Skip to main content
CVE-2021-41361 MEDIUM PATCH This Month

Active Directory Federation Server Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-41354 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-41353 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-41138 MEDIUM PATCH This Month

Frontier is Substrate's Ethereum compatibility layer. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Frontier
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-20832 MEDIUM This Month

InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works with the body. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Apple Information Disclosure Inbody
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20802 MEDIUM This Month

HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Remote Service Manager
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-41346 MEDIUM PATCH This Month

Console Window Host Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Windows 10 Windows Server 2016
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-40482 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Information Disclosure Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-40456 MEDIUM PATCH This Month

Windows AD FS Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows Server Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2021-41337 MEDIUM PATCH This Month

Active Directory Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
4.9
EPSS
1.5%
CVE-2021-26318 MEDIUM This Month

A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. Rated medium severity (CVSS 4.7). No vendor patch available.

Amd Information Disclosure Athlon Firmware Athlon Pro Firmware Epyc Firmware +2
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2021-41339 MEDIUM PATCH This Month

Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated medium severity (CVSS 4.7). This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Microsoft Privilege Escalation Windows 10 Windows 11 Windows Server 2016 +1
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2021-22035 MEDIUM PATCH This Month

VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Code Injection VMware Cloud Foundation Vrealize Log Insight Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-33609 MEDIUM PATCH This Month

Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Vaadin
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-41363 MEDIUM PATCH This Month

Intune Management Extension Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.2).

Authentication Bypass Intune Management Extension
NVD
CVSS 3.1
4.2
EPSS
0.4%
CVE-2021-22033 LOW PATCH Monitor

Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF VMware Cloud Foundation Vrealize Operations Vrealize Suite Lifecycle Manager
NVD
CVSS 3.1
2.7
EPSS
0.6%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy