Skip to main content
CVE-2021-31682 MEDIUM POC THREAT This Month

The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webctrl
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
10.5%
CVE-2021-0703 MEDIUM PATCH This Month

In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Google Privilege Escalation Memory Corruption Use After Free Denial Of Service +1
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2021-35230 MEDIUM This Month

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Kiwi Cattools
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-42536 MEDIUM PATCH This Month

The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Wireless 1410 Gateway Firmware Wireless 1410D Gateway Firmware Wireless 1420 Gateway Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-38465 MEDIUM PATCH This Month

The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Versiondog
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-38455 MEDIUM PATCH This Month

The affected product’s OS Service does not verify any given parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Versiondog
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-29835 MEDIUM PATCH This Month

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Business Automation Workflow
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-42534 MEDIUM This Month

The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tracer Sc Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-41747 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Csdn App
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-38451 MEDIUM PATCH This Month

The affected product’s proprietary protocol CSC allows for calling numerous function codes. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Versiondog
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2021-42556 MEDIUM This Month

Rasa X before 0.42.4 allows Directory Traversal during archive extraction. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Rasa X
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-0706 MEDIUM This Month

In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Denial Of Service Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0702 MEDIUM PATCH This Month

In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0651 MEDIUM This Month

In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0643 MEDIUM This Month

In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-31834 MEDIUM This Month

Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-31835 MEDIUM This Month

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Epolicy Orchestrator
NVD
CVSS 3.1
4.8
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy