CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-1432 200 +Info 2021-06-21 2021-06-25
5.0
None Remote Low Not required Partial None None
Joomla! Core is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable.
2 CVE-2015-7731 200 +Info 2021-08-09 2021-08-17
2.1
None Local Low Not required Partial None None
SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830.
3 CVE-2017-8761 200 +Info 2021-06-02 2021-06-11
4.0
None Remote Low ??? Partial None None
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
4 CVE-2017-20007 +Info 2021-10-25 2021-10-28
5.0
None Remote Low Not required Partial None None
Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the deviceĀ“s web service could exploit this vulnerability in order to obtain different configuration files.
5 CVE-2018-6125 +Info 2021-11-02 2021-11-04
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in USB in Google Chrome on Windows prior to 67.0.3396.62 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.
6 CVE-2018-10195 190 +Info 2021-06-02 2021-06-11
3.6
None Local Low Not required Partial None Partial
lrzsz before version 0.12.21~rc can leak information to the receiving side due to an incorrect length check in the function zsdata that causes a size_t to wrap around.
7 CVE-2018-16060 425 +Info 2021-10-15 2021-10-21
5.0
None Remote Low Not required Partial None None
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
8 CVE-2018-25022 200 +Info 2021-12-13 2021-12-16
4.3
None Remote Medium Not required Partial None None
The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.
9 CVE-2019-4471 311 +Info 2021-06-01 2021-12-01
4.0
None Remote Low ??? Partial None None
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 163780.
10 CVE-2019-4722 755 +Info 2021-06-01 2021-12-01
4.0
None Remote Low ??? Partial None None
IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. IBM X-Force ID: 172128.
11 CVE-2019-5640 200 +Info 2021-11-22 2021-11-23
5.0
None Remote Low Not required Partial None None
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
12 CVE-2019-9475 668 Bypass +Info 2021-06-11 2021-06-15
2.1
None Local Low Not required Partial None None
In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886
13 CVE-2019-25052 327 +Info 2021-08-11 2021-08-19
6.4
None Remote Low Not required Partial None Partial
In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
14 CVE-2020-1779 200 +Info 2021-02-08 2021-10-19
4.0
None Remote Low ??? Partial None None
When dynamic templates are used (OTRSTicketForms), admin can use OTRS tags which are not masked properly and can reveal sensitive information. This issue affects: OTRS AG OTRSTicketForms 6.0.x version 6.0.40 and prior versions; 7.0.x version 7.0.29 and prior versions; 8.0.x version 8.0.3 and prior versions.
15 CVE-2020-1926 200 +Info 2021-03-16 2021-03-22
4.3
None Remote Medium Not required Partial None None
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8
16 CVE-2020-3687 200 +Info 2021-01-21 2021-01-29
2.1
None Local Low Not required Partial None None
Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue.
17 CVE-2020-4079 200 +Info 2021-01-12 2021-01-14
4.0
None Remote Low ??? Partial None None
Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 2.8.0, when the ajax endpoint for the "excel export" portal functionality is called directly it allows getting data without scope filtering. This allows a user to access data they which they should not have access to. This is fixed in versions 2.7.2 and 3.0.0.
18 CVE-2020-4146 200 +Info 2021-11-12 2021-11-16
5.0
None Remote Low Not required Partial None None
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.
19 CVE-2020-4160 668 +Info 2021-11-08 2021-11-09
4.3
None Remote Medium Not required Partial None None
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340.
20 CVE-2020-4336 200 +Info 2021-01-06 2021-01-11
5.0
None Remote Low Not required Partial None None
IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 177932.
21 CVE-2020-4487 209 +Info 2021-01-08 2021-01-11
4.0
None Remote Low ??? Partial None None
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862.
22 CVE-2020-4536 209 +Info 2021-05-11 2021-05-13
4.0
None Remote Low ??? Partial None None
IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182907.
23 CVE-2020-4544 209 +Info 2021-01-08 2021-01-11
4.0
None Remote Low ??? Partial None None
IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189.
24 CVE-2020-4562 200 +Info 2021-04-26 2021-04-30
5.0
None Remote Low Not required Partial None None
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information by allowing cross-window communication with unrestricted target origin via documentation frames.
