Skip to main content
CVE-2021-30830 HIGH This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Mac Os X +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-30829 HIGH This Week

A URI parsing issue was addressed with improved parsing. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-30827 HIGH This Week

A permissions issue existed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30825 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Ipados Iphone Os
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-30807 HIGH KEV THREAT This Week

A memory corruption issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple RCE Memory Corruption Ipados +3
NVD
CVSS 3.1
7.8
EPSS
28.8%
CVE-2021-36512 HIGH PATCH This Week

An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Bulletin Board System
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-3454 HIGH PATCH This Week

Truncated L2CAP K-frame causes assertion failure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-31383 HIGH This Week

In Point to MultiPoint (P2MP) scenarios within established sessions between network or adjacent neighbors the improper use of a source to destination copy write operation combined with a Stack-based. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Stack Overflow Juniper Junos +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31378 HIGH PATCH This Week

In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31376 HIGH This Week

An Improper Input Validation vulnerability in Packet Forwarding Engine manager (FXPC) process of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) by sending specific. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31374 HIGH This Week

On Juniper Networks Junos OS and Junos OS Evolved devices processing a specially crafted BGP UPDATE or KEEPALIVE message can lead to a routing process daemon (RPD) crash and restart, causing a Denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Memory Corruption Juniper Junos +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31368 HIGH This Week

An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks JUNOS OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-31351 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions in packet processing on the MS-MPC/MS-MIC utilized by Juniper Networks Junos OS allows a malicious attacker to send a specific packet,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-0299 HIGH This Week

An Improper Handling of Exceptional Conditions vulnerability in the processing of a transit or directly received malformed IPv6 packet in Juniper Networks Junos OS results in a kernel crash, causing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-32663 HIGH PATCH This Week

iTop is an open source web based IT Service Management tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Itop
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-37137 HIGH PATCH This Week

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Banking Apis Banking Digital Experience Commerce Guided Search +8
NVD GitHub
CVSS 3.1
7.5
EPSS
6.3%
CVE-2021-37136 HIGH PATCH This Week

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Netty Quarkus Banking Apis Banking Digital Experience +15
NVD GitHub
CVSS 3.1
7.5
EPSS
5.7%
CVE-2021-30844 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X macOS
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-30826 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-42261 HIGH This Week

Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Video Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-0296 HIGH This Week

The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Juniper Ctpview
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2021-38464 HIGH This Week

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Ir615 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2021-30358 HIGH PATCH This Week

Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Mobile Access Portal Agent
NVD
CVSS 3.1
7.2
EPSS
27.5%
CVE-2021-38484 HIGH This Week

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS File Upload Ir615 Firmware
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-31360 HIGH This Week

An improper privilege management vulnerability in the Juniper Networks Junos OS and Junos OS Evolved command-line interpreter (CLI) allows a low-privileged user to overwrite local files as root,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-41150 MEDIUM PATCH This Month

Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tough
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-31370 MEDIUM PATCH This Month

An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31367 MEDIUM PATCH This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31366 MEDIUM PATCH This Month

An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31365 MEDIUM This Month

An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31363 MEDIUM PATCH This Month

In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31362 MEDIUM This Month

A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0297 MEDIUM This Month

A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-3746 MEDIUM PATCH This Month

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libtpms Fedora Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20836 MEDIUM PATCH This Month

Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow RCE Information Disclosure Cx Supervisor
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-26589 MEDIUM This Month

A potential security vulnerability has been identified in HPE Superdome Flex Servers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Superdome Flex Firmware Superdome Flex 280 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-38466 MEDIUM This Month

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ir615 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-31386 MEDIUM This Month

A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2021-31364 MEDIUM PATCH This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Race Condition Juniper Junos
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2021-31377 MEDIUM This Month

An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon (RPD) to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-27001 MEDIUM This Month

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-30850 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X macOS Tvos
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30845 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-30828 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-30819 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-30811 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-31373 MEDIUM This Month

A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Juniper Junos
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-31355 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Information Disclosure Juniper Junos
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-29912 MEDIUM PATCH This Month

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Risk Manager On Cp4S
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36832 MEDIUM This Month

WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin - Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Icegram Engage
NVD
CVSS 3.1
5.4
EPSS
0.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy