Skip to main content
CVE-2021-43332 MEDIUM PATCH This Month

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

CSRF Mailman Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-41972 MEDIUM PATCH This Month

Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-43576 MEDIUM This Month

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Jenkins XXE Pom2Config
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2021-21701 MEDIUM This Month

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Performance
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-43331 MEDIUM PATCH This Month

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mailman Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-3786 MEDIUM PATCH This Month

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Lenovo Information Disclosure Thinkpad X380 Yoga Firmware Thinkpad X1 Fold Gen 1 Firmware Thinkpad Yoga 260 Firmware +130
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-3720 MEDIUM This Month

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Legion Phone Pro L79031 Firmware Legion Phone2 Pro L70081 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1924 MEDIUM This Month

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8009W Firmware Apq8016 Firmware +314
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21700 MEDIUM PATCH This Month

Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Scriptler
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-21699 MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Active Choices
NVD
CVSS 3.1
5.4
EPSS
88.5%
CVE-2021-3793 MEDIUM This Month

An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-3792 MEDIUM This Month

Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-1903 MEDIUM This Month

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Authentication Bypass Aqt1000 Firmware Ar8031 Firmware +204
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-37910 MEDIUM This Month

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt Axe11000 Firmware Rt Ax3000 Firmware Rt Ax55 Firmware Rt Ax58U Firmware +1
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2021-3789 MEDIUM This Month

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2021-3718 MEDIUM This Month

A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Thinkpad 11E 3Rd Gen Firmware Thinkpad 11E 4Th Gen I3 Firmware Thinkpad 11E 4Th Gen I7 Firmware Thinkpad 11E 4Th Gen I5 Firmware +35
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-38985 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-38972 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-38973 LOW PATCH Monitor

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
2.7
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy