Skip to main content
CVE-2021-34780 HIGH This Week

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Business 220 8T E 2G Firmware Business 220 8P E 2G Firmware Business 220 8Fp E 2G Firmware +13
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-34779 HIGH This Week

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business 220 Series Smart Switches. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Business 220 8T E 2G Firmware Business 220 8P E 2G Firmware Business 220 8Fp E 2G Firmware +13
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2021-34766 HIGH This Week

A vulnerability in the web UI of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges and create, read, update, or delete records and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Smart Software Manager On Prem
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2021-34748 HIGH This Week

A vulnerability in the web-based management interface of Cisco Intersight Virtual Appliance could allow an authenticated, remote attacker to perform a command injection attack on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Intersight Virtual Appliance
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-34710 HIGH This Week

Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco RCE Denial Of Service Command Injection Ata 190 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-41128 HIGH PATCH This Week

Hygeia is an application for collecting and processing personal and case data in connection with communicable diseases. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Hygeia
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-41121 HIGH PATCH This Week

Vyper is a Pythonic Smart Contract Language for the EVM. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-29837 HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Sterling B2b Integrator
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2021-41129 HIGH PATCH This Week

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization PHP Panel
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2021-1594 HIGH This Week

A vulnerability in the REST API of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a command injection attack and elevate privileges to root. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Command Injection Identity Services Engine
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2021-25485 HIGH This Week

Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2021-25470 HIGH This Week

An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE. Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Android
NVD
CVSS 3.1
7.9
EPSS
0.1%
CVE-2021-25498 HIGH This Week

A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25497 HIGH This Week

A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25496 HIGH This Week

A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25495 HIGH This Week

A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow RCE Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25494 HIGH This Week

A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Information Disclosure Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25487 HIGH KEV THREAT This Week

Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-20264 HIGH This Week

An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openjdk
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0692 HIGH PATCH This Week

In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0685 HIGH PATCH This Week

In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Google Deserialization Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0684 HIGH PATCH This Week

In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Google Privilege Escalation Memory Corruption Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-0683 HIGH PATCH This Week

In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Google Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0636 HIGH This Week

When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0635 HIGH This Week

When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0595 HIGH PATCH This Week

In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Google Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-28702 HIGH This Week

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Xen Fedora Debian Linux
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2021-42040 HIGH PATCH This Week

An issue was discovered in MediaWiki through 1.36.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mediawiki
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-34735 HIGH This Week

Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco RCE Denial Of Service Command Injection Ata 190 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-34698 HIGH This Week

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Asyncos
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-25480 HIGH This Week

A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2021-25471 HIGH This Week

A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2021-38925 HIGH PATCH This Week

IBM Sterling B2B Integrator Standard Edition 5.2.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Sterling B2b Integrator
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-0598 HIGH PATCH This Week

In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Google Privilege Escalation XSS Android
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2021-41126 HIGH PATCH This Week

October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass October
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2021-25479 HIGH This Week

A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow RCE Android
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2021-25478 HIGH This Week

A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Stack Overflow Android
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2021-25493 HIGH This Week

Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Notes
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-25492 HIGH This Week

Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Notes
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-34788 HIGH This Week

A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library. Rated high severity (CVSS 7.0). No vendor patch available.

Cisco RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2021-0688 HIGH PATCH This Week

In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. Rated high severity (CVSS 7.0).

Google Privilege Escalation Race Condition Android
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy