CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2021-21376 200 +Info 2021-03-23 2021-03-27
5.0
None Remote Low Not required Partial None None
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information exposure vulnerability. Some additional information being loaded is not used by the webclient and is being removed in this release. This is fixed in version 5.9.0.
502 CVE-2021-21364 200 +Info 2021-03-11 2021-03-19
2.1
None Local Low Not required Partial None None
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix-Like systems, the system temporary directory is shared between all local users. When files/directories are created, the default `umask` settings for the process are respected. As a result, by default, most processes/apis will create files/directories with the permissions `-rw-r--r--` and `drwxr-xr-x` respectively, unless an API that explicitly sets safe file permissions is used. Because this vulnerability impacts generated code, the generated code will remain vulnerable until fixed manually! This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21363.
503 CVE-2021-21360 200 +Info 2021-03-09 2022-01-01
5.0
None Remote Low Not required Partial None None
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic Setup Tool. The problem has been fixed in version 2.1.1. Depending on how you have installed Products.GenericSetup, you should change the buildout version pin to 2.1.1 and re-run the buildout, or if you used pip simply do pip install `"Products.GenericSetup>=2.1.1"`.
504 CVE-2021-21336 200 +Info 2021-03-08 2021-05-22
4.0
None Remote Low ??? Partial None None
Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install "Products.PluggableAuthService>=2.6.0"`.
505 CVE-2021-21323 200 Bypass +Info 2021-02-23 2021-03-01
4.3
None Remote Medium Not required Partial None None
Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108
506 CVE-2021-21301 200 +Info 2021-02-11 2021-04-20
4.3
None Remote Medium Not required Partial None None
Wire is an open-source collaboration platform. In Wire for iOS (iPhone and iPad) before version 3.75 there is a vulnerability where the video capture isn't stopped in a scenario where a user first has their camera enabled and then disables it. It's a privacy issue because video is streamed to the call when the user believes it is disabled. It impacts all users in video calls. This is fixed in version 3.75.
507 CVE-2021-21219 200 +Info 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
508 CVE-2021-21218 908 +Info 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
509 CVE-2021-21217 200 +Info 2021-04-26 2021-06-01
4.3
None Remote Medium Not required Partial None None
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
510 CVE-2021-21190 908 +Info 2021-03-09 2021-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Uninitialized data in PDFium in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file.
511 CVE-2021-21185 +Info 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in extensions in Google Chrome prior to 89.0.4389.72 allowed an attacker who convinced a user to install a malicious extension to obtain sensitive information via a crafted Chrome Extension.
512 CVE-2021-21181 203 +Info 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
513 CVE-2021-21177 287 +Info 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
514 CVE-2021-21173 203 +Info 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
515 CVE-2021-21168 +Info 2021-03-09 2021-12-03
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in appcache in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
516 CVE-2021-21137 200 +Info 2021-02-09 2021-03-15
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.
517 CVE-2021-20993 200 +Info 2021-05-13 2021-05-20
5.0
None Remote Low Not required Partial None None
In multiple managed switches by WAGO in different versions the activated directory listing provides an attacker with the index of the resources located inside the directory.
518 CVE-2021-20876 22 Dir. Trav. +Info 2021-12-24 2022-01-10
4.0
None Remote Low ??? Partial None None
Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an administrative privilege to obtain sensitive information stored in the hierarchy above the directory on the published site's server via unspecified vectors.
519 CVE-2021-20874 732 +Info 2021-12-24 2022-01-10
5.0
None Remote Low Not required Partial None None
Incorrect permission assignment for critical resource vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to access arbitrary files on the server and obtain sensitive information via unspecified vectors.
520 CVE-2021-20866 862 +Info 2021-12-13 2021-12-15
4.0
None Remote Low ??? Partial None None
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5.11 contain a missing authorization vulnerability in obtaining the user list which may allow a user to obtain the unauthorized information via unspecified vectors.
521 CVE-2021-20844 116 +Info 2021-11-24 2021-11-30
3.5
None Remote Medium ??? Partial None None
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
522 CVE-2021-20832 668 +Info 2021-10-13 2021-10-19
4.3
None Remote Medium Not required Partial None None
InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works with the body composition analyzer InBody Dial. This may allow an attacker who can connect to the InBody Dial with InBody App may obtain a victim's measurement result measured by InBody Dial.
523 CVE-2021-20801 611 +Info 2021-10-13 2021-10-19
4.0
None Remote Low ??? Partial None None
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.
524 CVE-2021-20797 79 XSS +Info 2021-10-13 2021-10-19
3.5
None Remote Medium ??? None Partial None
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.
525 CVE-2021-20788 918 +Info 2021-07-30 2021-08-06
4.0
None Remote Low ??? Partial None None
Server-side request forgery (SSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote authenticated attacker to conduct a port scan from the product and/or obtain information from the internal Web server.
526 CVE-2021-20778 Bypass +Info 2021-07-01 2021-07-08
5.0
None Remote Low Not required Partial None None
Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors.
527 CVE-2021-20772 200 +Info 2021-08-18 2021-08-24
4.0
None Remote Low ??? Partial None None
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
528 CVE-2021-20738 +Info 2021-07-07 2021-07-14
3.3
None Local Network Low Not required Partial None None
WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.
529 CVE-2021-20736 74 Sql +Info 2021-06-22 2021-07-01
6.4
None Remote Low Not required Partial Partial None
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
530 CVE-2021-20730 +Info 2021-06-09 2021-06-17
3.3
None Local Network Low Not required Partial None None
Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors.
531 CVE-2021-20720 89 Exec Code Sql +Info 2021-05-20 2021-05-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the KonaWiki2 versions prior to 2.2.4 allows remote attackers to execute arbitrary SQL commands and to obtain/alter the information stored in the database via unspecified vectors.
532 CVE-2021-20713 269 +Priv +Info 2021-05-24 2021-06-03
4.6
None Local Low Not required Partial Partial Partial
Privilege escalation vulnerability in QND Advance/Premium/Standard Ver.11.0.4i and earlier allows an attacker who can log in to the PC where the product's Windows client is installed to gain administrative privileges via unspecified vectors. As a result, sensitive information may be altered/obtained or unintended operations may be performed.
533 CVE-2021-20657 863 +Info 2021-02-24 2021-03-01
5.5
None Remote Low ??? Partial Partial None
Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.
534 CVE-2021-20656 200 +Info 2021-02-24 2021-03-01
4.0
None Remote Low ??? Partial None None
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.
535 CVE-2021-20618 269 +Priv Bypass +Info 2021-01-14 2021-01-26
10.0
None Remote Low Not required Complete Complete Complete
Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.
536 CVE-2021-20617 269 Exec Code +Priv +Info 2021-01-14 2021-01-26
10.0
None Remote Low Not required Complete Complete Complete
Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.
537 CVE-2021-20597 522 +Info 2021-08-06 2021-08-27
6.4
None Remote Low Not required Partial Partial None
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to login to the target unauthorizedly by sniffing network traffic and obtaining credentials when registering user information in the target or changing a password.
538 CVE-2021-20594 200 +Info 2021-08-06 2021-08-27
5.0
None Remote Low Not required Partial None None
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to acquire legitimate user names registered in the module via brute-force attack on user names.
539 CVE-2021-20585 200 +Info 2021-06-01 2021-06-04
5.0
None Remote Low Not required Partial None None
IBM Security Verify Access 20.07 could disclose sensitive information in HTTP server headers that could be used in further attacks against the system. IBM X-Force ID: 199398.
540 CVE-2021-20579 200 +Info 2021-06-24 2021-09-20
3.5
None Remote Medium ??? Partial None None
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.
541 CVE-2021-20567 311 +Info 2021-06-16 2021-06-21
2.1
None Local Low Not required Partial None None
IBM Resilient SOAR V38.0 could allow a local privileged attacker to obtain sensitive information due to improper or nonexisting encryption.IBM X-Force ID: 199239.
542 CVE-2021-20564 200 +Info 2021-05-14 2021-05-20
4.3
None Remote Medium Not required Partial None None
IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, and 1.6.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 199235.
543 CVE-2021-20563 200 +Info 2021-09-23 2021-09-29
4.0
None Remote Low ??? Partial None None
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote authenciated user to obtain sensitive information. By sending a specially crafted request, the user could disclose a valid filepath on the server which could be used in further attacks against the system. IBM X-Force ID: 199234.
544 CVE-2021-20552 209 +Info 2021-10-07 2021-10-15
4.0
None Remote Low ??? Partial None None
IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199170.
545 CVE-2021-20538 863 +Info 2021-05-10 2021-05-14
6.4
None Remote Low Not required Partial Partial None
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
546 CVE-2021-20534 601 +Info 2021-07-15 2021-09-29
4.9
None Remote Medium ??? Partial Partial None
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 198814
547 CVE-2021-20529 200 +Info 2021-05-19 2021-05-25
5.0
None Remote Low Not required Partial None None
IBM Control Center 6.2.0.0 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 198763.
548 CVE-2021-20526 732 +Info 2021-10-27 2021-10-29
5.0
None Remote Low Not required Partial None None
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 198755.
549 CVE-2021-20523 209 +Info 2021-07-15 2021-09-29
4.0
None Remote Low ??? Partial None None
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660
550 CVE-2021-20508 209 +Info 2021-09-14 2021-09-24
4.0
None Remote Low ??? Partial None None
IBM Security Secret Server up to 11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199322.
Total number of vulnerabilities : 767   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.