Skip to main content
CVE-2021-41019 MEDIUM This Month

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortios
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-32595 MEDIUM This Month

Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortiportal
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-25973 MEDIUM PATCH This Month

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Publify
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-36176 MEDIUM This Month

Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XSS Fortiportal
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-37996 MEDIUM This Month

Insufficient validation of untrusted input Downloads in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions via a malicious file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-37990 MEDIUM This Month

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-41023 MEDIUM This Month

A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated user to disclosure agent password due to plaintext credential storage in log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Fortinet Information Disclosure Fortisiem
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-29771 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29738 MEDIUM PATCH This Month

IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SSRF Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-33593 MEDIUM This Month

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Whale
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-42754 MEDIUM This Month

An improper control of generation of code vulnerability [CWE-94] in FortiClientMacOS versions 7.0.0 and below and 6.4.5 and below may allow an authenticated attacker to hijack the MacOS camera. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Apple RCE Code Injection Forticlient
NVD
CVSS 3.1
5.0
EPSS
0.4%
CVE-2021-26107 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortimanager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-42568 MEDIUM This Month

Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-36181 LOW Monitor

A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated,. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Race Condition Fortiportal
NVD
CVSS 3.1
3.1
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy