CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2021-34485 2021-08-12 2021-08-18
2.1
None Local Low Not required Partial None None
.NET Core and Visual Studio Information Disclosure Vulnerability
202 CVE-2021-34457 2021-07-16 2021-07-22
2.1
None Local Low Not required Partial None None
Windows Remote Access Connection Manager Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-33763, CVE-2021-34454.
203 CVE-2021-34454 2021-07-16 2021-07-22
2.1
None Local Low Not required Partial None None
Windows Remote Access Connection Manager Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-33763, CVE-2021-34457.
204 CVE-2021-34440 2021-07-16 2021-07-22
2.1
None Local Low Not required Partial None None
GDI+ Information Disclosure Vulnerability
205 CVE-2021-34400 +Priv 2021-11-20 2021-11-24
2.1
None Local Low Not required Partial None None
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may lead to information disclosure.
206 CVE-2021-34399 +Priv 2021-11-20 2021-11-24
2.1
None Local Low Not required Partial None None
NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may lead to information disclosure.
207 CVE-2021-34397 787 DoS 2021-06-22 2021-06-29
2.1
None Local Low Not required None None Partial
Bootloader contains a vulnerability in NVIDIA MB2, which may cause free-the-wrong-heap, which may lead to limited denial of service.
208 CVE-2021-34396 863 DoS 2021-06-22 2021-06-29
2.1
None Local Low Not required None None Partial
Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service.
209 CVE-2021-34393 502 Exec Code 2021-06-22 2021-06-29
2.1
None Local Low Not required Partial None None
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
210 CVE-2021-34392 190 DoS Overflow Bypass 2021-06-22 2021-06-29
2.1
None Local Low Not required None None Partial
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
211 CVE-2021-34390 190 DoS Overflow 2021-06-22 2021-09-20
2.1
None Local Low Not required None None Partial
Trusty contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow through a specific SMC call that is triggered by the user, which may lead to denial of service.
212 CVE-2021-34268 DoS 2021-07-22 2021-08-03
2.1
None Local Low Not required None None Partial
An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet.
213 CVE-2021-34267 DoS 2021-07-22 2021-08-03
2.1
None Local Low Not required None None Partial
An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint.
214 CVE-2021-34261 DoS 2021-07-22 2021-08-03
2.1
None Local Low Not required None None Partial
An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature.
215 CVE-2021-34145 DoS 2021-09-07 2021-09-14
2.9
None Local Network Medium Not required None None Partial
The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.
216 CVE-2021-33923 276 2021-09-29 2021-10-07
2.1
None Local Low Not required Partial None None
Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5.5.2 and 6.0.0 allows local attackers to access some sensitive information (private keys, state database).
217 CVE-2021-33880 2021-06-06 2021-06-16
2.6
None Remote High Not required Partial None None
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.
218 CVE-2021-33765 2021-07-14 2021-07-16
2.1
None Local Low Not required None Partial None
Windows Installer Spoofing Vulnerability
219 CVE-2021-33763 2021-07-14 2021-07-16
2.1
None Local Low Not required Partial None None
Windows Remote Access Connection Manager Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-34454, CVE-2021-34457.
220 CVE-2021-33760 2021-07-14 2021-07-16
2.1
None Local Low Not required Partial None None
Media Foundation Information Disclosure Vulnerability
221 CVE-2021-33715 476 2021-07-13 2021-07-20
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a race condition could cause an object to be released before being operated on, leading to NULL pointer deference condition and causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.
222 CVE-2021-33714 476 2021-07-13 2021-07-20
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a missing check for the validity of an iterator leads to NULL pointer deference condition, causing the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.
223 CVE-2021-33713 688 2021-07-13 2021-07-20
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in JT Utilities (All versions < V13.0.2.0). When parsing specially crafted JT files, a hash function is called with an incorrect argument leading the application to crash. An attacker could leverage this vulnerability to cause a Denial-of-Service condition in the application.
224 CVE-2021-33703 79 XSS 2021-08-10 2021-08-17
2.6
None Remote High Not required None Partial None
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
225 CVE-2021-33702 79 Exec Code XSS 2021-08-10 2021-08-17
2.6
None Remote High Not required None Partial None
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.
226 CVE-2021-33662 200 +Info 2021-06-09 2021-06-15
2.1
None Local Low Not required Partial None None
Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted.
