CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2021-28479 200 +Info 2021-05-11 2021-05-14
2.1
None Local Low Not required Partial None None
Windows CSC Service Information Disclosure Vulnerability
102 CVE-2021-28447 Bypass 2021-04-13 2021-04-21
2.1
None Local Low Not required None Partial None
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-27094.
103 CVE-2021-28446 2021-04-13 2021-04-20
2.1
None Local Low Not required Partial None None
Windows Portmapping Information Disclosure Vulnerability
104 CVE-2021-28443 DoS 2021-04-13 2021-04-20
2.1
None Local Low Not required None None Partial
Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28438.
105 CVE-2021-28441 2021-04-13 2021-04-21
2.1
None Local Low Not required Partial None None
Windows Hyper-V Information Disclosure Vulnerability
106 CVE-2021-28438 DoS 2021-04-13 2021-04-20
2.1
None Local Low Not required None None Partial
Windows Console Driver Denial of Service Vulnerability This CVE ID is unique from CVE-2021-28443.
107 CVE-2021-28437 2021-04-13 2021-04-19
2.1
None Local Low Not required Partial None None
Windows Installer Information Disclosure Vulnerability
108 CVE-2021-28435 2021-04-13 2021-04-16
2.1
None Local Low Not required Partial None None
Windows Event Tracing Information Disclosure Vulnerability
109 CVE-2021-28318 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows GDI+ Information Disclosure Vulnerability
110 CVE-2021-28317 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Microsoft Windows Codecs Library Information Disclosure Vulnerability
111 CVE-2021-28316 Bypass 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows WLAN AutoConfig Service Security Feature Bypass Vulnerability
112 CVE-2021-28309 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093.
113 CVE-2021-28168 732 2021-04-22 2021-06-17
2.1
None Local Low Not required Partial None None
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users.
114 CVE-2021-28150 20 2021-05-06 2021-05-13
2.1
None Local Low Not required Partial None None
Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi.
115 CVE-2021-28100 2021-03-23 2021-03-26
2.1
None Local Low Not required Partial None None
Priam uses File.createTempFile, which gives the permissions on that file -rw-r--r--. An attacker with read access to the local filesystem can read anything written there by the Priam process.
116 CVE-2021-28039 400 2021-03-05 2021-04-09
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.
117 CVE-2021-27941 863 2021-05-06 2021-05-14
2.1
None Local Low Not required Partial None None
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during a device pairing process.
118 CVE-2021-27908 732 2021-03-23 2021-03-27
2.1
None Local Low Not required Partial None None
In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application.
119 CVE-2021-27904 2021-03-02 2021-03-08
2.1
None Local Low Not required Partial None None
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
120 CVE-2021-27260 125 Exec Code +Info 2021-04-14 2021-04-23
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12068.
121 CVE-2021-27244 125 Exec Code +Info 2021-03-29 2021-04-27
2.1
None Local Low Not required Partial None None
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-11925.
122 CVE-2021-27205 312 2021-02-12 2021-02-14
2.1
None Local Low Not required Partial None None
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.
123 CVE-2021-27204 312 2021-02-12 2021-02-14
2.1
None Local Low Not required Partial None None
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
124 CVE-2021-27094 Bypass 2021-04-13 2021-04-16
2.1
None Local Low Not required None Partial None
Windows Early Launch Antimalware Driver Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-28447.
125 CVE-2021-27093 200 +Info 2021-04-13 2021-04-16
2.1
None Local Low Not required Partial None None
Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28309.
126 CVE-2021-27075 2021-03-11 2021-03-23
2.7
None Local Network Low ??? Partial None None
Azure Virtual Machine Information Disclosure Vulnerability
127 CVE-2021-26988 862 2021-03-04 2021-03-18
2.7
None Local Network Low ??? Partial None None
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a vulnerability which could allow unauthorized tenant users to discover information related to converting a 7-Mode directory to Cluster-mode such as Storage Virtual Machine (SVM) names, volume names, directory paths and Job IDs.
128 CVE-2021-26933 Bypass 2021-02-17 2021-04-11
2.1
None Local Low Not required Partial None None
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes (such as the ones during scrubbing) have reached the memory before handing over the page to a guest. Unfortunately, the operation to clean the cache is happening before checking if the page was scrubbed. Therefore there is no guarantee when all the writes will reach the memory.
129 CVE-2021-26917 2021-02-08 2021-02-16
2.1
None Local Low Not required Partial None None
** DISPUTED ** PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. NOTE: the discoverer states "security mitigation may not be necessary as there is no evidence yet that these screen intercepts are actually transported away from the local host." NOTE: it is unclear whether there are any common use cases in which apinotifypath is controlled by an attacker.
130 CVE-2021-26892 Bypass 2021-03-11 2021-03-23
2.1
None Local Low Not required None None Partial
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
131 CVE-2021-26884 200 +Info 2021-03-11 2021-03-13
2.1
None Local Low Not required Partial None None
Windows Media Photo Codec Information Disclosure Vulnerability
132 CVE-2021-26869 200 +Info 2021-03-11 2021-03-15
2.1
None Local Low Not required Partial None None
Windows ActiveX Installer Service Information Disclosure Vulnerability
133 CVE-2021-26718 863 Bypass 2021-04-01 2021-04-07
2.1
None Local Low Not required None Partial None
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker to disable anti-virus protection.
134 CVE-2021-26579 312 2021-03-30 2021-04-02
2.1
None Local Low Not required Partial None None
A security vulnerability in HPE Unified Data Management (UDM) could allow the local disclosure of privileged information (CWE-321: Use of Hard-coded Cryptographic Key in a product). HPE has provided updates to versions 1.2009.0 and 1.2101.0 of HPE Unified Data Management (UDM). Version 1.2103.0 of HPE Unified Data Management (UDM) removes all hard-coded cryptographic keys.
135 CVE-2021-26563 863 Exec Code 2021-02-26 2021-06-18
2.1
None Local Low Not required Partial None None
Incorrect authorization vulnerability in synoagentregisterd in Synology DiskStation Manager (DSM) before 6.2.4-25553 allows local users to execute arbitrary code via unspecified vectors.
136 CVE-2021-26550 312 2021-02-09 2021-02-11
2.1
None Local Low Not required Partial None None
An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml.
137 CVE-2021-26417 200 +Info 2021-04-13 2021-04-15
2.1
None Local Low Not required Partial None None
Windows Overlay Filter Information Disclosure Vulnerability
138 CVE-2021-26413 2021-04-13 2021-04-20
2.1
None Local Low Not required None Partial None
Windows Installer Spoofing Vulnerability
139 CVE-2021-26314 668 2021-06-09 2021-06-17
2.1
None Local Low Not required Partial None None
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage.
140 CVE-2021-26313 668 Exec Code Bypass 2021-06-09 2021-06-17
2.1
None Local Low Not required Partial None None
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage.
141 CVE-2021-26309 668 2021-05-11 2021-05-19
2.1
None Local Low Not required Partial None None
Information disclosure in the TeamCity plugin for IntelliJ before 2020.2.2.85899 was possible because a local temporary file had Insecure Permissions.
142 CVE-2021-26307 400 2021-01-29 2021-02-03
2.1
None Local Low Not required None None Partial
An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows __cpuid_count() calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash.
143 CVE-2021-25692 312 2021-04-06 2021-04-19
2.1
None Local Low Not required Partial None None
Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.
144 CVE-2021-25688 532 2021-02-11 2021-02-17
2.1
None Local Low Not required Partial None None
Under certain conditions, Teradici PCoIP Agents for Windows prior to version 20.10.0 and Teradici PCoIP Agents for Linux prior to version 21.01.0 may log parts of a user's password in the application logs.
145 CVE-2021-25675 369 2021-03-15 2021-03-18
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service.
146 CVE-2021-25674 476 2021-03-15 2021-03-18
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a NULL pointer deference condition could cause the application to terminate unexpectedly and must be restarted to restore the service.
147 CVE-2021-25645 312 2021-05-10 2021-05-24
2.1
None Local Low Not required Partial None None
An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past.
148 CVE-2021-25423 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.
149 CVE-2021-25422 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
150 CVE-2021-25421 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
Total number of vulnerabilities : 4561   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.