Skip to main content
CVE-2021-35653 HIGH PATCH This Week

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Essbase Administration Services
NVD
CVSS 3.1
7.7
EPSS
1.2%
CVE-2021-42765 HIGH This Week

The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service (indefinite stalling of consensus decisions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Proof Of Stake Ethereum
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-21744 HIGH This Week

ZTE MF971R product has a configuration file control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Mf971R Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-35662 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35661 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35660 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35659 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-35658 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35657 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35656 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35654 HIGH PATCH This Week

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Essbase Administration Services
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-35620 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35583 HIGH PATCH This Week

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Oracle Mysql Server Oncommand Insight +1
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-35574 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Communications Cloud Native Core Policy Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-35573 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35572 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-35560 HIGH PATCH This Week

Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Java Openjdk E Series Santricity Os Controller +4
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2021-30312 HIGH PATCH This Week

Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Information Disclosure Authentication Bypass Apq8053 Firmware Aqt1000 Firmware +192
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-30310 HIGH This Week

Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware +83
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-30302 HIGH This Week

Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Authentication Bypass Aqt1000 Firmware Ar8035 Firmware +122
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1936 HIGH This Week

Null pointer dereference can occur due to lack of null check for user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Qualcomm Denial Of Service Apq8009W Firmware Apq8017 Firmware +120
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-35619 HIGH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Information Disclosure Java Java Virtual Machine
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2021-35610 HIGH PATCH This Week

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
7.1
EPSS
2.2%
CVE-2021-30306 HIGH PATCH This Week

Possible buffer over read due to improper buffer allocation for file length passed from user space in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Qualcomm Information Disclosure Apq8053 Firmware Msm8953 Firmware +63
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2021-30297 HIGH This Week

Possible out of bound read due to improper validation of packet length while handling data transfer in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware +86
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2021-1985 HIGH This Week

Possible buffer over read due to lack of data length check in QVR Service configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8017 Firmware Apq8053 Firmware +93
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2021-35567 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Java Openjdk Graalvm +14
NVD
CVSS 3.1
6.8
EPSS
2.7%
CVE-2021-2414 MEDIUM This Month

Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Communications Session Border Controller
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2021-35576 LOW POC PATCH Monitor

Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Database Server
NVD
CVSS 3.1
2.7
EPSS
1.4%
CVE-2021-35545 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-2332 MEDIUM This Month

Vulnerability in the Oracle LogMiner component of Oracle Database Server. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Database Server
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2021-42739 MEDIUM PATCH This Month

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +6
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-1966 MEDIUM PATCH This Month

Possible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +62
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-35609 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-35607 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Oncommand Insight Snapcenter MySQL +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-35597 MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-35582 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Applications Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-35553 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Class Search). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Cs Student Records
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-35539 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-2481 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-35621 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure Mysql Cluster Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
6.3
EPSS
46.8%
CVE-2021-35598 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3).

Oracle Information Disclosure Mysql Cluster Oncommand Insight Snapcenter
NVD
CVSS 3.1
6.3
EPSS
50.0%
CVE-2021-35594 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3).

Oracle Information Disclosure Mysql Cluster Oncommand Insight Snapcenter
NVD
CVSS 3.1
6.3
EPSS
50.0%
CVE-2021-35593 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Oracle Mysql Cluster Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
50.0%
CVE-2021-35592 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3).

Oracle Information Disclosure Mysql Cluster Oncommand Insight Snapcenter
NVD
CVSS 3.1
6.3
EPSS
51.4%
CVE-2021-35590 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Oracle Mysql Cluster Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
88.5%
CVE-2021-38896 MEDIUM PATCH This Month

IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Advisor
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21747 MEDIUM This Month

ZTE MF971R product has reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Mf971R Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21746 MEDIUM This Month

ZTE MF971R product has reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Mf971R Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-25969 MEDIUM PATCH This Month

In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Camaleon Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy