CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2020-16041 125 +Info 2021-01-08 2021-03-04
5.8
None Remote Medium Not required Partial None Partial
Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.
752 CVE-2020-16027 862 +Info 2021-01-08 2021-01-12
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension.
753 CVE-2020-16012 +Info 2021-01-08 2021-01-12
4.3
None Remote Medium Not required Partial None None
Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
754 CVE-2020-15942 200 +Info 2021-04-12 2021-04-20
4.0
None Remote Low ??? Partial None None
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.
755 CVE-2020-15834 200 +Info 2021-02-01 2021-07-21
5.0
None Remote Low Not required Partial None None
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The wireless network password is exposed in a QR encoded picture that an unauthenticated adversary can download via the web-management interface.
756 CVE-2020-15078 287 Bypass +Info 2021-04-26 2021-12-10
5.0
None Remote Low Not required Partial None None
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
757 CVE-2020-15077 287 Bypass +Info 2021-06-04 2021-06-11
3.5
None Remote Medium ??? Partial None None
OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks.
758 CVE-2020-14371 200 +Info 2021-06-02 2021-06-11
4.0
None Remote Low ??? Partial None None
A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.
759 CVE-2020-14335 200 +Priv +Info 2021-06-02 2021-06-10
2.1
None Local Low Not required Partial None None
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.
760 CVE-2020-14329 200 +Info 2021-05-27 2021-06-07
2.1
None Local Low Not required Partial None None
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint. This flaw allows users from other organizations in the system to retrieve any label from the organization and also disclose organization names. The highest threat from this vulnerability is to confidentiality.
761 CVE-2020-14274 200 +Info 2021-01-12 2021-07-21
5.0
None Remote Low Not required Partial None None
Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors.
762 CVE-2020-14255 200 +Info 2021-02-02 2021-07-21
5.0
None Remote Low Not required Partial None None
HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations.
763 CVE-2020-14221 200 +Info 2021-02-02 2021-07-21
4.0
None Remote Low ??? Partial None None
HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users.
764 CVE-2020-14192 200 +Info 2021-02-02 2021-02-04
4.0
None Remote Low ??? Partial None None
Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4.
765 CVE-2020-12987 200 Bypass +Info 2021-06-11 2021-12-30
2.1
None Local Low Not required Partial None None
A heap information leak/kernel pool address disclosure vulnerability in the AMD Graphics Driver for Windows 10 may lead to KASLR bypass.
766 CVE-2020-12964 269 DoS +Info 2021-11-15 2021-11-17
4.6
None Local Low Not required Partial Partial Partial
A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information.
767 CVE-2020-12899 200 DoS Bypass +Info 2021-11-15 2021-11-17
3.6
None Local Low Not required Partial None Partial
Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.
768 CVE-2020-12897 200 Bypass +Info 2021-11-15 2021-11-17
2.1
None Local Low Not required Partial None None
Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.
769 CVE-2020-12729 200 +Info 2021-07-15 2021-08-03
2.1
None Local Low Not required Partial None None
MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors.
770 CVE-2020-12668 200 +Info 2021-02-19 2021-07-21
6.8
None Remote Low ??? Complete None None
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
771 CVE-2020-11922 200 +Info 2021-04-02 2021-04-09
3.3
None Local Network Low Not required Partial None None
An issue was discovered in WiZ Colors A60 1.14.0. The device sends unnecessary information to the cloud controller server. Although this information is sent encrypted and has low risk in isolation, it decreases the privacy of the end user. The information sent includes the local IP address being used and the SSID of the Wi-Fi network the device is connected to. (Various resources such as wigle.net can be use for mapping of SSIDs to physical locations.)
772 CVE-2020-11836 +Info 2021-02-06 2021-02-08
2.1
None Local Low Not required Partial None None
OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no.
773 CVE-2020-11281 200 +Info 2021-02-22 2021-03-02
5.0
None Remote Low Not required Partial None None
Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
774 CVE-2020-11266 +Info 2021-06-09 2021-06-16
2.1
None Local Low Not required Partial None None
Image address is dereferenced before validating its range which can cause potential QSEE information leakage in Snapdragon Wired Infrastructure and Networking
775 CVE-2020-11221 200 +Info 2021-03-17 2021-03-18
2.1
None Local Low Not required Partial None None
Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
776 CVE-2020-11204 20 Mem. Corr. +Info 2021-02-22 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
777 CVE-2020-11199 200 +Info 2021-03-17 2021-03-18
2.1
None Local Low Not required Partial None None
HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
778 CVE-2020-11198 200 +Info 2021-02-22 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
779 CVE-2020-10698 200 +Info 2021-05-27 2021-06-07
2.1
None Local Low Not required Partial None None
A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6.
780 CVE-2020-10590 200 +Info 2021-07-30 2021-08-06
5.0
None Remote Low Not required Partial None None
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
781 CVE-2020-9212 +Info 2021-03-22 2021-03-26
4.0
None Remote Low ??? Partial None None
There is a vulnerability in some version of USG9500 that the device improperly handles the information when a user logs in to device. The attacker can exploit the vulnerability to perform some operation and can get information and cause information leak.
782 CVE-2020-8807 +Info 2021-02-05 2021-02-08
5.0
None Remote Low Not required Partial None None
In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and an IP address, aka a timing side channel.
783 CVE-2020-7858 22 Dir. Trav. +Info 2021-04-22 2021-04-29
5.0
None Remote Low Not required Partial None None
There is a directory traversing vulnerability in the download page url of AquaNPlayer 2.0.0.92. The IP of the download page url is localhost and an attacker can traverse directories using "dot dot" sequences(../../) to view host file on the system. This vulnerability can cause information leakage.
784 CVE-2020-7270 200 +Info 2021-04-15 2021-04-21
4.0
None Remote Low ??? Partial None None
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.
785 CVE-2020-7269 200 +Info 2021-04-15 2021-04-21
4.0
None Remote Low ??? Partial None None
Exposure of Sensitive Information in the web interface in McAfee Advanced Threat Defense (ATD) prior to 4.12.2 allows remote authenticated users to view sensitive unencrypted information via a carefully crafted HTTP request parameter. The risk is partially mitigated if your ATD instances are deployed as recommended with no direct access from the Internet to them.
786 CVE-2020-7202 200 +Info 2021-01-05 2021-07-21
5.0
None Remote Low Not required Partial None None
A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4) firmware. The vulnerability could be remotely exploited to disclose the serial number and other information.
787 CVE-2020-5686 287 +Info 2021-01-13 2021-01-21
5.0
None Remote Low Not required Partial None None
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.
788 CVE-2020-5633 287 Bypass +Info 2021-01-13 2021-01-21
9.0
None Remote Low Not required Partial Partial Complete
Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.
789 CVE-2020-5022 200 +Info 2021-01-08 2021-07-21
5.0
None Remote Low Not required Partial None None
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthenticated and unauthorized access to VDAP proxy which can result in an attacker obtaining information they are not authorized to access. IBM X-Force ID: 193658.
790 CVE-2020-5017 732 +Info 2021-01-08 2021-07-21
2.1
None Local Low Not required Partial None None
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653.
791 CVE-2020-4996 +Info 2021-02-09 2021-02-11
2.1
None Local Low Not required Partial None None
IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913.
792 CVE-2020-4995 613 +Info 2021-02-09 2021-02-11
5.0
None Remote Low Not required Partial None None
IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912.
793 CVE-2020-4985 200 +Info 2021-05-14 2021-05-20
5.0
None Remote Low Not required Partial None None
IBM Planning Analytics Local 2.0 could allow an attacker to obtain sensitive information due to accepting body parameters in a query. IBM X-Force ID: 192642.
794 CVE-2020-4969 319 +Info 2021-01-21 2021-01-28
4.3
None Remote Medium Not required Partial None None
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
795 CVE-2020-4967 200 +Info 2021-01-27 2021-01-29
4.0
None Remote Low ??? Partial None None
IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425.
796 CVE-2020-4953 200 +Info 2021-02-23 2021-02-26
4.0
None Remote Low ??? Partial None None
IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029.
797 CVE-2020-4951 200 +Info 2021-10-15 2021-11-17
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
798 CVE-2020-4903 +Info 2021-03-08 2021-03-12
6.4
None Remote Low Not required Partial Partial None
IBM API Connect V10 and V2018 could allow an attacker who has intercepted a registration invitation link to impersonate the registered user or obtain sensitive information. IBM X-Force ID: 191105.
799 CVE-2020-4901 DoS +Info 2021-05-07 2021-05-11
6.4
None Remote Low Not required Partial None Partial
IBM Robotic Process Automation with Automation Anywhere 11.0 could allow an attacker on the network to obtain sensitive information or cause a denial of service through username enumeration. IBM X-Force ID: 190992.
800 CVE-2020-4899 319 +Info 2021-01-05 2021-01-07
6.4
None Remote Low Not required Partial Partial None
IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-Force ID: 190990.
Total number of vulnerabilities : 767   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.