Skip to main content
CVE-2021-20119 HIGH POC This Week

The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. Rated high severity (CVSS 7.1). Public exploit code available and no vendor patch available.

Authentication Bypass Arris Surfboard Sb8200 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2021-31888 HIGH This Week

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Nucleus Net Nucleus Readystart V3 Nucleus Source Code Apogee Modular Building Controller Firmware +18
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-31887 HIGH This Week

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Nucleus Net Nucleus Readystart V3 Nucleus Source Code Apogee Modular Building Controller Firmware +18
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-37207 HIGH PATCH This Week

A vulnerability has been identified in SENTRON powermanager V3 (All versions). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Sentron Powermanager 3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-40359 HIGH This Week

A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Simatic Batch Simatic Net Pc Simatic Route Control Simatic Wincc +1
NVD
CVSS 3.1
7.7
EPSS
1.1%
CVE-2021-43174 HIGH PATCH This Week

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Routinator Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-43173 HIGH This Week

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routinator Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-43172 HIGH PATCH This Week

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Routinator
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-43182 HIGH This Week

In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-43180 HIGH This Week

In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hub
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43203 HIGH This Week

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ktor
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-43196 HIGH This Week

In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Docker Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43114 HIGH PATCH This Week

FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fort Validator Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-42021 HIGH PATCH This Week

A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Siveillance Video Management Software 2019 R1 Siveillance Video Management Software 2019 R2 Siveillance Video Management Software 2019 R3 Siveillance Video Management Software 2020 R1 +1
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-31885 HIGH This Week

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Readystart V4 +7
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-31883 HIGH This Week

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Source Code +6
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-31882 HIGH This Week

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Capital Vstar Nucleus Net Nucleus Readystart V3 Nucleus Source Code +6
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-31881 HIGH This Week

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Capital Vstar Nucleus Net Nucleus Readystart V3 +7
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2021-40366 HIGH This Week

A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Climatix Pol909 Firmware
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-43189 HIGH This Week

In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Youtrack Mobile
NVD
CVSS 3.1
7.3
EPSS
0.7%
CVE-2021-43188 HIGH This Week

In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Youtrack Mobile
NVD
CVSS 3.1
7.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy