira
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-23046 MEDIUM This Month

On all versions of Guided Configuration before 8.0.0, when a configuration that contains secure properties is created and deployed from Access Guided Configuration (AGC), secure properties are logged. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Guided Configuration
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2021-40357 MEDIUM PATCH This Month

A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.10), Teamcenter Active Workspace V5.0 (All versions < V5.0.8), Teamcenter Active Workspace V5.1 (All. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Teamcenter Active Workspace
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2021-21489 MEDIUM This Month

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Netweaver Enterprise Portal
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-20508 MEDIUM This Month

IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Secret Server
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-37532 MEDIUM This Month

SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal SAP Business One
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-33688 MEDIUM This Month

SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Business One
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-37193 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-37192 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-37191 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-37190 MEDIUM PATCH This Month

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sinema Remote Connect Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-39124 MEDIUM This Month

The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassian Jira Server and Data Center before version 8.16.0 allows remote attackers who are able to trick a user into retrying a request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Data Center Jira
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy