Skip to main content
CVE-2021-41312 HIGH PATCH This Week

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Atlassian Authentication Bypass Data Center Jira
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-38498 HIGH This Week

During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Mozilla Firefox +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-20707 HIGH This Week

Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Clusterpro X Clusterpro X Singleserversafe Expresscluster X +1
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-20706 HIGH This Week

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft File Upload Clusterpro X Clusterpro X Singleserversafe Expresscluster X +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20705 HIGH This Week

Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft File Upload Clusterpro X Clusterpro X Singleserversafe Expresscluster X +1
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-20135 MEDIUM This Month

Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Nessus
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-27836 MEDIUM PATCH This Month

An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Libxls Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-38497 MEDIUM This Month

Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-38491 MEDIUM This Month

Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-41562 MEDIUM This Month

A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Snow Inventory Agent
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2021-43324 MEDIUM PATCH This Month

LibreNMS through 21.10.2 allows XSS via a widget title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-38418 MEDIUM This Month

Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dialink
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2021-38502 MEDIUM This Month

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure Thunderbird Debian Linux
NVD
CVSS 3.1
5.9
EPSS
1.1%
CVE-2021-41134 MEDIUM PATCH This Month

nbdime provides tools for diffing and merging of Jupyter Notebooks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nbdime Nbdime Jupyterlab
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-33209 MEDIUM This Month

An issue was discovered in Fimer Aurora Vision before 2.97.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aurora Vision
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-38488 MEDIUM This Month

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dialink
NVD
CVSS 3.1
4.8
EPSS
12.3%
CVE-2021-38428 MEDIUM This Month

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dialink
NVD
CVSS 3.1
4.8
EPSS
11.4%
CVE-2021-38411 MEDIUM This Month

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dialink
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-38407 MEDIUM This Month

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dialink
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-38403 MEDIUM This Month

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dialink
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-39237 MEDIUM This Month

Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Futuresmart 3 Futuresmart 4 Futuresmart 5
NVD
CVSS 3.1
4.6
EPSS
2.4%
CVE-2021-33210 MEDIUM This Month

An issue was discovered in Fimer Aurora Vision before 2.97.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aurora Vision
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-36192 LOW Monitor

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts. Rated low severity (CVSS 3.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortimanager
NVD
CVSS 3.1
3.8
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy