Skip to main content
CVE-2021-32675 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Fedora Debian Linux Management Services For Element Software +2
NVD GitHub
CVSS 3.1
7.5
EPSS
15.8%
CVE-2021-32628 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-32627 HIGH PATCH This Week

Redis is an open source, in-memory database that persists on disk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Redis Integer Overflow RCE Fedora Debian Linux +3
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2021-23858 HIGH This Week

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexroth Indramotion Mlc L20 Firmware Rexroth Indramotion Mlc L40 Firmware Rexroth Indramotion Mlc L25 Firmware Rexroth Indramotion Mlc L45 Firmware +8
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-23855 HIGH This Week

The user and password data base is exposed by an unprotected web server resource. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rexroth Indramotion Xlc Firmware Rexroth Indramotion Mlc Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-41530 HIGH This Week

Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Next Generation Firewall
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-40325 HIGH PATCH This Week

Cobbler before 3.3.0 allows authorization bypass for modification of settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Cobbler
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-40324 HIGH PATCH This Week

Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Cobbler
NVD GitHub
CVSS 3.1
7.5
EPSS
68.6%
CVE-2021-38400 MEDIUM This Month

An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2021-38398 MEDIUM This Month

The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoom Latitude Programming System Model 3120 Firmware Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-38396 MEDIUM This Month

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-22259 MEDIUM This Month

A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21706 MEDIUM PATCH This Month

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft PHP Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-38394 MEDIUM This Month

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Zoom Latitude Pogrammer Recorder Monitor 3120 Firmware
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2021-41091 MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
2.7%
CVE-2021-41089 MEDIUM PATCH This Month

Moby is an open-source project created by Docker to enable software containerization. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity.

Docker Information Disclosure Moby Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-23856 MEDIUM This Month

The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rexroth Indramotion Mlc L20 Firmware Rexroth Indramotion Mlc L40 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-39877 MEDIUM This Month

A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2021-25964 MEDIUM PATCH This Month

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Calibre Web
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41123 MEDIUM PATCH This Month

Survey Solutions is a survey management and data collection system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Survey Solutions
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-41596 MEDIUM This Month

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-41595 MEDIUM This Month

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-41094 MEDIUM PATCH This Month

Wire is an open source secure messenger. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Wire
NVD GitHub
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-39347 MEDIUM PATCH This Month

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress PHP Authentication Bypass Stripe For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-32672 MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Redis Information Disclosure Software Collections Enterprise Linux +5
NVD GitHub
CVSS 3.1
4.3
EPSS
1.7%
CVE-2021-39883 MEDIUM This Month

Improper authorization checks in all versions of GitLab EE starting from 13.11 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-39874 MEDIUM This Month

In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-39873 MEDIUM This Month

In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-39871 MEDIUM This Month

In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-39868 MEDIUM This Month

In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-36850 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer - Auto & Manual Rename plugin (versions <= 5.1.9). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Media File Renamer Auto Manual Rename
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-39899 MEDIUM This Month

In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.2
EPSS
0.2%
CVE-2021-39896 LOW Monitor

In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the second user they impersonated, which may. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
3.8
EPSS
0.6%
CVE-2021-39879 LOW Monitor

Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
3.5
EPSS
0.4%
CVE-2021-41861 LOW Monitor

The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Telegram
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2021-39900 LOW Monitor

Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary availability via Rails logs. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
2.7
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy