Skip to main content
CVE-2021-3577 HIGH POC THREAT This Week

An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Authentication Bypass Halo Camera Firmware Comfort 85 Connect Firmware +19
NVD
CVSS 3.1
8.8
EPSS
59.9%
CVE-2021-41254 HIGH POC PATCH This Week

kustomize-controller is a Kubernetes operator, specialized in running continuous delivery pipelines for infrastructure and workloads defined with Kubernetes manifests and assembled with Kustomize. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Command Injection Kustomize Controller
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2021-43493 HIGH POC This Week

ServerManagement master branch as of commit 49491cc6f94980e6be7791d17be947c27071eb56 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Servermanagement
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2021-43492 HIGH POC This Week

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Alquist
NVD GitHub
CVSS 3.1
7.5
EPSS
4.0%
CVE-2021-43496 HIGH POC THREAT This Week

Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd70bfcaa70 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Clustering
NVD GitHub
CVSS 3.1
7.5
EPSS
15.7%
CVE-2021-43494 HIGH POC This Week

OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc680a162dd6b9e49 is affected by a directory traversal vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Opencv Rest Api
NVD GitHub
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-3840 HIGH PATCH This Week

A dependency confusion vulnerability was reported in the Antilles open-source software prior to version 1.0.1 that could allow for remote code execution during installation due to a package listed in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Antilles
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2021-3723 HIGH This Week

A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection System X3550 M3 Firmware System X3650 M3 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2021-43578 HIGH This Week

Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Squash Tm Publisher
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2021-3787 HIGH This Week

A vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with local access to obtain the MQTT credentials that could result in unauthorized access to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-42563 HIGH PATCH This Week

There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) in versions prior to 18.0 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft RCE Ni Service Locator
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30263 HIGH PATCH This Week

Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Qualcomm Memory Corruption Information Disclosure Aqt1000 Firmware +26
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-30259 HIGH This Week

Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Information Disclosure Aqt1000 Firmware Ar8031 Firmware +156
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-30255 HIGH This Week

Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +185
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-30254 HIGH This Week

Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +160
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1979 HIGH This Week

Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Memory Corruption Aqt1000 Firmware Ar8035 Firmware +120
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1973 HIGH This Week

A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apq8009 Firmware Apq8009W Firmware Apq8017 Firmware +194
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-1912 HIGH This Week

Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Integer Overflow Aqt1000 Firmware Ar8035 Firmware +40
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-21528 HIGH This Week

Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Powerscale Onefs
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43611 HIGH PATCH This Week

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Belle Sip
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-43610 HIGH PATCH This Week

Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Denial Of Service Belle Sip
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-3934 HIGH PATCH This Week

ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Oh My Zsh
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-1982 HIGH This Week

Possible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Ar8035 Firmware Qca6390 Firmware Qca6391 Firmware +69
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-42773 HIGH This Week

Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, could allow a user to retrieve an arbitrary file from a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Emulex Hba Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-43577 HIGH PATCH This Week

Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Owasp Dependency Check
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2021-1921 HIGH This Week

Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Qualcomm Aqt1000 Firmware Qca6390 Firmware Qca6391 Firmware +54
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy