Topics

Sort by:
Attacker Value
Moderate

CVE-2021-31166

Disclosure Date: May 11, 2021 (last updated May 23, 2021)
HTTP Protocol Stack Remote Code Execution Vulnerability
Attacker Value
Unknown

CVE-2020-24587

Disclosure Date: May 11, 2021 (last updated May 29, 2021)
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
Attacker Value
Unknown

CVE-2021-3537

Disclosure Date: May 14, 2021 (last updated May 20, 2021)
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
Attacker Value
Moderate

CVE-2021-1499

Disclosure Date: May 05, 2021 (last updated May 18, 2021)
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.
Attacker Value
Very High

CVE-2021-26857

Disclosure Date: March 03, 2021 (last updated March 11, 2021)
Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078.
Attacker Value
Moderate

CVE-2021-26419

Disclosure Date: May 11, 2021 (last updated May 18, 2021)
Scripting Engine Memory Corruption Vulnerability
Attacker Value
Unknown

CVE-2021-1498

Disclosure Date: May 05, 2021 (last updated May 18, 2021)
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Attacker Value
Very High
Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products. The impacted products are: * Secure Mobile Access (SMA) version 10.x running on SMA 200, SMA 210, SMA 400, SMA 410 physical appliances and the SMA 500v virtual appliance
5
Attacker Value
High

CVE-2021-21551

Disclosure Date: May 04, 2021 (last updated May 08, 2021)
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
Attacker Value
Low

CVE-2019-17240

Disclosure Date: October 06, 2019 (last updated September 02, 2020)
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.