Export limit exceeded: 10050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10050 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36793 | 1 Routes Project | 1 Routes | 2024-11-21 | 7.5 High |
| The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output. | ||||
| CVE-2021-36749 | 1 Apache | 1 Druid | 2024-11-21 | 6.5 Medium |
| In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1. | ||||
| CVE-2021-36723 | 1 Emuse - Eservices \/ Envoice Project | 1 Emuse - Eservices \/ Envoice | 2024-11-21 | 6.1 Medium |
| Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service. | ||||
| CVE-2021-36341 | 1 Dell | 1 Wyse Device Agent | 2024-11-21 | 5.5 Medium |
| Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information. | ||||
| CVE-2021-36198 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-11-21 | 8.3 High |
| Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data. | ||||
| CVE-2021-36192 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 5.2 Medium |
| An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiManager 7.0.1 and below, 6.4.6 and below, 6.2.x, 6.0.x, 5.6.0 may allow a FortiGate user to see scripts from other ADOMS. | ||||
| CVE-2021-36151 | 1 Apache | 1 Gobblin | 2024-11-21 | 5.5 Medium |
| In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. | ||||
| CVE-2021-36096 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.2 Medium |
| Generated Support Bundles contains private S/MIME and PGP keys if containing folder is not hidden. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions. | ||||
| CVE-2021-36095 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.3 Medium |
| Malicious attacker is able to find out valid user logins by using the "lost password" feature. This issue affects: OTRS AG ((OTRS)) Community Edition version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. | ||||
| CVE-2021-36091 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 Low |
| Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG ((OTRS)) Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27. | ||||
| CVE-2021-35936 | 1 Apache | 1 Airflow | 2024-11-21 | 5.3 Medium |
| If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2. | ||||
| CVE-2021-35527 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 7.5 High |
| Password autocomplete vulnerability in the web application password field of Hitachi ABB Power Grids eSOMS allows attacker to gain access to user credentials that are stored by the browser. This issue affects: Hitachi ABB Power Grids eSOMS version 6.3 and prior versions. | ||||
| CVE-2021-35477 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. | ||||
| CVE-2021-35080 | 1 Qualcomm | 50 Qcm2290, Qcm2290 Firmware, Qcm4290 and 47 more | 2024-11-21 | 6.5 Medium |
| Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | ||||
| CVE-2021-35070 | 1 Qualcomm | 18 Qcm6125, Qcm6125 Firmware, Qcs6125 and 15 more | 2024-11-21 | 6.5 Medium |
| RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile | ||||
| CVE-2021-34774 | 1 Cisco | 1 Common Services Platform Collector | 2024-11-21 | 4.9 Medium |
| A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to a specific API request. An attacker could exploit the vulnerability by sending a crafted HTTP request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the users of the application, including security questions and answers. To exploit this vulnerability an attacker would need valid Administrator credentials. Cisco expects to release software updates that address this vulnerability. | ||||
| CVE-2021-34771 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.5 Medium |
| A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by running a specific command. A successful exploit could allow the attacker to view sensitive configuration information that their privileges might not otherwise allow them to access. | ||||
| CVE-2021-34707 | 1 Cisco | 1 Evolved Programmable Network Manager | 2024-11-21 | 6.5 Medium |
| A vulnerability in the REST API of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to access sensitive data on an affected system. This vulnerability exists because the application does not sufficiently protect sensitive data when responding to an API request. An attacker could exploit the vulnerability by sending a specific API request to the affected application. A successful exploit could allow the attacker to obtain sensitive information about the application. | ||||
| CVE-2021-34702 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 4.3 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker with read-only administrator access to the web-based management interface could exploit this vulnerability by browsing to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | ||||
| CVE-2021-34693 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. | ||||