25 CVE-2020-4599 209 +Info 2021-01-13 2021-01-15
5.0
None Remote Low Not required Partial None None
IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184824.
26 CVE-2020-4600 209 +Info 2021-01-13 2021-01-15
5.0
None Remote Low Not required Partial None None
IBM Security Guardium Insights 2.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184832.
27 CVE-2020-4628 209 +Info 2021-01-27 2021-01-29
5.0
None Remote Low Not required Partial None None
IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 185369.
28 CVE-2020-4640 200 +Info 2021-02-04 2021-02-04
3.8
None Local Network Medium ??? Partial Partial None
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make use of this information to perform attacks by impersonating a user. IBM X-Force ID: 185510.
29 CVE-2020-4654 863 +Info 2021-10-08 2021-10-15
4.0
None Remote Low ??? Partial None None
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.
30 CVE-2020-4667 20 +Info 2021-01-08 2021-01-11
4.0
None Remote Low ??? Partial None None
IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282.
31 CVE-2020-4732 200 +Info 2021-06-02 2021-06-07
4.0
None Remote Low ??? Partial None None
IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to obtain sensitive information due to lack of security restrictions. IBM X-Force ID: 188126.
32 CVE-2020-4761 209 +Info 2021-01-05 2021-01-08
5.0
None Remote Low Not required Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 188895.
33 CVE-2020-4791 200 +Info 2021-02-09 2021-07-21
1.8
None Local Network High Not required Partial None None
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379.
34 CVE-2020-4795 200 +Info 2021-02-09 2021-07-21
6.4
None Remote Low Not required Partial Partial None
IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information to an unauthorized user using a specially crafted HTTP request. IBM X-Force ID: 189446.
35 CVE-2020-4815 200 +Info 2021-01-27 2021-01-29
5.0
None Remote Low Not required Partial None None
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to obtain sensitive information from HTTP response headers that could be used in further attacks against the system.
36 CVE-2020-4816 200 +Info 2021-01-27 2021-07-21
4.3
None Remote Medium Not required Partial None None
IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 189703.
37 CVE-2020-4832 200 +Info 2021-02-05 2021-07-21
2.1
None Local Low Not required Partial None None
IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.
38 CVE-2020-4850 116 +Info 2021-05-20 2021-05-25
5.0
None Remote Low Not required Partial None None
IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 190298.
39 CVE-2020-4871 200 +Info 2021-01-19 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Planning Analytics 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 190834.
40 CVE-2020-4873 200 +Info 2021-01-19 2021-07-21
5.0
None Remote Low Not required Partial None None
IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 190836.
41 CVE-2020-4881 346 +Info 2021-01-19 2021-01-22
5.0
None Remote Low Not required Partial None None
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the lack of server hostname verification for SSL/TLS communication. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 190851.
42 CVE-2020-4897 209 +Info 2021-01-07 2021-01-13
5.0
None Remote Low Not required Partial None None
IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988.
43 CVE-2020-4899 319 +Info 2021-01-05 2021-01-07
6.4
None Remote Low Not required Partial Partial None
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.
44 CVE-2020-4901 DoS +Info 2021-05-07 2021-05-11
6.4
None Remote Low Not required Partial None Partial
IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.
45 CVE-2020-4903 +Info 2021-03-08 2021-03-12
6.4
None Remote Low Not required Partial Partial None
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
46 CVE-2020-4951 200 +Info 2021-10-15 2021-11-17
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
47 CVE-2020-4953 200 +Info 2021-02-23 2021-02-26
4.0
None Remote Low ??? Partial None None
IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.
48 CVE-2020-4967 200 +Info 2021-01-27 2021-01-29
4.0
None Remote Low ??? Partial None None
IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.
49 CVE-2020-4969 319 +Info 2021-01-21 2021-01-28
4.3
None Remote Medium Not required Partial None None
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
50 CVE-2020-4985 200 +Info 2021-05-14 2021-05-20
5.0
None Remote Low Not required Partial None None
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.
Total number of vulnerabilities : 767   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.