Skip to main content
CVE-2021-33091 HIGH This Week

Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Audio Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33090 HIGH This Week

Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc Hdmi Firmware Update Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33089 HIGH This Week

Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc Hdmi Firmware Update Tool
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-33088 HIGH This Week

Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0121 HIGH This Week

Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Iris Xe Max Dedicated Graphics
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-0096 HIGH PATCH This Week

Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Intel Privilege Escalation Authentication Bypass Nuc7I3Dn Firmware Nuc7I5Dn Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-3939 HIGH This Week

Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Debian Ubuntu Information Disclosure Accountsservice Ubuntu Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-0013 HIGH This Week

Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Endpoint Management Assistant
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-40745 HIGH This Week

Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Traversal vulnerability that could lead to reading arbitrary server files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Adobe Campaign
NVD
CVSS 3.1
7.5
EPSS
3.6%
CVE-2021-35528 HIGH This Week

Improper Access Control vulnerability in the application authentication and authorization of Hitachi Energy Retail Operations, Counterparty Settlement and Billing (CSB) allows an attacker to execute. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Java Authentication Bypass Counterparty Settlements And Billing Retail Operations
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-0146 MEDIUM This Month

Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Privilege Escalation Pentium J6426 Firmware Pentium J4205 Firmware Pentium J3710 Firmware +69
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2021-33059 MEDIUM This Month

Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Administrative Tools For Intel Network Adapters
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0200 MEDIUM This Month

Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation Intel Memory Corruption Ethernet Controller V710 At2 Firmware +10
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0186 MEDIUM This Month

Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Sgx Sdk Xeon Gold 6342 Firmware Xeon Gold 6346 Firmware +180
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2021-0158 MEDIUM This Month

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Celeron N2840 Intel Xeon E3 1220 V6 Xeon E3 1225 V6 Xeon E3 1230 V6 +481
NVD
CVSS 3.1
6.7
EPSS
3.0%
CVE-2021-0157 MEDIUM This Month

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Celeron N2840 Intel Xeon E3 1220 V6 Xeon E3 1225 V6 Xeon E3 1230 V6 +481
NVD
CVSS 3.1
6.7
EPSS
3.1%
CVE-2021-0135 MEDIUM This Month

Improper input validation in the Intel(R) Ethernet Diagnostic Driver for Windows before version 1.4.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Intel Ethernet Diagnostic Driver
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-33097 MEDIUM This Month

Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Intel Privilege Escalation Crypto Api Toolkit For Intel Sgx
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2021-0079 MEDIUM This Month

Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Intel Ax210 Firmware Ax201 Firmware +13
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0069 MEDIUM This Month

Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Intel Ax210 Firmware Ax201 Firmware +14
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0063 MEDIUM This Month

Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service Intel Ax210 Firmware Ax201 Firmware +13
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-42250 MEDIUM PATCH This Month

Improper output neutralization for Logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Code Injection Superset
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-43337 MEDIUM PATCH This Month

SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Slurm Fedora
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-0182 MEDIUM This Month

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Intel Denial Of Service Information Disclosure Hardware Accelerated Execution Manager
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-29861 MEDIUM This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-29860 MEDIUM This Month

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Vios Aix
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2021-43977 MEDIUM This Month

SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smartermail
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-0053 MEDIUM This Month

Improper initialization in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Information Disclosure Ax210 Firmware Ax201 Firmware +13
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2021-33098 MEDIUM This Month

Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Ethernet 500 Series Controllers Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-33073 MEDIUM This Month

Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Distribution Of Openvino Toolkit
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0152 MEDIUM This Month

Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Intel Jwt Attack Ax210 Firmware +14
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0120 MEDIUM PATCH This Month

Improper initialization in the installer for some Intel(R) Graphics DCH Drivers for Windows 10 before version 27.20.100.9316 may allow an authenticated user to potentially enable denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Intel Graphics Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0110 MEDIUM This Month

Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Intel Thunderbolt Dch Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-0075 MEDIUM This Month

Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow a privileged user to potentially enable denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Memory Corruption Intel Denial Of Service +16
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-33087 MEDIUM This Month

Improper authentication in the installer for the Intel(R) NUC M15 Laptop Kit Management Engine driver pack before version 15.0.10.1508 may allow an authenticated user to potentially enable denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Authentication Bypass Nuc M15 Laptop Kit Management Engine Driver Pack
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-33086 MEDIUM This Month

Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Intel Memory Corruption Nuc M15 Laptop Kit Lapbc510 Firmware +102
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-38959 MEDIUM This Month

IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Microsoft Memory Corruption Denial Of Service +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-41165 MEDIUM PATCH This Month

CKEditor4 is an open source WYSIWYG HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal Agile Product Lifecycle Management Application Express +5
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-43551 MEDIUM This Month

A remote attacker with write access to PI Vision could inject code into a display. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft XSS Information Disclosure Pi Vision
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-41164 MEDIUM PATCH This Month

CKEditor4 is an open source WYSIWYG HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal Banking Apis Banking Digital Experience +6
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-24834 MEDIUM PATCH This Month

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Yop Poll
NVD WPScan
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-24833 MEDIUM PATCH This Month

The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Yop Poll
NVD WPScan
CVSS 3.1
5.4
EPSS
1.1%
CVE-2021-43979 MEDIUM PATCH This Month

Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Authentication Bypass Gatekeeper
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-41190 MEDIUM PATCH This Month

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Information Disclosure Open Container Initiative Distribution Specification Open Container Initiative Image Format Specification Fedora
NVD GitHub
CVSS 3.1
5.0
EPSS
2.1%
CVE-2021-42361 MEDIUM PATCH This Month

The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP Contact Form Email
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-43976 MEDIUM PATCH This Month

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Linux Denial Of Service Linux Kernel Fedora Debian Linux +12
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2021-0199 MEDIUM This Month

Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Ethernet Network Controller E810 Xxvam2 Firmware Ethernet Network Controller E810 Cam1 Firmware Ethernet Network Controller E810 Cam2 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0198 MEDIUM This Month

Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Ethernet Network Controller E810 Xxvam2 Firmware Ethernet Network Controller E810 Cam1 Firmware Ethernet Network Controller E810 Cam2 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0197 MEDIUM This Month

Protection mechanism failure in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to enable a denial of service via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Denial Of Service Ethernet Network Controller E810 Xxvam2 Firmware Ethernet Network Controller E810 Cam1 Firmware Ethernet Network Controller E810 Cam2 Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2021-0148 MEDIUM This Month

Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Information Disclosure Ssd Dc D4512 Firmware Ssd Dc P4510 U 2 Firmware Ssd Dc P4510 Edsff Firmware +15
NVD
CVSS 3.1
4.4
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy