Skip to main content
CVE-2021-43495 HIGH POC This Week

AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Alquist
NVD GitHub
CVSS 3.1
7.5
EPSS
9.1%
CVE-2021-43620 HIGH POC PATCH This Week

An issue was discovered in the fruity crate through 0.2.0 for Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fruity
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-43618 HIGH POC PATCH This Week

GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Integer Overflow Gmp Debian Linux Active Iq Unified Manager +5
NVD
CVSS 3.1
7.5
EPSS
3.4%
CVE-2021-41263 HIGH PATCH This Week

rails_multisite provides multi-db support for Rails applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Rails Multisite
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-34992 HIGH PATCH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE C1 Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-34991 HIGH This Week

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Stack Overflow RCE Ex3700 Firmware +43
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2021-42839 HIGH This Week

Grand Vice info Co. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Webopac
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2021-42706 HIGH This Week

This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Webaccess Hmi Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-38984 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-38983 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-38979 HIGH PATCH This Week

IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium Key Lifecycle Manager Security Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-42386 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-42385 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-42384 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-42383 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.1%
CVE-2021-42382 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-42381 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-42380 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.8%
CVE-2021-42379 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.6%
CVE-2021-42378 HIGH This Week

A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service RCE Memory Corruption Busybox +1
NVD
CVSS 3.1
7.2
EPSS
2.5%
CVE-2021-41244 HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Information Disclosure
NVD GitHub
CVSS 3.1
7.2
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy