CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2021(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-27583 200 +Info 2021-02-23 2021-03-01
5.0
None Remote Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
2 CVE-2021-26953 908 +Info 2021-02-09 2021-02-16
5.0
None Remote Low Not required Partial None None
An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation.
3 CVE-2021-26952 908 +Info 2021-02-09 2021-02-12
5.0
None Remote Low Not required Partial None None
An issue was discovered in the ms3d crate before 0.1.3 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via IoReader::read.
4 CVE-2021-26939 200 +Info 2021-02-10 2021-02-18
5.0
None Remote Low Not required Partial None None
** DISPUTED ** An information disclosure issue exists in henriquedornas 5.2.17 because an attacker can dump phpMyAdmin SQL content. NOTE: third parties report that this is a site-specific problem.
5 CVE-2021-26822 89 Exec Code Sql +Info 2021-02-15 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
6 CVE-2021-26686 89 Sql +Info 2021-02-23 2021-02-26
5.5
None Remote Low ??? Partial Partial None
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.
7 CVE-2021-26685 78 Sql +Info 2021-02-23 2021-02-27
5.5
None Remote Low ??? Partial Partial None
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.
8 CVE-2021-26676 +Info 2021-02-09 2021-07-12
3.3
None Local Network Low Not required Partial None None
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
9 CVE-2021-26593 200 +Info 2021-02-23 2021-03-01
5.0
None Remote Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
10 CVE-2021-26566 200 Exec Code +Info 2021-02-26 2021-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
11 CVE-2021-26565 319 +Info 2021-02-26 2021-04-22
4.3
None Remote Medium Not required Partial None None
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
12 CVE-2021-25771 200 +Info 2021-02-03 2021-02-04
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
13 CVE-2021-25767 200 Exec Code +Info 2021-02-03 2021-02-05
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
14 CVE-2021-25760 200 +Info 2021-02-03 2021-02-04
5.0
None Remote Low Not required Partial None None
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
15 CVE-2021-25249 787 Exec Code +Info 2021-02-04 2021-02-05
7.2
None Local Low Not required Complete Complete Complete
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
16 CVE-2021-25248 125 Exec Code +Info 2021-02-04 2021-02-05
2.1
None Local Low Not required Partial None None
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
17 CVE-2021-25243 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
18 CVE-2021-25242 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
19 CVE-2021-25240 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
20 CVE-2021-25239 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
21 CVE-2021-25238 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
22 CVE-2021-25237 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.
23 CVE-2021-25235 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.
24 CVE-2021-25234 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
25 CVE-2021-25233 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
26 CVE-2021-25232 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.
27 CVE-2021-25231 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
28 CVE-2021-25230 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.
29 CVE-2021-25229 863 +Info 2021-02-04 2021-02-08
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
30 CVE-2021-25228 863 +Info 2021-02-04 2021-02-08
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
31 CVE-2021-24114 200 +Info 2021-02-25 2021-03-03
3.5
None Remote Medium ??? Partial None None
Microsoft Teams iOS Information Disclosure Vulnerability
32 CVE-2021-24106 200 +Info 2021-02-25 2021-03-03
2.1
None Local Low Not required Partial None None
Windows DirectX Information Disclosure Vulnerability
33 CVE-2021-24101 200 +Info 2021-02-25 2021-03-04
4.0
None Remote Low ??? Partial None None
Microsoft Dataverse Information Disclosure Vulnerability
34 CVE-2021-24100 200 +Info 2021-02-25 2021-03-04
2.6
None Remote High Not required Partial None None
Microsoft Edge for Android Information Disclosure Vulnerability
35 CVE-2021-24084 200 +Info 2021-02-25 2021-03-04
4.9
None Local Low Not required Complete None None
Windows Mobile Device Management Information Disclosure Vulnerability
36 CVE-2021-24079 200 +Info 2021-02-25 2021-03-04
2.1
None Local Low Not required Partial None None
Windows Backup Engine Information Disclosure Vulnerability
37 CVE-2021-24076 200 +Info 2021-02-25 2021-03-04
2.1
None Local Low Not required Partial None None
Microsoft Windows VMSwitch Information Disclosure Vulnerability
38 CVE-2021-24071 200 +Info 2021-02-25 2021-03-03
4.0
None Remote Low ??? Partial None None
Microsoft SharePoint Information Disclosure Vulnerability
39 CVE-2021-23968 209 +Info 2021-02-26 2021-05-01
4.3
None Remote Medium Not required Partial None None
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
40 CVE-2021-23958 668 +Info 2021-02-26 2021-03-03
4.3
None Remote Medium Not required Partial None None
The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.
41 CVE-2021-23953 +Info 2021-02-26 2021-03-03
4.3
None Remote Medium Not required Partial None None
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
42 CVE-2021-22853 269 +Info 2021-02-17 2021-02-24
5.5
None Remote Low ??? Partial None Partial
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.
43 CVE-2021-22300 312 +Info 2021-02-06 2021-02-10
1.9
None Local Medium Not required Partial None None
There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.
44 CVE-2021-22293 444 +Info 2021-02-06 2021-02-10
5.0
None Remote Low Not required Partial None None
Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1, 6.5.1RC2, 8.0.RC2. Affected product versions include: Taurus-AL00A versions 10.0.0.1(C00E1R1P1).
45 CVE-2021-22133 532 +Info 2021-02-10 2021-02-16
2.7
None Local Network Low ??? Partial None None
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.
46 CVE-2021-21621 200 +Info 2021-02-24 2021-02-27
5.0
None Remote Low Not required Partial None None
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
47 CVE-2021-21512 200 +Info 2021-02-19 2021-02-25
3.6
None Local Low Not required Partial Partial None
Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account.
48 CVE-2021-21435 200 +Info 2021-02-08 2021-02-09
4.3
None Remote Medium Not required Partial None None
Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions.
49 CVE-2021-21323 200 Bypass +Info 2021-02-23 2021-03-01
4.3
None Remote Medium Not required Partial None None
Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108
50 CVE-2021-21301 200 +Info 2021-02-11 2021-04-20
4.3
None Remote Medium Not required Partial None None
Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.
Total number of vulnerabilities : 100   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.