227 CVE-2021-33073 400 DoS 2021-11-17 2021-11-22
2.1
None Local Low Not required None None Partial
Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access.
228 CVE-2021-33003 327 2021-08-30 2021-09-03
2.1
None Local Low Not required Partial None None
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.
229 CVE-2021-32942 316 2021-06-09 2021-06-21
2.1
None Local Low Not required Partial None None
The vulnerability could expose cleartext credentials from AVEVA InTouch Runtime 2020 R2 and all prior versions (WindowViewer) if an authorized, privileged user creates a diagnostic memory dump of the process and saves it to a non-protected location.
230 CVE-2021-32801 532 2021-09-07 2021-09-14
2.1
None Local Low Not required Partial None None
Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug.
231 CVE-2021-32699 400 2021-06-22 2021-06-30
2.1
None Local Low Not required None None Partial
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.
232 CVE-2021-32680 2021-07-12 2021-09-20
2.1
None Local Low Not required None Partial None
Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.
233 CVE-2021-32658 200 +Info 2021-06-08 2021-06-21
2.1
None Local Low Not required Partial None None
Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that the Nextcloud Android App is upgraded to 3.16.1
234 CVE-2021-32638 200 +Info 2021-05-25 2021-06-04
2.1
None Local Low Not required Partial None None
Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead of reading it from a file, standard input, or an environment variable. This approach made the token visible to other processes on the same machine, for example in the output of the `ps` command. If the CI system publicly exposes the output of `ps`, for example by logging the output, then the GitHub access token can be exposed beyond the scope intended. Users of the CodeQL runner on 3rd-party systems, who are passing a GitHub token via the `--github-auth` flag, are affected. This applies to both GitHub.com and GitHub Enterprise users. Users of the CodeQL Action on GitHub Actions are not affected. The `--github-auth` flag is now considered insecure and deprecated. The undocumented `--external-repository-token` flag has been removed. To securely provide a GitHub access token to the CodeQL runner, users should **do one of the following instead**: Use the `--github-auth-stdin` flag and pass the token on the command line via standard input OR set the `GITHUB_TOKEN` environment variable to contain the token, then call the command without passing in the token. The old flag remains present for backwards compatibility with existing workflows. If the user tries to specify an access token using the `--github-auth` flag, there is a deprecation warning printed to the terminal that directs the user to one of the above options. All CodeQL runner releases codeql-bundle-20210304 onwards contain the patches. We recommend updating to a recent version of the CodeQL runner, storing a token in your CI system's secret storage mechanism, and passing the token to the CodeQL runner using `--github-auth-stdin` or the `GITHUB_TOKEN` environment variable. If still using the old flag, ensure that process output, such as from `ps`, is not persisted in CI logs.
235 CVE-2021-32600 2021-11-17 2021-11-18
2.1
None Local Low Not required Partial None None
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list.
236 CVE-2021-32556 78 2021-06-12 2021-06-23
2.1
None Local Low Not required None Partial None
It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
237 CVE-2021-32555 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users.
238 CVE-2021-32554 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users.
239 CVE-2021-32553 59 2021-06-12 2021-06-16
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.
240 CVE-2021-32552 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
241 CVE-2021-32551 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users.
242 CVE-2021-32550 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
243 CVE-2021-32549 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
244 CVE-2021-32548 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
245 CVE-2021-32547 59 2021-06-12 2021-06-15
2.1
None Local Low Not required Partial None None
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
246 CVE-2021-32453 200 +Info 2021-05-17 2021-05-24
2.1
None Local Low Not required Partial None None
SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network, to access via HTTP to the internal configuration database of the device without any authentication. An attacker could exploit this vulnerability in order to obtain information about the device´s configuration.
247 CVE-2021-32022 Exec Code +Priv 2021-11-10 2021-11-16
2.1
None Local Low Not required None Partial None
A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete data from the local system.
248 CVE-2021-32003 522 2021-08-05 2021-08-13
2.1
None Local Low Not required Partial None None
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
249 CVE-2021-32002 863 2021-08-05 2021-08-13
2.1
None Local Low Not required Partial None None
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.
250 CVE-2021-31978 DoS 2021-06-08 2021-06-11
2.1
None Local Low Not required None None Partial
Microsoft Defender Denial of Service Vulnerability
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.