Total
9615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20871 | 1 Konicaminolta | 160 Bizhub 224e, Bizhub 224e Firmware, Bizhub 226i and 157 more | 2024-11-21 | 2.9 LOW | 6.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/7 ...
Show More |
|||||
| CVE-2021-20869 | 1 Konicaminolta | 160 Bizhub 224e, Bizhub 224e Firmware, Bizhub 226i and 157 more | 2024-11-21 | 2.9 LOW | 6.5 MEDIUM |
|
Exposure of sensitive information to an unauthorized actor vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier, bizhub C287i/C257i/C227i G00-19 and earlier, bizhub 306i/266i/246i/226i G00-B6 and earlier, bizhub C759/C659 GC7-X8 and earlier, bizhub C658/C558/C458 GC7-X8 and earlier, bizhub 958/808/7 ...
Show More |
|||||
| CVE-2021-20832 | 1 Inbody | 1 Inbody | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works with the body composition analyzer InBody Dial. This may allow an attacker who can connect to the InBody Dial with InBody App may obtain a victim's measurement result measured by InBody Dial.
|
|||||
| CVE-2021-20656 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.
|
|||||
| CVE-2021-20594 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R series SIL2 Process CPU modules R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.
|
|||||
| CVE-2021-20585 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398.
|
|||||
| CVE-2021-20582 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Secret Server up to 11.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 199328.
|
|||||
| CVE-2021-20498 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972.
|
|||||
| CVE-2021-20332 | 1 Mongodb | 1 Rust Driver | 2024-11-21 | 2.1 LOW | 4.2 MEDIUM |
|
Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's logging infrastructure could then potentially ingest these events and unexpectedly leak the credentials. Note that such monitoring is not enabled by default. This issue affects MongoDB Rust Driver version 2.0.0-alpha, MongoDB Rust Driver version 2.0.0-alpha1 and MongoDB Rust Driver version 1.0.0 through ...
Show More |
|||||
| CVE-2021-20331 | 1 Mongodb | 1 C\# Driver | 2024-11-21 | 3.5 LOW | 4.2 MEDIUM |
|
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser", and "updateUser" are executed. Without due care, an application may inadvertently expose this authenticated-related information, e.g., by writing it to a log file. This issue only arises if an applicat ...
Show More |
|||||
| CVE-2021-20320 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.
|
|||||
| CVE-2021-20313 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.
|
|||||
| CVE-2021-20281 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
|
|||||
| CVE-2021-20260 | 1 Theforeman | 1 Foreman | 2024-11-21 | N/A | 7.8 HIGH |
|
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
|||||
| CVE-2021-20259 | 1 Theforeman | 1 Foremanfogproxmox | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foreman_fog_proxmox 0.13.1 are affected
|
|||||
| CVE-2021-20256 | 1 Redhat | 1 Satellite | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
|||||
| CVE-2021-20250 | 1 Redhat | 2 Jboss-ejb-client, Jboss Enterprise Application Platform Expansion Pack | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
|
|||||
| CVE-2021-20228 | 2 Debian, Redhat | 4 Debian Linux, Ansible Automation Platform, Ansible Engine and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
|
|||||
| CVE-2021-20019 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
|
|||||
| CVE-2021-20018 | 1 Sonicwall | 2 Sma100, Sma100 Firmware | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier.
|
|||||
| CVE-2021-1562 | 1 Cisco | 1 Broadworks Application Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the a ...
Show More |
|||||
| CVE-2021-1406 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to improper inclusion of sensitive information in downloadable files. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit coul ...
Show More |
|||||
| CVE-2021-1023 | 1 Google | 1 Android | 2024-11-21 | 1.9 LOW | 5.0 MEDIUM |
|
In onCreate of RequestIgnoreBatteryOptimizations.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-195963373
|
|||||
| CVE-2021-0983 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
In createAdminSupportIntent of DevicePolicyManagerService.java, there is a possible disclosure of information about installed device/profile owner package name due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192245204
|
|||||
| CVE-2021-0644 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-181053462
|
|||||
| CVE-2021-0602 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895
|
|||||
| CVE-2021-0291 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP po ...
Show More |
|||||
| CVE-2021-0212 | 1 Juniper | 1 Contrail Networking | 2024-11-21 | 7.2 HIGH | 5.0 MEDIUM |
|
An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31.
|
|||||
| CVE-2021-0210 | 1 Juniper | 1 Junos | 2024-11-21 | 5.0 MEDIUM | 6.8 MEDIUM |
|
An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; ...
Show More |
|||||
| CVE-2020-9849 | 1 Apple | 6 Icloud, Ipados, Itunes and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.
|
|||||
| CVE-2020-9733 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository.
|
|||||
| CVE-2020-9525 | 1 Cs2-network | 1 P2p | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices.
|
|||||
| CVE-2020-9387 | 1 Mahara | 1 Mahara | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
|
In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.
|
|||||
| CVE-2020-9386 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore.
|
|||||
| CVE-2020-9337 | 1 Golfbuddyglobal | 1 Course Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
|
|||||
| CVE-2020-9282 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios.
|
|||||
| CVE-2020-9043 | 1 Wpcentral | 1 Wpcentral | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.
|
|||||
| CVE-2020-8975 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system.
|
|||||
| CVE-2020-8832 | 2 Canonical, Netapp | 60 Ubuntu Linux, Aff 8300, Aff 8300 Firmware and 57 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.
|
|||||
| CVE-2020-8481 | 1 Abb | 1 800xa System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS A ...
Show More |
|||||