Skip to main content
CVE-2021-43389 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel before 5.14.15. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Linux Information Disclosure Linux Kernel Enterprise Linux +4
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-43398 MEDIUM POC This Month

Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Crypto
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2021-39903 MEDIUM This Month

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-34773 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cisco Unified Communications Manager Unified Communications Manager Im And Presence Service
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-34594 MEDIUM This Month

TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Tf6100 Firmware Ts6100 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-40115 MEDIUM This Month

A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Collaboration Meeting Rooms Webex Video Mesh
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-1500 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Collaboration Meeting Rooms Webex Video Mesh
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34784 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-40128 MEDIUM This Month

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Webex Meetings
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-40127 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sf200 24 Firmware Sf200 24Fp Firmware Sf200 24P Firmware +63
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-34774 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Common Services Platform Collector
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2021-34731 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Access Registrar could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Prime Access Registrar
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-41248 MEDIUM PATCH This Month

GraphiQL is the reference implementation of this monorepo, GraphQL IDE, an official project under the GraphQL Foundation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Graphiql
NVD GitHub
CVSS 3.1
4.7
EPSS
1.0%
CVE-2021-41249 MEDIUM PATCH This Month

GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Playground
NVD GitHub
CVSS 3.1
4.7
EPSS
1.2%
CVE-2021-39914 MEDIUM This Month

A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2021-39902 MEDIUM This Month

Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-43293 MEDIUM PATCH This Month

Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nexus Repository Manager
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-40126 MEDIUM This Month

A vulnerability in the web-based dashboard of Cisco Umbrella could allow an authenticated, remote attacker to perform an email enumeration attack against the Umbrella infrastructure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Umbrella
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-34701 MEDIUM PATCH This Month

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Cisco Path Traversal Information Disclosure Unified Communications Manager Unified Communications Manager Im And Presence Service +1
NVD
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy