CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2021-27204 312 2021-02-12 2021-09-08
2.1
None Local Low Not required Partial None None
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
402 CVE-2021-27094 Bypass 2021-04-13 2021-09-14
2.1
None Local Low Not required None Partial None
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-28447.
403 CVE-2021-27093 200 +Info 2021-04-13 2021-04-16
2.1
None Local Low Not required Partial None None
Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28309.
404 CVE-2021-27075 2021-03-11 2021-03-23
2.7
None Local Network Low ??? Partial None None
Azure Virtual Machine Information Disclosure Vulnerability
405 CVE-2021-27026 532 2021-11-18 2021-11-22
2.1
None Local Low Not required Partial None None
A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged
406 CVE-2021-27001 668 2021-10-19 2021-10-22
2.1
None Local Low Not required None Partial None
Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.
407 CVE-2021-26988 862 2021-03-04 2021-03-18
2.7
None Local Network Low ??? Partial None None
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.
408 CVE-2021-26933 Bypass 2021-02-17 2021-04-11
2.1
None Local Low Not required Partial None None
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.
409 CVE-2021-26917 2021-02-08 2021-02-16
2.1
None Local Low Not required Partial None None
** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker.
410 CVE-2021-26892 Bypass 2021-03-11 2021-03-23
2.1
None Local Low Not required None None Partial
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
411 CVE-2021-26884 200 +Info 2021-03-11 2021-03-13
2.1
None Local Low Not required Partial None None
Windows Media Photo Codec Information Disclosure Vulnerability
412 CVE-2021-26869 200 +Info 2021-03-11 2021-03-15
2.1
None Local Low Not required Partial None None
Windows ActiveX Installer Service Information Disclosure Vulnerability
413 CVE-2021-26718 863 Bypass 2021-04-01 2021-04-07
2.1
None Local Low Not required None Partial None
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.
414 CVE-2021-26585 668 2021-06-24 2021-06-30
2.1
None Local Low Not required Partial None None
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.
415 CVE-2021-26579 312 2021-03-30 2021-04-02
2.1
None Local Low Not required Partial None None
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys.
416 CVE-2021-26563 863 Exec Code 2021-02-26 2021-06-18
2.1
None Local Low Not required Partial None None
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
417 CVE-2021-26550 312 2021-02-09 2021-02-11
2.1
None Local Low Not required Partial None None
An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
418 CVE-2021-26430 DoS 2021-08-12 2021-08-27
2.1
None Local Low Not required None None Partial
Azure Sphere Denial of Service Vulnerability
419 CVE-2021-26428 2021-08-12 2021-08-18
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability
420 CVE-2021-26417 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows Overlay Filter Information Disclosure Vulnerability
421 CVE-2021-26413 2021-04-13 2021-04-20
2.1
None Local Low Not required None Partial None
Windows Installer Spoofing Vulnerability
422 CVE-2021-26337 2021-11-16 2021-11-19
2.1
None Local Low Not required Partial None None
Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests.
423 CVE-2021-26330 787 Overflow 2021-11-16 2021-11-19
2.1
None Local Low Not required None None Partial
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
424 CVE-2021-26329 190 Overflow 2021-11-16 2021-11-18
2.1
None Local Low Not required None None Partial
AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources.
425 CVE-2021-26327 668 2021-11-16 2021-11-19
2.1
None Local Low Not required Partial None None
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.
426 CVE-2021-26325 20 DoS 2021-11-16 2021-11-19
2.1
None Local Low Not required None None Partial
Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service.
427 CVE-2021-26320 295 DoS 2021-11-16 2021-11-18
2.1
None Local Low Not required None None Partial
Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP
428 CVE-2021-26314 668 2021-06-09 2021-06-17
2.1
None Local Low Not required Partial None None
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
429 CVE-2021-26313 668 Exec Code Bypass 2021-06-09 2021-10-13
2.1
None Local Low Not required Partial None None
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
430 CVE-2021-26312 668 2021-11-16 2021-11-18
2.1
None Local Low Not required Partial None None
PSP protection against improperly configured side channels may lead to potential information disclosure. This issue affects: AMD 1st Gen AMD EPYC™ versions prior to NaplesPI-SP3_1.0.0.G. AMD 2nd Gen AMD EPYC™ versions prior to RomePI-SP3_1.0.0.C. AMD 3rd Gen AMD EPYC™ versions prior to MilanPI-SP3_1.0.0.4.
431 CVE-2021-26309 668 2021-05-11 2021-05-19
2.1
None Local Low Not required Partial None None
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.
432 CVE-2021-26307 400 2021-01-29 2021-02-03
2.1
None Local Low Not required None None Partial
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.
433 CVE-2021-26248 708 2021-11-19 2021-11-23
2.1
None Local Low Not required Partial None None
Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.
434 CVE-2021-25701 401 DoS 2021-07-21 2021-07-29
2.1
None Local Low Not required None None Partial
The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service.
435 CVE-2021-25692 312 2021-04-06 2021-04-19
2.1
None Local Low Not required Partial None None
Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.
436 CVE-2021-25688 532 2021-02-11 2021-02-17
2.1
None Local Low Not required Partial None None
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.
437 CVE-2021-25675 369 2021-03-15 2021-03-18
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service.
438 CVE-2021-25674 476 2021-03-15 2021-03-18
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service.
439 CVE-2021-25652 863 2021-06-24 2021-06-30
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities (AVPU). This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects versions 8.0.0.0 through 8.1.3.1 of AVPU.
440 CVE-2021-25649 2021-06-24 2021-06-29
2.1
None Local Low Not required Partial None None
** UNSUPPORTED WHEN ASSIGNED ** An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services.
441 CVE-2021-25645 312 2021-05-10 2021-05-24
2.1
None Local Low Not required Partial None None
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past.
442 CVE-2021-25507 863 2021-11-05 2021-11-09
2.7
None Local Network Low ??? Partial None None
Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.
443 CVE-2021-25506 863 DoS 2021-11-05 2021-11-09
2.1
None Local Low Not required None None Partial
Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.
444 CVE-2021-25504 20 2021-11-05 2021-11-08
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.
445 CVE-2021-25502 312 2021-11-05 2021-11-08
2.1
None Local Low Not required Partial None None
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
446 CVE-2021-25501 863 2021-11-05 2021-11-08
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.
447 CVE-2021-25500 20 2021-11-05 2021-11-08
2.1
None Local Low Not required None Partial None
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.
448 CVE-2021-25499 2021-10-06 2021-10-14
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.
449 CVE-2021-25491 476 Mem. Corr. 2021-10-06 2021-10-13
2.1
None Local Low Not required None None Partial
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.
450 CVE-2021-25488 125 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.