Skip to main content
CVE-2021-41229 MEDIUM POC This Month

BlueZ is a Bluetooth protocol stack for Linux. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bluez Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-36315 MEDIUM This Month

Dell EMC PowerScale Nodes contain a hardware design flaw. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Dell Privilege Escalation Emc Powerscale Nodes A100 Firmware Emc Powerscale Nodes S210 Firmware Emc Powerscale Nodes X410 Firmware +16
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-3788 MEDIUM This Month

An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-3519 MEDIUM This Month

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Ideacentre C5 14Mb05 Firmware Ideacentre 3 07Imb05 Firmware Ideacentre 5 14Imb05 Firmware +56
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2021-36325 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Alienware 13 R3 Firmware Alienware 15 R3 Firmware Alienware 15 R4 Firmware +280
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-36324 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Latitude 5500 Firmware Precision 7750 Firmware Latitude 5401 Firmware Precision 3541 Firmware Chengming 3991 Firmware +280
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-36323 MEDIUM This Month

Dell BIOS contains an improper input validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Alienware 13 R3 Firmware Alienware 15 R3 Firmware Alienware 15 R4 Firmware +280
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-3843 MEDIUM This Month

A potential vulnerability in the SMI function to access EEPROM in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Thinkpad 11E 3Rd Gen Firmware Thinkpad 11E 4Th Gen I3 Firmware Thinkpad 11E 4Th Gen I7 Firmware Thinkpad 11E 4Th Gen I5 Firmware +25
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-3719 MEDIUM This Month

A potential vulnerability in the SMI callback function that saves and restore boot script tables used for resuming from sleep state in some ThinkCentre and ThinkStation models may allow an attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Thinkcentre E93 Firmware Thinkcentre M600 Firmware Thinkcentre M700 Tiny Firmware Thinkcentre M73 Firmware +16
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-3599 MEDIUM PATCH This Month

A potential vulnerability in the SMI callback function used to access flash device in some ThinkPad models may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

RCE Thinkpad X380 Yoga Firmware Thinkpad X1 Fold Gen 1 Firmware Thinkpad Yoga 260 Firmware Thinkpad Yoga 11E 3Rd Gen Firmware +129
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-30266 MEDIUM PATCH This Month

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Use After Free Qualcomm Memory Corruption Denial Of Service Apq8009 Firmware +203
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-30265 MEDIUM PATCH This Month

Possible memory corruption due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Qualcomm Memory Corruption Apq8053 Firmware Aqt1000 Firmware +93
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-30264 MEDIUM This Month

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Qualcomm Memory Corruption Denial Of Service Apq8009 Firmware +193
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-36305 MEDIUM This Month

Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Denial Of Service Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-3791 MEDIUM This Month

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-3790 MEDIUM This Month

A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware +18
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-43332 MEDIUM PATCH This Month

In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

CSRF Mailman Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-41972 MEDIUM PATCH This Month

Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-43576 MEDIUM This Month

Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Jenkins XXE Pom2Config
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2021-21701 MEDIUM This Month

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Performance
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2021-43331 MEDIUM PATCH This Month

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mailman Debian Linux
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-3786 MEDIUM PATCH This Month

A potential vulnerability in the SMI callback function used in CSME configuration of some Lenovo Notebook and ThinkPad systems could be used to leak out data out of the SMRAM range. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Lenovo Information Disclosure Thinkpad X380 Yoga Firmware Thinkpad X1 Fold Gen 1 Firmware Thinkpad Yoga 260 Firmware +130
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-3720 MEDIUM This Month

An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Legion Phone Pro L79031 Firmware Legion Phone2 Pro L70081 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1924 MEDIUM This Month

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Qualcomm Information Disclosure Apq8009 Firmware Apq8009W Firmware Apq8016 Firmware +314
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-21700 MEDIUM PATCH This Month

Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Scriptler
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-21699 MEDIUM PATCH This Month

Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Active Choices
NVD
CVSS 3.1
5.4
EPSS
88.5%
CVE-2021-3793 MEDIUM This Month

An improper access control vulnerability was reported in some Motorola-branded Binatone Hubble Cameras which could allow an unauthenticated attacker on the same network as the device to access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-3792 MEDIUM This Month

Some device communications in some Motorola-branded Binatone Hubble Cameras with backend Hubble services are not encrypted which could lead to the communication channel being accessible by an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-1903 MEDIUM This Month

Possible denial of service scenario can occur due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Authentication Bypass Aqt1000 Firmware Ar8031 Firmware +204
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-37910 MEDIUM This Month

ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt Axe11000 Firmware Rt Ax3000 Firmware Rt Ax55 Firmware Rt Ax58U Firmware +1
NVD
CVSS 3.1
5.3
EPSS
2.4%
CVE-2021-3789 MEDIUM This Month

An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Halo Camera Firmware Comfort 85 Connect Firmware Mbp3855 Firmware Focus 68 Firmware +17
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2021-3718 MEDIUM This Month

A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Thinkpad 11E 3Rd Gen Firmware Thinkpad 11E 4Th Gen I3 Firmware Thinkpad 11E 4Th Gen I7 Firmware Thinkpad 11E 4Th Gen I5 Firmware +35
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2021-38985 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-38972 MEDIUM PATCH This Month

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy