CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2021-31186 200 +Info 2021-05-11 2021-05-17
4.3
None Remote Medium Not required Partial None None
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
252 CVE-2021-31184 200 +Info 2021-05-11 2021-05-17
2.1
None Local Low Not required Partial None None
Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability
253 CVE-2021-31178 200 +Info 2021-05-11 2021-05-17
4.3
None Remote Medium Not required Partial None None
Microsoft Office Information Disclosure Vulnerability
254 CVE-2021-31174 200 +Info 2021-05-11 2021-05-18
2.1
None Local Low Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
255 CVE-2021-31173 200 +Info 2021-05-11 2021-05-18
4.0
None Remote Low ??? Partial None None
Microsoft SharePoint Server Information Disclosure Vulnerability
256 CVE-2021-31171 200 +Info 2021-05-11 2021-05-17
2.1
None Local Low Not required Partial None None
Microsoft SharePoint Information Disclosure Vulnerability
257 CVE-2021-30992 668 +Info 2021-08-24 2022-01-03
1.9
None Local Medium Not required Partial None None
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata.
258 CVE-2021-30888 601 +Info 2021-08-24 2021-12-21
4.3
None Remote Medium Not required Partial None None
An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior .
259 CVE-2021-30875 200 +Info 2021-08-24 2021-11-01
2.1
None Local Low Not required Partial None None
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1. A local attacker may be able to view contacts from the lock screen.
260 CVE-2021-30790 200 Exec Code +Info 2021-09-08 2021-09-15
6.8
None Remote Medium Not required Partial Partial Partial
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
261 CVE-2021-30756 200 +Info 2021-09-08 2021-09-16
2.1
None Local Low Not required Partial None None
A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions.
262 CVE-2021-30722 +Info 2021-09-08 2021-09-22
4.3
None Remote Medium Not required Partial None None
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.
263 CVE-2021-30721 20 +Info 2021-09-08 2021-09-22
4.0
None Remote Low ??? Partial None None
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.
264 CVE-2021-30697 +Info 2021-09-08 2021-09-17
2.1
None Local Low Not required Partial None None
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information.
265 CVE-2021-30682 +Info 2021-09-08 2021-09-20
4.3
None Remote Medium Not required Partial None None
A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information.
266 CVE-2021-30659 +Info 2021-09-08 2021-09-17
4.3
None Remote Medium Not required Partial None None
A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information.
267 CVE-2021-30638 200 +Info 2021-04-27 2021-05-28
5.0
None Remote Low Not required Partial None None
Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1.
268 CVE-2021-30580 863 +Info 2021-08-03 2021-12-08
4.3
None Remote Medium Not required Partial None None
Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page.
269 CVE-2021-30169 200 +Info 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.
270 CVE-2021-30163 200 +Info 2021-04-06 2021-06-03
5.0
None Remote Low Not required Partial None None
Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discover the names of private projects if issue-journal details exist that have changes to project_id values.
271 CVE-2021-30086 79 XSS +Info 2021-09-28 2021-10-01
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.
272 CVE-2021-29875 +Info 2021-11-02 2021-11-03
5.0
None Remote Low Not required Partial None None
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572.
273 CVE-2021-29873 668 DoS +Info 2021-10-21 2021-10-26
5.5
None Remote Low ??? Partial None Partial
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
274 CVE-2021-29868 613 +Info 2021-10-27 2021-11-02
2.1
None Local Low Not required Partial None None
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.
275 CVE-2021-29851 +Info 2021-09-01 2021-09-09
4.0
None Remote Low ??? Partial None None
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527.
276 CVE-2021-29847 +Info 2021-12-15 2021-12-21
4.3
None Remote Medium Not required Partial None None
BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267.
277 CVE-2021-29825 200 +Info 2021-09-16 2021-11-05
5.0
None Remote Low Not required Partial None None
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.
278 CVE-2021-29784 209 +Info 2021-07-26 2021-08-03
4.0
None Remote Low ??? Partial None None
IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168.
279 CVE-2021-29779 287 +Info 2021-12-01 2021-12-02
4.3
None Remote Medium Not required Partial None None
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033.
280 CVE-2021-29773 200 +Info 2021-09-15 2021-09-28
5.5
None Remote Low ??? Partial Partial None
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-Force ID: 202865.
281 CVE-2021-29767 209 +Info 2021-07-26 2021-08-03
5.0
None Remote Low Not required Partial None None
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681.
282 CVE-2021-29766 209 +Info 2021-07-26 2021-08-03
5.0
None Remote Low Not required Partial None None
IBM i2 Analyst's Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680.
283 CVE-2021-29765 287 +Info 2021-08-04 2021-08-11
5.0
None Remote Low Not required Partial None None
IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if they gain service access to the FSP. IBM X-Force ID: 202476.
284 CVE-2021-29761 200 +Info 2021-10-06 2021-10-08
4.0
None Remote Low ??? Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.
285 CVE-2021-29759 532 +Info 2021-07-07 2021-07-15
2.1
None Local Low Not required Partial None None
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, and 1.3 could allow a privileged user to obtain sensitive information from internal log files. IBM X-Force ID: 202212.
286 CVE-2021-29752 200 +Info 2021-09-16 2021-09-27
3.5
None Remote Medium ??? Partial None None
IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.
287 CVE-2021-29751 863 +Info 2021-06-28 2021-07-01
3.5
None Remote Medium ??? Partial None None
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.
288 CVE-2021-29747 287 +Info 2021-05-17 2021-05-24
5.0
None Remote Low Not required Partial None None
IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain highly sensitive information due to a vulnerability in the authentication mechanism. IBM X-Force ID: 201775.
289 CVE-2021-29739 252 +Info 2021-08-10 2021-08-17
4.0
None Remote Low ??? Partial None None
IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846.
290 CVE-2021-29715 668 +Info 2021-08-26 2021-09-01
6.4
None Remote Low Not required Partial None Partial
IBM API Connect 5.0.0.0 through 5.0.8.11 could alllow a remote user to obtain sensitive information or conduct denial of serivce attacks due to open ports. IBM X-Force ID: 201018.
291 CVE-2021-29700 200 +Info 2021-10-07 2021-10-15
4.0
None Remote Low ??? Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.
292 CVE-2021-29697 +Info 2021-08-02 2021-08-10
4.0
None Remote Low ??? Partial None None
IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could allow a remote authenticated attacker to obtain sensitive information through HTTP requests that could be used in further attacks against the system.
293 CVE-2021-29692 +Info 2021-05-20 2021-05-24
4.3
None Remote Medium Not required Partial None None
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253.
294 CVE-2021-29688 209 +Info 2021-05-20 2021-05-24
5.0
None Remote Low Not required Partial None None
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102.
295 CVE-2021-29682 209 +Info 2021-05-20 2021-05-24
5.0
None Remote Low Not required Partial None None
IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997
296 CVE-2021-29681 200 +Info 2021-05-21 2021-05-26
5.0
None Remote Low Not required Partial None None
IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. This information could be used in further attacks against the system. IBM X-Force ID: 199918.
297 CVE-2021-29647 +Info 2021-03-30 2021-06-23
2.1
None Local Low Not required Partial None None
An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.
298 CVE-2021-29483 200 +Info 2021-04-28 2021-04-28
0.0
None ??? ??? ??? ??? ??? ???
ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are unable to patch set `$wgAPIListModules['wikiconfig'] = 'ApiQueryDisabled';` or remove private config as a workaround.
299 CVE-2021-29450 200 +Info 2021-04-15 2021-04-23
4.0
None Remote Low ??? Partial None None
Wordpress is an open source CMS. One of the blocks in the WordPress editor can be exploited in a way that exposes password-protected posts and pages. This requires at least contributor privileges. This has been patched in WordPress 5.7.1, along with the older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.
300 CVE-2021-29427 829 +Info 2021-04-13 2021-10-20
6.0
None Remote Medium ??? Partial Partial Partial
In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. Repository content filtering is a security control Gradle introduced to help users specify what repositories are used to resolve specific dependencies. This feature was introduced in the wake of the "A Confusing Dependency" blog post. In some cases, Gradle may ignore content filters and search all repositories for dependencies. This only occurs when repository content filtering is used from within a `pluginManagement` block in a settings file. This may change how dependencies are resolved for Gradle plugins and build scripts. For builds that are vulnerable, there are two risks: 1) Information disclosure: Gradle could make dependency requests to repositories outside your organization and leak internal package identifiers. 2) Dependency poisoning/Dependency confusion: Gradle could download a malicious binary from a repository outside your organization due to name squatting. For a full example and more details refer to the referenced GitHub Security Advisory. The problem has been patched and released with Gradle 7.0. Users relying on this feature should upgrade their build as soon as possible. As a workaround, users may use a company repository which has the right rules for fetching packages from public repositories, or use project level repository content filtering, inside `buildscript.repositories`. This option is available since Gradle 5.1 when the feature was introduced.
Total number of vulnerabilities : 767   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.