CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2021-20499 209 +Info 2021-07-15 2021-09-29
4.0
None Remote Low ??? Partial None None
IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973
552 CVE-2021-20498 200 +Info 2021-07-15 2021-09-29
5.0
None Remote Low Not required Partial None None
IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requets that could be used in further attacks against the system. IBM X-Force ID: 197972.
553 CVE-2021-20486 200 +Info 2021-05-26 2021-06-02
4.0
None Remote Low ??? Partial None None
IBM Cloud Pak for Data 3.0 could allow an authenticated user to obtain sensitive information when installed with additional plugins. IBM X-Force ID: 197668.
554 CVE-2021-20485 209 +Info 2021-09-23 2021-09-29
4.0
None Remote Low ??? Partial None None
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197667.
555 CVE-2021-20478 200 +Info 2021-07-20 2021-07-29
2.1
None Local Low Not required Partial None None
IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497.
556 CVE-2021-20445 522 +Info 2021-02-18 2021-02-22
4.0
None Remote Low ??? Partial None None
IBM Maximo for Civil Infrastructure 7.6.2 could allow a user to obtain sensitive information due to insecure storeage of authentication credentials. IBM X-Force ID: 196621.
557 CVE-2021-20435 295 +Info 2021-09-23 2021-09-29
2.1
None Local Low Not required Partial None None
IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355.
558 CVE-2021-20433 +Info 2021-09-15 2021-09-27
4.0
None Remote Low ??? Partial None None
IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.
559 CVE-2021-20431 613 +Info 2021-07-26 2021-08-04
4.3
None Remote Medium Not required Partial None None
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342.
560 CVE-2021-20430 209 +Info 2021-07-26 2021-08-04
5.0
None Remote Low Not required Partial None None
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341.
561 CVE-2021-20428 209 +Info 2021-05-24 2021-05-25
5.0
None Remote Low Not required Partial None None
IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196315.
562 CVE-2021-20424 209 +Info 2021-07-13 2021-07-14
4.0
None Remote Low ??? Partial None None
IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309.
563 CVE-2021-20422 200 +Info 2021-07-13 2021-07-14
5.0
None Remote Low Not required Partial None None
IBM Cloud Pak for Applications 4.3 could disclose sensitive information to a malicious attacker by accessing data stored in memory. IBM X-Force ID: 196304.
564 CVE-2021-20417 209 +Info 2021-07-07 2021-07-09
4.0
None Remote Low ??? Partial None None
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219
565 CVE-2021-20416 668 +Info 2021-07-07 2021-07-09
5.0
None Remote Low Not required Partial None None
IBM Guardium Data Encryption (GDE) 3.0.0.3 and 4.0.0.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 196218.
566 CVE-2021-20413 209 +Info 2021-06-28 2021-06-29
5.0
None Remote Low Not required Partial None None
IBM Guardium Data Encryption (GDE) 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212.
567 CVE-2021-20409 200 +Info 2021-02-12 2021-02-12
5.0
None Remote Low Not required Partial None None
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188.
568 CVE-2021-20402 209 +Info 2021-02-11 2021-02-12
4.0
None Remote Low ??? Partial None None
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196076.
569 CVE-2021-20393 209 +Info 2021-05-14 2021-05-20
5.0
None Remote Low Not required Partial None None
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001.
570 CVE-2021-20380 +Info 2021-06-03 2021-06-11
5.0
None Remote Low Not required Partial None None
IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 195712.
571 CVE-2021-20377 209 +Info 2021-09-23 2021-09-29
4.0
None Remote Low ??? Partial None None
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195569.
572 CVE-2021-20376 200 +Info 2021-10-07 2021-10-15
4.0
None Remote Low ??? Partial None None
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568.
573 CVE-2021-20371 209 +Info 2021-06-02 2021-06-07
4.0
None Remote Low ??? Partial None None
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516.
574 CVE-2021-20359 532 +Info 2021-02-08 2021-02-10
4.0
None Remote Low ??? Partial None None
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966.
575 CVE-2021-20358 312 +Info 2021-02-08 2021-02-10
4.0
None Remote Low ??? Partial None None
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965.
576 CVE-2021-20331 200 Exec Code +Info 2021-05-13 2021-06-03
3.5
None Remote Medium ??? Partial None None
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser", and "updateUser" are executed. Without due care, an application may inadvertently expose this authenticated-related information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C# Driver 2.12 <= 2.12.1.
577 CVE-2021-20313 200 +Info 2021-05-11 2021-12-03
5.0
None Remote Low Not required Partial None None
A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality.
578 CVE-2021-20281 200 +Info 2021-03-15 2021-03-23
5.0
None Remote Low Not required Partial None None
It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
579 CVE-2021-20259 200 +Info 2021-06-07 2021-06-15
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions before foreman_fog_proxmox 0.13.1 are affected
580 CVE-2021-20256 200 +Info 2021-02-23 2021-02-27
4.6
None Local Low Not required Partial Partial Partial
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
581 CVE-2021-20250 200 +Info 2021-05-13 2021-06-04
4.0
None Remote Low ??? Partial None None
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
582 CVE-2021-20239 200 +Info 2021-05-28 2021-06-02
2.1
None Local Low Not required Partial None None
A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality.
583 CVE-2021-20228 522 +Info 2021-04-29 2021-12-10
5.0
None Remote Low Not required Partial None None
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
584 CVE-2021-20220 444 XSS +Info 2021-02-23 2021-03-01
5.8
None Remote Medium Not required Partial Partial None
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity.
585 CVE-2021-20163 522 +Info 2021-12-30 2022-01-07
4.0
None Remote Low ??? Partial None None
Trendnet AC2600 TEW-827DRU version 2.08B01 leaks information via the ftp web page. Usernames and passwords for all ftp users are revealed in plaintext on the ftpserver.asp page.
586 CVE-2021-20114 200 +Info 2021-07-30 2021-08-02
5.0
None Remote Low Not required Partial None None
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files.
587 CVE-2021-20067 200 +Info 2021-02-16 2021-02-22
5.0
None Remote Low Not required Partial None None
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication.
588 CVE-2021-20049 200 +Info 2021-12-23 2022-01-04
5.0
None Remote Low Not required Partial None None
A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions.
589 CVE-2021-20019 200 +Info 2021-06-23 2021-06-29
5.0
None Remote Low Not required Partial None None
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
590 CVE-2021-4024 200 +Info 2021-12-23 2022-01-07
6.4
None Remote Low Not required Partial None Partial
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
591 CVE-2021-3882 311 +Info 2021-10-14 2021-10-20
4.0
None Remote High Not required Partial Partial None
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authentication data by capturing network traffic. LedgerSMB 1.8 and newer switched from Basic authentication to using cookie authentication with encrypted cookies. Although an attacker can't access the information inside the cookie, nor the password of the user, possession of the cookie is enough to access the application as the user from which the cookie has been obtained. In order for the attacker to obtain the cookie, first of all the server must be configured to respond to unencrypted requests, the attacker must be suitably positioned to eavesdrop on the network traffic between the client and the server *and* the user must be tricked into using unencrypted HTTP traffic. Proper audit control and separation of duties limit Integrity impact of the attack vector. Users of LedgerSMB 1.8 are urged to upgrade to known-fixed versions. Users of LedgerSMB 1.7 or 1.9 are unaffected by this vulnerability and don't need to take action. As a workaround, users may configure their Apache or Nginx reverse proxy to add the Secure attribute at the network boundary instead of relying on LedgerSMB. For Apache, please refer to the 'Header always edit' configuration command in the mod_headers module. For Nginx, please refer to the 'proxy_cookie_flags' configuration command.
592 CVE-2021-3789 326 +Info 2021-11-12 2021-11-16
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages.
593 CVE-2021-3571 119 Overflow +Info 2021-07-09 2021-09-14
5.5
None Remote Low ??? Partial None Partial
A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.
594 CVE-2021-3570 119 Exec Code Overflow +Info 2021-07-09 2021-09-14
8.0
None Remote Low ??? Partial Partial Complete
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
595 CVE-2021-3565 200 +Info 2021-06-04 2021-12-02
4.3
None Remote Medium Not required Partial None None
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
596 CVE-2021-3548 125 Exec Code +Info 2021-05-26 2021-06-04
5.8
None Remote Medium Not required Partial None Partial
A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.
597 CVE-2021-3545 200 +Info 2021-06-02 2021-10-18
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability was found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. The flaw exists in virgl_cmd_get_capset_info() in contrib/vhost-user-gpu/virgl.c and could occur due to the read of uninitialized memory. A malicious guest could exploit this issue to leak memory from the host.
598 CVE-2021-3532 200 +Info 2021-06-09 2021-06-21
4.3
None Remote Medium Not required Partial None None
A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.
599 CVE-2021-3511 863 +Info 2021-04-28 2021-05-12
3.3
None Local Network Low Not required Partial None None
Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to obtain information such as configuration via unspecified vectors.
600 CVE-2021-3507 119 Overflow +Info 2021-05-06 2021-06-01
3.6
None Local Low Not required Partial None Partial
A heap buffer overflow was found in the floppy disk emulator of QEMU up to 6.0.0 (including). It could occur in fdctrl_transfer_handler() in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A privileged guest user could use this flaw to crash the QEMU process on the host resulting in DoS scenario, or potential information leakage from the host memory.
Total number of vulnerabilities : 767   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.