CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2021-24170 200 +Info 2021-04-05 2021-04-09
5.0
None Remote Low Not required Partial None None
The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information.
402 CVE-2021-24167 200 +Info 2021-04-05 2021-04-09
5.0
None Remote Low Not required Partial None None
When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account.
403 CVE-2021-24164 200 +Info 2021-04-05 2021-04-09
4.0
None Remote Low ??? Partial None None
In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.
404 CVE-2021-24163 200 +Info 2021-04-05 2021-04-09
6.5
None Remote Low ??? Partial Partial Partial
The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin.
405 CVE-2021-24122 200 +Info 2021-01-14 2021-07-20
4.3
None Remote Medium Not required Partial None None
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.
406 CVE-2021-24119 203 +Info 2021-07-14 2021-11-28
4.0
None Remote Low ??? Partial None None
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
407 CVE-2021-24117 203 +Info 2021-07-14 2021-08-10
4.0
None Remote Low ??? Partial None None
In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
408 CVE-2021-24116 203 +Info 2021-07-14 2021-07-22
4.0
None Remote Low ??? Partial None None
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
409 CVE-2021-24114 200 +Info 2021-02-25 2021-03-03
3.5
None Remote Medium ??? Partial None None
Microsoft Teams iOS Information Disclosure Vulnerability
410 CVE-2021-24106 200 +Info 2021-02-25 2021-03-03
2.1
None Local Low Not required Partial None None
Windows DirectX Information Disclosure Vulnerability
411 CVE-2021-24101 200 +Info 2021-02-25 2021-03-04
4.0
None Remote Low ??? Partial None None
Microsoft Dataverse Information Disclosure Vulnerability
412 CVE-2021-24100 200 +Info 2021-02-25 2021-03-04
2.6
None Remote High Not required Partial None None
Microsoft Edge for Android Information Disclosure Vulnerability
413 CVE-2021-24084 200 +Info 2021-02-25 2021-03-04
4.9
None Local Low Not required Complete None None
Windows Mobile Device Management Information Disclosure Vulnerability
414 CVE-2021-24079 200 +Info 2021-02-25 2021-03-04
2.1
None Local Low Not required Partial None None
Windows Backup Engine Information Disclosure Vulnerability
415 CVE-2021-24076 200 +Info 2021-02-25 2021-03-04
2.1
None Local Low Not required Partial None None
Microsoft Windows VMSwitch Information Disclosure Vulnerability
416 CVE-2021-24071 200 +Info 2021-02-25 2021-03-03
4.0
None Remote Low ??? Partial None None
Microsoft SharePoint Information Disclosure Vulnerability
417 CVE-2021-23981 119 Overflow Mem. Corr. +Info 2021-03-31 2021-08-06
5.8
None Remote Medium Not required Partial None Partial
A texture upload of a Pixel Buffer Object could have confused the WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
418 CVE-2021-23968 209 +Info 2021-02-26 2021-05-01
4.3
None Remote Medium Not required Partial None None
If Content Security Policy blocked frame navigation, the full destination of a redirect served in the frame was reported in the violation report; as opposed to the original frame URI. This could be used to leak sensitive information contained in such URIs. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
419 CVE-2021-23958 668 +Info 2021-02-26 2021-03-03
4.3
None Remote Medium Not required Partial None None
The browser could have been confused into transferring a screen sharing state into another tab, which would leak unintended information. This vulnerability affects Firefox < 85.
420 CVE-2021-23953 +Info 2021-02-26 2021-03-03
4.3
None Remote Medium Not required Partial None None
If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
421 CVE-2021-23890 200 +Info 2021-03-26 2021-07-02
5.8
None Remote Medium Not required Partial Partial None
Information leak vulnerability in the Agent Handler of McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows an unauthenticated user to download McAfee product packages (specifically McAfee Agent) available in ePO repository and install them on their own machines to have it managed and then in turn get policy details from the ePO server. This can only happen when the ePO Agent Handler is installed in a Demilitarized Zone (DMZ) to service machines not connected to the network through a VPN.
422 CVE-2021-23386 200 +Info 2021-05-20 2021-06-01
4.0
None Remote Low ??? Partial None None
This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
423 CVE-2021-22917 200 +Info 2021-07-12 2021-07-12
4.3
None Remote Medium Not required Partial None None
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.
424 CVE-2021-22916 200 +Info 2021-07-12 2021-07-13
4.3
None Remote Medium Not required Partial None None
In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.
425 CVE-2021-22913 200 +Info 2021-06-11 2021-06-23
4.3
None Remote Medium Not required Partial None None
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.
426 CVE-2021-22912 200 +Info 2021-06-11 2021-06-22
4.3
None Remote Medium Not required Partial None None
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.
427 CVE-2021-22905 200 +Info 2021-06-11 2021-06-22
4.3
None Remote Medium Not required Partial None None
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
428 CVE-2021-22892 200 +Info 2021-05-27 2021-06-08
5.0
None Remote Low Not required Partial None None
An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.
429 CVE-2021-22876 200 +Info 2021-04-01 2021-07-20
5.0
None Remote Low Not required Partial None None
curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.
430 CVE-2021-22860 287 +Info 2021-03-17 2021-03-23
7.5
None Remote Low Not required Partial Partial Partial
EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends.
431 CVE-2021-22853 269 +Info 2021-02-17 2021-02-24
5.5
None Remote Low ??? Partial None Partial
The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work.
432 CVE-2021-22793 200 +Info 2021-09-02 2021-09-13
6.5
None Remote Low ??? Partial Partial Partial
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exist in AccuSine PCS+ / PFV+ (Versions prior to V1.6.7) and AccuSine PCSn (Versions prior to V2.2.4) that could allow an authenticated attacker to access the device via FTP protocol.
433 CVE-2021-22782 311 +Info 2021-07-14 2021-07-26
2.1
None Local Low Not required Partial None None
Missing Encryption of Sensitive Data vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), and SCADAPack RemoteConnect for x70, all versions, that could cause an information leak allowing disclosure of network and process information, credentials or intellectual property when an attacker can access a project file.
434 CVE-2021-22770 200 +Info 2021-07-21 2021-07-27
4.0
None Remote Low ??? Partial None None
A CWE-200: Information Exposure vulnerability exists in Easergy T300 with firmware V2.7.1 and older that exposes sensitive information to an actor not explicitly authorized to have access to that information.
435 CVE-2021-22749 200 +Info 2021-06-11 2021-06-22
5.0
None Remote Low Not required Partial None None
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and prior that could cause information leak concerning the current RTU configuration including communication parameters dedicated to telemetry, when a specially crafted HTTP request is sent to the web server of the module.
436 CVE-2021-22740 200 +Info 2021-05-26 2021-06-03
4.0
None Remote Low ??? Partial None None
Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded.
437 CVE-2021-22739 200 +Info 2021-05-26 2021-06-03
4.3
None Remote Medium Not required Partial None None
Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured.
438 CVE-2021-22728 200 +Info 2021-07-21 2021-07-28
4.0
None Remote Low ??? Partial None None
A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause disclosure of encrypted credentials when consulting the maintenance report.
439 CVE-2021-22721 200 +Info 2021-07-21 2021-07-28
5.0
None Remote Low Not required Partial None None
A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to get limited knowledge of javascript code when crafted malicious parameters are submitted to the charging station web server.
440 CVE-2021-22527 200 +Info 2021-09-13 2021-09-22
5.0
None Remote Low Not required Partial None None
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
441 CVE-2021-22525 668 +Info 2021-09-02 2021-09-10
2.1
None Local Low Not required Partial None None
This release addresses a potential information leakage vulnerability in NetIQ Access Manager versions prior to 5.0.1
442 CVE-2021-22506 200 +Info 2021-03-26 2021-04-01
5.0
None Remote Low Not required Partial None None
Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage.
443 CVE-2021-22496 287 Bypass +Info 2021-03-25 2021-03-25
5.0
None Remote Low Not required Partial None None
Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage.
444 CVE-2021-22468 863 +Info 2021-10-28 2021-11-01
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage.
445 CVE-2021-22356 327 +Info 2021-11-23 2021-11-29
4.3
None Remote Medium Not required Partial None None
There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages between devices to obtain information. This can lead to information leak.Affected product versions include: IPS Module V500R005C00SPC100, V500R005C00SPC200; NGFW Module V500R005C00SPC100, V500R005C00SPC200; Secospace USG6300 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; Secospace USG6600 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200; USG9500 V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200.
446 CVE-2021-22342 20 +Info 2021-06-22 2021-06-29
4.0
None Remote Low ??? Partial None None
There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some operations. This can lead to information leak. Affected product versions include: IPS Module versions V500R005C00, V500R005C10, V500R005C20; NGFW Module versions V500R005C00,V500R005C10, V500R005C20; SeMG9811 versions V500R005C00; USG9500 versions V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, V500R001C80, V500R005C00, V500R005C10, V500R005C20.
447 CVE-2021-22337 +Info 2021-06-03 2021-12-09
5.0
None Remote Low Not required Partial None None
There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause leaking of user click data.
448 CVE-2021-22310 532 +Info 2021-03-22 2021-03-26
2.1
None Local Low Not required Partial None None
There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10.
449 CVE-2021-22309 327 +Info 2021-03-22 2021-03-26
5.0
None Remote Low Not required Partial None None
There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00.
450 CVE-2021-22308 +Info 2021-06-03 2021-12-09
2.1
None Local Low Not required Partial None None
There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage.
Total number of vulnerabilities : 767   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.