CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2021-26923 287 +Info 2021-03-15 2021-03-18
5.0
None Remote Low Not required Partial None None
An issue was discovered in Argo CD before 1.8.4. Accessing the endpoint /api/version leaks internal information for the system, and this endpoint is not protected with authentication.
352 CVE-2021-26884 200 +Info 2021-03-11 2021-03-13
2.1
None Local Low Not required Partial None None
Windows Media Photo Codec Information Disclosure Vulnerability
353 CVE-2021-26869 200 +Info 2021-03-11 2021-03-15
2.1
None Local Low Not required Partial None None
Windows ActiveX Installer Service Information Disclosure Vulnerability
354 CVE-2021-26822 89 Exec Code Sql +Info 2021-02-15 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.
355 CVE-2021-26795 89 Sql +Info 2021-11-14 2021-11-17
6.5
None Remote Low ??? Partial Partial Partial
A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management.
356 CVE-2021-26686 89 Sql +Info 2021-02-23 2021-02-26
5.5
None Remote Low ??? Partial Partial None
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.
357 CVE-2021-26685 78 Sql +Info 2021-02-23 2021-02-27
5.5
None Remote Low ??? Partial Partial None
A remote authenticated SQL Injection vulnerabilitiy was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface API of ClearPass could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database.
358 CVE-2021-26676 +Info 2021-02-09 2021-07-12
3.3
None Local Network Low Not required Partial None None
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp.
359 CVE-2021-26593 200 +Info 2021-02-23 2021-03-01
5.0
None Remote Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
360 CVE-2021-26566 200 Exec Code +Info 2021-02-26 2021-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic.
361 CVE-2021-26565 319 +Info 2021-02-26 2021-04-22
4.3
None Remote Medium Not required Partial None None
Cleartext transmission of sensitive information vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to obtain sensitive information via an HTTP session.
362 CVE-2021-26417 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows Overlay Filter Information Disclosure Vulnerability
363 CVE-2021-26333 269 +Info 2021-09-21 2021-10-07
4.9
None Local Low Not required Complete None None
An information disclosure vulnerability exists in AMD Platform Security Processor (PSP) chipset driver. The discretionary access control list (DACL) may allow low privileged users to open a handle and send requests to the driver resulting in a potential data leak from uninitialized physical pages.
364 CVE-2021-26318 203 +Info 2021-10-13 2021-10-20
1.9
None Local Medium Not required Partial None None
A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.
365 CVE-2021-26075 +Info 2021-04-15 2021-04-21
4.0
None Remote Low ??? Partial None None
The Jira importers plugin AttachTemporaryFile rest resource in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before 8.13.4, and from version 8.14.0 before 8.15.1 allowed remote authenticated attackers to obtain the full path of the Jira application data directory via an information disclosure vulnerability in the error message when presented with an invalid filename.
366 CVE-2021-26067 200 +Info 2021-01-28 2021-02-04
5.0
None Remote Low Not required Partial None None
Affected versions of Atlassian Bamboo allow an unauthenticated remote attacker to view a stack trace that may reveal the path for the home directory in disk and if certain files exists on the tmp directory, via a Sensitive Data Exposure vulnerability in the /chart endpoint. The affected versions are before version 7.2.2.
367 CVE-2021-25809 200 +Info 2021-07-23 2021-08-03
5.0
None Remote Low Not required Partial None None
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
368 CVE-2021-25771 200 +Info 2021-02-03 2021-02-04
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.6.1099, project information could be potentially disclosed.
369 CVE-2021-25767 200 Exec Code +Info 2021-02-03 2021-02-05
5.0
None Remote Low Not required Partial None None
In JetBrains YouTrack before 2020.6.1767, an issue's existence could be disclosed via YouTrack command execution.
370 CVE-2021-25760 200 +Info 2021-02-03 2021-02-04
5.0
None Remote Low Not required Partial None None
In JetBrains Hub before 2020.1.12669, information disclosure via the public API was possible.
371 CVE-2021-25644 312 +Info 2021-05-19 2021-05-25
5.0
None Remote Low Not required Partial None None
An issue was discovered in Couchbase Server 5.x and 6.x through 6.6.1 and 7.0.0 Beta. Incorrect commands to the REST API can result in leaked authentication information being stored in cleartext in the debug.log and info.log files, and is also shown in the UI visible to administrators.
372 CVE-2021-25464 200 +Info 2021-09-09 2021-09-22
2.1
None Local Low Not required Partial None None
An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.
373 CVE-2021-25426 200 +Info 2021-07-08 2021-10-18
5.0
None Remote Low Not required Partial None None
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.
374 CVE-2021-25364 200 +Info 2021-04-09 2021-04-26
2.1
None Local Low Not required Partial None None
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
375 CVE-2021-25333 200 +Info 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.
376 CVE-2021-25332 200 +Info 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.
377 CVE-2021-25331 200 +Info 2021-03-04 2021-03-11
1.9
None Local Medium Not required Partial None None
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.
378 CVE-2021-25249 787 Exec Code +Info 2021-02-04 2021-02-05
7.2
None Local Low Not required Complete Complete Complete
An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
379 CVE-2021-25248 125 Exec Code +Info 2021-02-04 2021-02-05
2.1
None Local Low Not required Partial None None
An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attacker to disclose sensitive information about a named pipe. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
380 CVE-2021-25243 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch level information.
381 CVE-2021-25242 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version and build information.
382 CVE-2021-25240 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agent hofitx information.
383 CVE-2021-25239 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about x86 agent hotfixes.
384 CVE-2021-25238 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about an agent's managing port.
385 CVE-2021-25237 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem) could allow an unauthenticated user to obtain information about the managing port used by agents.
386 CVE-2021-25235 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about a content inspection configuration file.
387 CVE-2021-25234 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific notification configuration file.
388 CVE-2021-25233 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific configuration download file.
389 CVE-2021-25232 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the SQL database.
390 CVE-2021-25231 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about a specific hotfix history file.
391 CVE-2021-25230 200 +Info 2021-02-04 2021-02-05
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the contents of a scan connection exception file.
392 CVE-2021-25229 863 +Info 2021-02-04 2021-02-08
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server.
393 CVE-2021-25228 863 +Info 2021-02-04 2021-02-08
5.0
None Remote Low Not required Partial None None
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history.
394 CVE-2021-25201 89 Sql +Info 2021-07-23 2021-07-29
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
395 CVE-2021-24945 200 +Info CSRF 2021-12-13 2021-12-16
6.0
None Remote Medium ??? Partial Partial Partial
The Like Button Rating ♥ LikeBtn WordPress plugin before 2.6.38 does not have any authorisation and CSRF checks in the likebtn_export_votes AJAX action, which could allow any authenticated user, such as subscriber, to get a list of email and IP addresses of people who liked content from the blog.
396 CVE-2021-24695 200 +Info 2021-11-08 2021-11-10
5.0
None Remote Low Not required Partial None None
The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames
397 CVE-2021-24661 200 +Info 2021-09-27 2021-10-01
3.5
None Remote Medium ??? Partial None None
The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with Contributor roles or higher to read password-protected or private post contents the user is otherwise unable to read, given the post ID.
398 CVE-2021-24585 200 +Info 2021-09-20 2021-10-01
4.0
None Remote Low ??? Partial None None
The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the edit_posts capability. Combined with the other Unauthorised Event Timeslot Modification issue (https://wpscan.com/reports/submissions/4699/) where an arbitrary user ID can be set, this could allow low privilege users with the edit_posts capability (such as author) to retrieve sensitive User data by iterating over the user_id
399 CVE-2021-24227 200 +Info 2021-04-12 2021-04-14
5.0
None Remote Low Not required Partial None None
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.
400 CVE-2021-24226 200 +Info 2021-04-12 2021-04-16
5.0
None Remote Low Not required Partial None None
In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.
Total number of vulnerabilities : 767   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.