Skip to main content
CVE-2021-39303 CRITICAL POC Act Now

The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka PI-006352. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jamf
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2021-3577 HIGH POC THREAT This Week

An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Authentication Bypass Halo Camera Firmware Comfort 85 Connect Firmware +19
NVD
CVSS 3.1
8.8
EPSS
59.9%
CVE-2021-41254 HIGH POC PATCH This Week

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Command Injection Kustomize Controller
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-43493 HIGH POC This Week

ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Servermanagement
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-43492 HIGH POC This Week

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Alquist
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2021-43496 HIGH POC THREAT This Week

Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Clustering
NVD GitHub
CVSS 3.1
7.5
EPSS
15.7%
CVE-2021-43494 HIGH POC This Week

OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Opencv Rest Api
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-41229 MEDIUM POC This Month

BlueZ is a Bluetooth protocol stack for Linux. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bluez Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-41264 CRITICAL PATCH Act Now

OpenZeppelin Contracts is a library for smart contract development. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Contracts
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-30321 CRITICAL Act Now

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Aqt1000 Firmware Qca1062 Firmware Qca1064 Firmware +20
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-1975 CRITICAL Act Now

Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Apq8009 Firmware Apq8009W Firmware +178
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2021-42774 CRITICAL Act Now

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Broadcom Emulex Hba Manager
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2021-30284 CRITICAL Act Now

Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Information Disclosure Apq8009 Firmware Apq8009W Firmware +144
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2021-1981 CRITICAL Act Now

Possible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Apq8017 Firmware Ar8035 Firmware +88
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2021-42775 CRITICAL Act Now

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a vulnerability in the remote firmware download. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Emulex Hba Manager
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2021-3840 HIGH PATCH This Week

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Antilles
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-3723 HIGH This Week

A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection System X3550 M3 Firmware System X3650 M3 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-43578 HIGH This Week

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Squash Tm Publisher
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-3787 HIGH This Week

A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-42563 HIGH PATCH This Week

There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Ni Service Locator
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30263 HIGH PATCH This Week

Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Memory Corruption Information Disclosure Aqt1000 Firmware +26
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-30259 HIGH This Week

Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Aqt1000 Firmware Ar8031 Firmware +156
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-30255 HIGH This Week

Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +185
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30254 HIGH This Week

Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +160
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1979 HIGH This Week

Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Aqt1000 Firmware Ar8035 Firmware +120
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1973 HIGH This Week

A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +194
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1912 HIGH This Week

Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Aqt1000 Firmware Ar8035 Firmware +40
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-21528 HIGH This Week

Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43611 HIGH PATCH This Week

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Belle Sip
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-43610 HIGH PATCH This Week

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Denial Of Service Belle Sip
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-3934 HIGH PATCH This Week

ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Oh My Zsh
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1982 HIGH This Week

Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Ar8035 Firmware Qca6390 Firmware Qca6391 Firmware +69
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-42773 HIGH This Week

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Emulex Hba Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43577 HIGH PATCH This Week

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Owasp Dependency Check
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-1921 HIGH This Week

Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Qualcomm Aqt1000 Firmware Qca6390 Firmware Qca6391 Firmware +54
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2021-36315 MEDIUM This Month

Dell EMC PowerScale Nodes contain a hardware design flaw. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Privilege Escalation Emc Powerscale Nodes A100 Firmware Emc Powerscale Nodes S210 Firmware Emc Powerscale Nodes X410 Firmware +16
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-3788 MEDIUM This Month

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-3519 MEDIUM This Month

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Ideacentre C5 14Mb05 Firmware Ideacentre 3 07Imb05 Firmware Ideacentre 5 14Imb05 Firmware +56
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-36325 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Alienware 13 R3 Firmware Alienware 15 R3 Firmware Alienware 15 R4 Firmware +280
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-36324 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Latitude 5500 Firmware Precision 7750 Firmware Latitude 5401 Firmware Precision 3541 Firmware Chengming 3991 Firmware +280
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-36323 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Alienware 13 R3 Firmware Alienware 15 R3 Firmware Alienware 15 R4 Firmware +280
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-3843 MEDIUM This Month

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Thinkpad 11E 3Rd Gen Firmware Thinkpad 11E 4Th Gen I3 Firmware Thinkpad 11E 4Th Gen I7 Firmware Thinkpad 11E 4Th Gen I5 Firmware +25
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-3719 MEDIUM This Month

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Thinkcentre E93 Firmware Thinkcentre M600 Firmware Thinkcentre M700 Tiny Firmware Thinkcentre M73 Firmware +16
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-3599 MEDIUM PATCH This Month

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Thinkpad X380 Yoga Firmware Thinkpad X1 Fold Gen 1 Firmware Thinkpad Yoga 260 Firmware Thinkpad Yoga 11E 3Rd Gen Firmware +129
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-30266 MEDIUM PATCH This Month

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Use After Free Qualcomm Memory Corruption Denial Of Service Apq8009 Firmware +203
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-30265 MEDIUM PATCH This Month

Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Apq8053 Firmware Aqt1000 Firmware +93
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-30264 MEDIUM This Month

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Memory Corruption Denial Of Service Apq8009 Firmware +193
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-36305 MEDIUM This Month

Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-3791 MEDIUM This Month

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-3790 MEDIUM This Month

A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware +18
NVD
CVSS 3.1
6.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy