CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2021-1731 Bypass 2021-02-25 2021-03-03
2.1
None Local Low Not required Partial None None
PFX Encryption Security Feature Bypass Vulnerability
752 CVE-2021-1725 200 +Info 2021-01-12 2021-01-15
2.1
None Local Low Not required Partial None None
Bot Framework SDK Information Disclosure Vulnerability
753 CVE-2021-1724 79 XSS 2021-02-25 2021-03-03
2.3
None Local Network Medium ??? None Partial None
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
754 CVE-2021-1699 2021-01-12 2021-01-20
2.1
None Local Low Not required Partial None None
Windows (modem.sys) Information Disclosure Vulnerability
755 CVE-2021-1684 Bypass 2021-01-12 2021-01-20
2.1
None Local Low Not required Partial None None
Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1683.
756 CVE-2021-1683 Bypass 2021-01-12 2021-01-20
2.1
None Local Low Not required Partial None None
Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1638, CVE-2021-1684.
757 CVE-2021-1677 290 2021-01-12 2021-01-20
2.1
None Local Low Not required Partial None None
Azure Active Directory Pod Identity Spoofing Vulnerability
758 CVE-2021-1676 2021-01-12 2021-01-20
2.1
None Local Low Not required Partial None None
Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability
759 CVE-2021-1672 2021-01-12 2021-01-20
2.1
None Local Low Not required Partial None None
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1670.
760 CVE-2021-1670 2021-01-12 2021-01-20
2.1
None Local Low Not required Partial None None
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1663, CVE-2021-1672.
761 CVE-2021-1663 200 +Info 2021-01-12 2021-01-20
2.1
None Local Low Not required Partial None None
Windows Projected File System FS Filter Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-1670, CVE-2021-1672.
762 CVE-2021-1656 2021-01-12 2021-01-19
2.1
None Local Low Not required Partial None None
TPM Device Driver Information Disclosure Vulnerability
763 CVE-2021-1638 863 Bypass 2021-01-12 2021-01-14
2.1
None Local Low Not required Partial None None
Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1683, CVE-2021-1684.
764 CVE-2021-1637 2021-01-12 2021-01-14
2.1
None Local Low Not required Partial None None
Windows DNS Query Information Disclosure Vulnerability
765 CVE-2021-1583 863 2021-08-25 2021-09-02
2.1
None Local Low Not required Partial None None
A vulnerability in the fabric infrastructure file system access control of Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, local attacker to read arbitrary files on an affected system. This vulnerability is due to improper access control. An attacker with Administrator privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to read arbitrary files on the file system of the affected device.
766 CVE-2021-1568 789 DoS 2021-06-16 2021-06-23
2.1
None Local Low Not required None None Partial
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system.
767 CVE-2021-1546 209 2021-09-23 2021-09-30
2.1
None Local Low Not required Partial None None
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information.
768 CVE-2021-1544 497 2021-06-04 2021-06-14
2.1
None Local Low Not required Partial None None
A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe logging of application actions. An attacker could exploit this vulnerability by logging onto the local system and accessing files containing the logged details. A successful exploit could allow the attacker to gain access to sensitive information, including meeting data and recorded meeting transcriptions.
769 CVE-2021-1537 522 2021-06-04 2021-06-14
2.1
None Local Low Not required Partial None None
A vulnerability in the installer software of Cisco ThousandEyes Recorder could allow an unauthenticated, local attacker to access sensitive information that is contained in the ThousandEyes Recorder installer software. This vulnerability exists because sensitive information is included in the application installer. An attacker could exploit this vulnerability by downloading the installer and extracting its contents. A successful exploit could allow the attacker to access sensitive information that is included in the application installer.
770 CVE-2021-1438 668 Exec Code 2021-05-06 2021-05-17
2.1
None Local Low Not required Partial None None
A vulnerability in Cisco Wide Area Application Services (WAAS) Software could allow an authenticated, local attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the CLI. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to read arbitrary files that they originally did not have permissions to access.
771 CVE-2021-1423 668 2021-03-24 2021-03-31
2.1
None Local Low Not required None Partial None
A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device.
772 CVE-2021-1392 522 2021-03-24 2021-03-29
2.1
None Local Low Not required Partial None None
A vulnerability in the CLI command permissions of Cisco IOS and Cisco IOS XE Software could allow an authenticated, local attacker to retrieve the password for Common Industrial Protocol (CIP) and then remotely configure the device as an administrative user. This vulnerability exists because incorrect permissions are associated with the show cip security CLI command. An attacker could exploit this vulnerability by issuing the command to retrieve the password for CIP on an affected device. A successful exploit could allow the attacker to reconfigure the device.
773 CVE-2021-1372 202 2021-02-17 2021-02-23
2.1
None Local Low Not required Partial None None
A vulnerability in Cisco Webex Meetings Desktop App and Webex Productivity Tools for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. This vulnerability is due to the unsafe usage of shared memory by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens. Note: To exploit this vulnerability, an attacker must have valid credentials on a Microsoft Windows end-user system and must log in after another user has already authenticated with Webex on the same end-user system.
774 CVE-2021-1367 20 DoS 2021-02-24 2021-03-09
2.9
None Local Network Medium Not required None None Partial
A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted PIM packet to an affected device. A successful exploit could allow the attacker to cause a traffic loop, resulting in a DoS condition.
775 CVE-2021-1354 295 2021-02-04 2021-02-08
2.7
None Local Network Low ??? Partial None None
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.
776 CVE-2021-1352 823 DoS 2021-03-24 2021-03-29
2.9
None Local Network Medium Not required None None Partial
A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.
777 CVE-2021-1283 789 2021-01-20 2021-01-26
2.1
None Local Low Not required Partial None None
A vulnerability in the logging subsystem of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is written to system log files. An attacker could exploit this vulnerability by authenticating to an affected device and inspecting a specific system log file. A successful exploit could allow the attacker to view sensitive information in the system log file. To exploit this vulnerability, the attacker would need to have valid user credentials.
778 CVE-2021-1258 269 2021-01-13 2021-01-20
2.1
None Local Low Not required Partial None None
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability.
779 CVE-2021-1231 284 2021-02-24 2021-03-05
2.9
None Local Network Medium Not required None None Partial
A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, adjacent attacker to disable switching on a small form-factor pluggable (SFP) interface. This vulnerability is due to incomplete validation of the source of a received LLDP packet. An attacker could exploit this vulnerability by sending a crafted LLDP packet on an SFP interface to an affected device. A successful exploit could allow the attacker to disable switching on the SFP interface, which could disrupt network traffic.
780 CVE-2021-1128 201 Exec Code +Info 2021-02-04 2021-02-08
2.1
None Local Low Not required Partial None None
A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user.
781 CVE-2021-1126 522 2021-01-13 2021-01-20
2.1
None Local Low Not required Partial None None
A vulnerability in the storage of proxy server credentials of Cisco Firepower Management Center (FMC) could allow an authenticated, local attacker to view credentials for a configured proxy server. The vulnerability is due to clear-text storage and weak permissions of related configuration files. An attacker could exploit this vulnerability by accessing the CLI of the affected software and viewing the contents of the affected files. A successful exploit could allow the attacker to view the credentials that are used to access the proxy server.
782 CVE-2021-1123 DoS 2021-10-29 2021-11-02
2.1
None Local Low Not required None None Partial
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service.
783 CVE-2021-1122 476 DoS 2021-10-29 2021-11-02
2.1
None Local Low Not required None None Partial
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service.
784 CVE-2021-1121 770 DoS 2021-10-29 2021-11-02
2.1
None Local Low Not required None None Partial
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial of service.
785 CVE-2021-1116 476 DoS 2021-10-27 2021-10-28
2.1
None Local Low Not required None None Partial
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash.
786 CVE-2021-1115 476 DoS 2021-10-27 2021-10-28
2.1
None Local Low Not required None None Partial
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a NULL pointer dereference, which may lead to denial of service in a component beyond the vulnerable component.
787 CVE-2021-1105 2021-11-20 2021-11-24
2.1
None Local Low Not required Partial None None
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to information disclosure.
788 CVE-2021-1103 476 DoS 2021-07-21 2021-07-27
2.1
None Local Low Not required None None Partial
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).
789 CVE-2021-1102 755 DoS 2021-07-21 2021-09-14
2.1
None Local Low Not required None None Partial
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can lead to floating point exceptions, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).
790 CVE-2021-1101 476 DoS 2021-07-21 2021-09-14
2.1
None Local Low Not required None None Partial
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).
791 CVE-2021-1100 DoS 2021-07-21 2021-09-14
2.1
None Local Low Not required None None Partial
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel mode driver (nvidia.ko), in which a pointer to a user-space buffer is not validated before it is dereferenced, which may lead to denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).
792 CVE-2021-1095 476 DoS 2021-07-22 2021-07-30
2.1
None Local Low Not required None None Partial
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.
793 CVE-2021-1088 2021-11-20 2021-11-24
2.1
None Local Low Not required Partial None None
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may lead to information disclosure.
794 CVE-2021-1077 404 DoS 2021-04-21 2021-05-03
2.1
None Local Low Not required None None Partial
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
795 CVE-2021-1071 2021-01-26 2021-02-04
2.1
None Local Low Not required Partial None None
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to information disclosure.
796 CVE-2021-1066 400 DoS 2021-01-08 2021-01-11
2.1
None Local Low Not required None None Partial
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which input data is not validated, which may lead to unexpected consumption of resources, which in turn may lead to denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).
797 CVE-2021-1054 863 DoS 2021-01-08 2021-01-14
2.1
None Local Low Not required None None Partial
NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action, which may lead to denial of service.
798 CVE-2021-1053 20 DoS 2021-01-08 2021-01-14
2.1
None Local Low Not required None None Partial
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service.
799 CVE-2021-0939 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-186026549References: N/A
800 CVE-2021-0938 908 Bypass 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.