Skip to main content
CVE-2021-41135 MEDIUM POC PATCH This Month

The Cosmos-SDK is a framework for building blockchain applications in Golang. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Cosmos Sdk
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-42762 MEDIUM POC This Month

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Webkitgtk Wpe Webkit Fedora +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-21745 MEDIUM POC THREAT This Month

ZTE MF971R product has a Referer authentication bypass vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zte Authentication Bypass Mf971R Firmware
NVD
CVSS 3.1
4.3
EPSS
55.7%
CVE-2021-35567 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Java Openjdk Graalvm +14
NVD
CVSS 3.1
6.8
EPSS
2.7%
CVE-2021-2414 MEDIUM This Month

Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications (component: Routing). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Communications Session Border Controller
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2021-35545 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-2332 MEDIUM This Month

Vulnerability in the Oracle LogMiner component of Oracle Database Server. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Database Server
NVD
CVSS 3.1
6.7
EPSS
0.9%
CVE-2021-42739 MEDIUM PATCH This Month

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Linux Memory Corruption Linux Kernel Fedora +6
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-1966 MEDIUM PATCH This Month

Possible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +62
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-35609 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: SQR). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-35607 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Oncommand Insight Snapcenter MySQL +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-35597 MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2021-35582 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Applications Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-35553 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Class Search). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Cs Student Records
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-35539 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-2481 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter +1
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2021-35621 MEDIUM This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). No vendor patch available.

Oracle Information Disclosure Mysql Cluster Active Iq Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
6.3
EPSS
46.8%
CVE-2021-35598 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3).

Oracle Information Disclosure Mysql Cluster Oncommand Insight Snapcenter
NVD
CVSS 3.1
6.3
EPSS
50.0%
CVE-2021-35594 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3).

Oracle Information Disclosure Mysql Cluster Oncommand Insight Snapcenter
NVD
CVSS 3.1
6.3
EPSS
50.0%
CVE-2021-35593 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Oracle Mysql Cluster Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
50.0%
CVE-2021-35592 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3).

Oracle Information Disclosure Mysql Cluster Oncommand Insight Snapcenter
NVD
CVSS 3.1
6.3
EPSS
51.4%
CVE-2021-35590 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Rated medium severity (CVSS 6.3). This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Oracle Mysql Cluster Oncommand Insight +1
NVD
CVSS 3.1
6.3
EPSS
88.5%
CVE-2021-38896 MEDIUM PATCH This Month

IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Qradar Advisor
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21747 MEDIUM This Month

ZTE MF971R product has reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Mf971R Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21746 MEDIUM This Month

ZTE MF971R product has reflective XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte XSS Mf971R Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-25969 MEDIUM PATCH This Month

In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Camaleon Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35665 MEDIUM PATCH This Month

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion Financial Reporting
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35595 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Business Interlink). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35580 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Applications Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-35568 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35589 MEDIUM PATCH This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device drivers). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2021-35666 MEDIUM PATCH This Month

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Http Server
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2021-35550 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle Java Graalvm Openjdk +11
NVD
CVSS 3.1
5.9
EPSS
6.9%
CVE-2021-2471 MEDIUM PATCH This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass Communications Cloud Native Core Console Communications Cloud Native Core Network Slice Selection Function Communications Cloud Native Core Policy +3
NVD
CVSS 3.1
5.9
EPSS
7.3%
CVE-2021-35606 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Notification Framework). Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Cs Campus Community
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-35601 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack product of Oracle PeopleSoft (component: Students Administration). Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Cs Sa Integration Pack
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2021-42299 MEDIUM PATCH This Month

Microsoft Surface Pro 3 Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.6).

Microsoft Authentication Bypass Surface Pro 3 Firmware
NVD
CVSS 3.1
5.6
EPSS
0.7%
CVE-2021-35612 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Insight Snapcenter
NVD
CVSS 3.1
5.5
EPSS
1.6%
CVE-2021-35604 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Mysql Server Oncommand Insight Snapcenter +2
NVD
CVSS 3.1
5.5
EPSS
2.5%
CVE-2021-35551 MEDIUM PATCH This Month

Vulnerability in the RDBMS Security component of Oracle Database Server. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Database
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-35540 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-1969 MEDIUM PATCH This Month

Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +59
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1968 MEDIUM PATCH This Month

Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Qualcomm Information Disclosure Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +59
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-35649 MEDIUM PATCH This Month

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Secure Global Desktop
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-35616 MEDIUM PATCH This Month

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: UI Infrastructure). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Transportation Management
NVD
CVSS 3.1
5.4
EPSS
28.0%
CVE-2021-35571 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Cs Academic Advisement
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-35541 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise SCM product of Oracle PeopleSoft (component: Supplier Portal). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-35556 MEDIUM PATCH This Month

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Java Oracle Graalvm Openjdk +12
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2021-35655 MEDIUM PATCH This Month

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Essbase Administration Services
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-35608 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Oracle Oncommand Insight Snapcenter MySQL +1
NVD
CVSS 3.1
5.3
EPSS
2.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy