CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7201 CVE-2021-26313 668 Exec Code Bypass 2021-06-09 2021-10-13
2.1
None Local Low Not required Partial None None
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
7202 CVE-2021-26314 668 2021-06-09 2021-06-17
2.1
None Local Low Not required Partial None None
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
7203 CVE-2021-26320 295 DoS 2021-11-16 2021-11-18
2.1
None Local Low Not required None None Partial
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
7204 CVE-2021-26325 20 DoS 2021-11-16 2021-11-19
2.1
None Local Low Not required None None Partial
Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.
7205 CVE-2021-26327 668 2021-11-16 2021-11-19
2.1
None Local Low Not required Partial None None
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.
7206 CVE-2021-26329 190 Overflow 2021-11-16 2021-11-18
2.1
None Local Low Not required None None Partial
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
7207 CVE-2021-26330 787 Overflow 2021-11-16 2021-11-19
2.1
None Local Low Not required None None Partial
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
7208 CVE-2021-26337 2021-11-16 2021-11-19
2.1
None Local Low Not required Partial None None
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
7209 CVE-2021-26413 2021-04-13 2021-04-20
2.1
None Local Low Not required None Partial None
Windows Installer Spoofing Vulnerability
7210 CVE-2021-26417 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows Overlay Filter Information Disclosure Vulnerability
7211 CVE-2021-26428 2021-08-12 2021-08-18
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability
7212 CVE-2021-26430 DoS 2021-08-12 2021-08-27
2.1
None Local Low Not required None None Partial
Azure Sphere Denial of Service Vulnerability
7213 CVE-2021-26550 312 2021-02-09 2021-02-11
2.1
None Local Low Not required Partial None None
An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
7214 CVE-2021-26563 863 Exec Code 2021-02-26 2021-06-18
2.1
None Local Low Not required Partial None None
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
7215 CVE-2021-26579 312 2021-03-30 2021-04-02
2.1
None Local Low Not required Partial None None
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys.
7216 CVE-2021-26585 668 2021-06-24 2021-06-30
2.1
None Local Low Not required Partial None None
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.
7217 CVE-2021-26718 863 Bypass 2021-04-01 2021-04-07
2.1
None Local Low Not required None Partial None
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.
7218 CVE-2021-26869 200 +Info 2021-03-11 2021-03-15
2.1
None Local Low Not required Partial None None
Windows ActiveX Installer Service Information Disclosure Vulnerability
7219 CVE-2021-26884 200 +Info 2021-03-11 2021-03-13
2.1
None Local Low Not required Partial None None
Windows Media Photo Codec Information Disclosure Vulnerability
7220 CVE-2021-26892 Bypass 2021-03-11 2021-03-23
2.1
None Local Low Not required None None Partial
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
7221 CVE-2021-26917 2021-02-08 2021-02-16
2.1
None Local Low Not required Partial None None
** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker.
7222 CVE-2021-26933 Bypass 2021-02-17 2021-04-11
2.1
None Local Low Not required Partial None None
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.
7223 CVE-2021-26988 862 2021-03-04 2021-03-18
2.7
None Local Network Low ??? Partial None None
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.
7224 CVE-2021-27001 668 2021-10-19 2021-10-22
2.1
None Local Low Not required None Partial None
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.
7225 CVE-2021-27006 269 2021-12-23 2022-01-04
2.1
None Local Low Not required None Partial None
StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System Manager.
7226 CVE-2021-27026 532 2021-11-18 2021-11-22
2.1
None Local Low Not required Partial None None
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
7227 CVE-2021-27075 2021-03-11 2021-03-23
2.7
None Local Network Low ??? Partial None None
Azure Virtual Machine Information Disclosure Vulnerability
7228 CVE-2021-27093 200 +Info 2021-04-13 2021-04-16
2.1
None Local Low Not required Partial None None
Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28309.
7229 CVE-2021-27094 Bypass 2021-04-13 2021-09-14
2.1
None Local Low Not required None Partial None
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-28447.
7230 CVE-2021-27204 312 2021-02-12 2021-09-08
2.1
None Local Low Not required Partial None None
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
7231 CVE-2021-27205 312 2021-02-12 2021-09-08
2.1
None Local Low Not required Partial None None
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.
7232 CVE-2021-27244 125 Exec Code +Info 2021-03-29 2021-04-27
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11925.
7233 CVE-2021-27260 125 Exec Code +Info 2021-04-14 2021-04-23
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12068.
7234 CVE-2021-27481 798 2021-06-16 2021-06-22
2.1
None Local Low Not required Partial None None
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.
7235 CVE-2021-27487 312 2021-06-16 2021-06-22
2.1
None Local Low Not required Partial None None
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.
7236 CVE-2021-27904 2021-03-02 2021-03-08
2.1
None Local Low Not required Partial None None
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
7237 CVE-2021-27908 732 2021-03-23 2021-03-27
2.1
None Local Low Not required Partial None None
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
7238 CVE-2021-27941 863 2021-05-06 2021-05-14
2.1
None Local Low Not required Partial None None
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process.
7239 CVE-2021-28039 400 2021-03-05 2021-04-09
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.
7240 CVE-2021-28100 2021-03-23 2021-03-26
2.1
None Local Low Not required Partial None None
Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process.
7241 CVE-2021-28150 20 2021-05-06 2021-05-13
2.1
None Local Low Not required Partial None None
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
7242 CVE-2021-28168 732 2021-04-22 2021-06-17
2.1
None Local Low Not required Partial None None
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
7243 CVE-2021-28309 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093.
7244 CVE-2021-28316 Bypass 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
7245 CVE-2021-28317 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Microsoft Windows Codecs Library Information Disclosure Vulnerability
7246 CVE-2021-28318 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows GDI+ Information Disclosure Vulnerability
7247 CVE-2021-28435 2021-04-13 2021-04-16
2.1
None Local Low Not required Partial None None
Windows Event Tracing Information Disclosure Vulnerability
7248 CVE-2021-28437 2021-04-13 2021-04-19
2.1
None Local Low Not required Partial None None
Windows Installer Information Disclosure Vulnerability
7249 CVE-2021-28438 DoS 2021-04-13 2021-04-20
2.1
None Local Low Not required None None Partial
Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28443.
7250 CVE-2021-28441 2021-04-13 2021-04-21
2.1
None Local Low Not required Partial None None
Windows Hyper-V Information Disclosure Vulnerability
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.