Skip to main content
CVE-2021-42771 HIGH POC PATCH This Week

Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Python Path Traversal RCE Babel Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-41167 HIGH POC PATCH This Week

modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Modern Async
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2021-25970 HIGH PATCH This Week

Camaleon CMS 0.1.7 to 2.6.0 doesn’t terminate the active session of the users, even after the admin changes the user’s password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Camaleon Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2021-2137 HIGH This Week

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Policy Framework). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Enterprise Manager Base Platform
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-35651 HIGH PATCH This Week

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Essbase Administration Services
NVD
CVSS 3.1
8.5
EPSS
1.0%
CVE-2021-1949 HIGH This Week

Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Apq8009 Firmware Apq8009W Firmware +137
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-1932 HIGH This Week

Improper access control in trusted application environment can cause unauthorized access to CDSP or ADSP VM memory with either privilege in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Authentication Bypass Aqt1000 Firmware Ar8035 Firmware Qca6390 Firmware +61
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-1917 HIGH This Week

Null pointer dereference can occur due to memory allocation failure in DIAG in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Qualcomm Denial Of Service Apq8017 Firmware Apq8053 Firmware +82
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-1913 HIGH This Week

Possible integer overflow due to improper length check while updating grace period and count record in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT,. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Aqt1000 Firmware Ar8035 Firmware +79
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2021-2461 HIGH This Week

Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications (component: Provision API). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Communications Interactive Session Recorder
NVD
CVSS 3.1
8.3
EPSS
1.0%
CVE-2021-35599 HIGH PATCH This Week

Vulnerability in the Zero Downtime DB Migration to Cloud component of Oracle Database Server. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Oracle Information Disclosure Zero Downtime Db Migration To Cloud
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2021-35585 HIGH PATCH This Week

Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: User Interface). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Incentive Compensation
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-35570 HIGH PATCH This Week

Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Admin UI). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mobile Field Service
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-35566 HIGH PATCH This Week

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Applications Manager
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-35563 HIGH PATCH This Week

Vulnerability in the Oracle Shipping Execution product of Oracle E-Business Suite (component: Workflow Events). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Shipping Execution
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2021-35562 HIGH PATCH This Week

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Universal Work Queue
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2021-35543 HIGH This Week

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Cost Center Common Application Objects
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-35536 HIGH This Week

Vulnerability in the Oracle Deal Management product of Oracle E-Business Suite (component: Miscellaneous). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Deal Management
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-2485 HIGH This Week

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Quotes). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Trade Management
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-2484 HIGH This Week

Vulnerability in the Oracle Operations Intelligence product of Oracle E-Business Suite (component: BIS Operations Intelligence). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Operations Intelligence
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2021-2483 HIGH This Week

Vulnerability in the Oracle Content Manager product of Oracle E-Business Suite (component: Content Item Manager). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Content Manager
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2021-2482 HIGH This Week

Vulnerability in the Oracle Payables product of Oracle E-Business Suite (component: Invoice Approvals). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Payables
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-2474 HIGH This Week

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite (component: Admin). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Web Analytics
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-35538 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-30316 HIGH PATCH This Week

Possible out of bound memory access due to improper boundary check while creating HSYNC fence in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Ar8031 Firmware Csra6620 Firmware Csra6640 Firmware +74
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30315 HIGH PATCH This Week

Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Qualcomm Memory Corruption Denial Of Service Mdm9628 Firmware +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30305 HIGH PATCH This Week

Possible out of bound access due to lack of validation of page offset before page is inserted in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Qca6174a Firmware Qca6391 Firmware Qca6574 Firmware +38
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-30292 HIGH This Week

Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8017 Firmware Apq8053 Firmware +89
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30291 HIGH This Week

Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8017 Firmware Apq8053 Firmware +88
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30288 HIGH This Week

Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8053 Firmware +194
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30258 HIGH This Week

Possible buffer overflow due to improper size calculation of payload received in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8017 Firmware Apq8053 Firmware +95
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30257 HIGH This Week

Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8017 Firmware Apq8053 Firmware +75
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30256 HIGH This Week

Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8017 Firmware Apq8053 Firmware +75
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1984 HIGH This Week

Possible buffer overflow due to improper validation of index value while processing the plugin block in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8064au Firmware +92
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1983 HIGH This Week

Possible buffer overflow due to improper handling of negative data length while processing write request in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8017 Firmware Apq8053 Firmware Apq8064au Firmware +92
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1959 HIGH This Week

Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8009W Firmware +186
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-35653 HIGH PATCH This Week

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Essbase Administration Services
NVD
CVSS 3.1
7.7
EPSS
1.2%
CVE-2021-42765 HIGH This Week

The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service (indefinite stalling of consensus decisions). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Proof Of Stake Ethereum
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-21744 HIGH This Week

ZTE MF971R product has a configuration file control vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Information Disclosure Mf971R Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-35662 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35661 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35660 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35659 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-35658 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35657 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35656 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35654 HIGH PATCH This Week

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Essbase Administration Services
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-35620 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-35583 HIGH PATCH This Week

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Oracle Mysql Server Oncommand Insight +1
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2021-35574 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Communications Cloud Native Core Policy Outside In Technology
NVD
CVSS 3.1
7.5
EPSS
2.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy