Total
9127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39008 | 1 Ibm | 1 Qradar Wincollect | 2024-11-21 | N/A | 2.7 LOW |
| IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551. | |||||
| CVE-2021-39000 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to obtain sensitive information by inclusion of sensitive data within diagnostics. IBM X-Force ID: 213215. | |||||
| CVE-2021-38999 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM MQ Appliance could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. | |||||
| CVE-2021-38960 | 1 Ibm | 6 Power Hardware Management Console \(7063-cr2\), Power Hardware Management Console \(7063-cr2\) Firmware, Power System Ac922 \(8335-gth\) and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. | |||||
| CVE-2021-38956 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system. IBM X-Force ID: 212038 | |||||
| CVE-2021-38901 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. | |||||
| CVE-2021-38859 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | N/A | 4.3 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899. | |||||
| CVE-2021-38314 | 1 Redux | 1 Gutenberg Template Library \& Redux Framework | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress registered several AJAX actions available to unauthenticated users in the `includes` function in `redux-core/class-redux-core.php` that were unique to a given site but deterministic and predictable given that they were based on an md5 hash of the site URL with a known salt value of '-redux' and an md5 hash of the previous hash with a known salt value of '-support'. These AJAX actions could be used to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of site’s `AUTH_KEY` concatenated with the `SECURE_AUTH_KEY`. | |||||
| CVE-2021-37939 | 1 Elastic | 1 Kibana | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to create connectors, could utilize these connectors to view limited HTTP response data on hosts accessible to the cluster. | |||||
| CVE-2021-37935 | 1 Huntflow | 1 Huntflow Enterprise | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability in the login page of Huntflow Enterprise before 3.10.4 could allow an unauthenticated, remote user to get information about the domain name of the configured LDAP server. An attacker could exploit this vulnerability by requesting the login page and searching for the "isLdap" JavaScript parameter in the HTML source code. | |||||
| CVE-2021-37867 | 1 Mattermost | 1 Mattermost Boards | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Mattermost Boards plugin v0.10.0 and earlier fails to protect email addresses of all users via one of the Boards APIs, which allows authenticated and unauthorized users to access this information resulting in sensitive & private information disclosure. | |||||
| CVE-2021-37704 | 1 Phpfastcache | 1 Phpfastcache | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
| PhpFastCache is a high-performance backend cache system (packagist package phpfastcache/phpfastcache). In versions before 6.1.5, 7.1.2, and 8.0.7 the `phpinfo()` can be exposed if the `/vendor` is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule (.htaccess, etc). Only the v6, v7 and v8 will be patched respectively in 8.0.7, 7.1.2, 6.1.5. Older versions such as v5, v4 are not longer supported and will **NOT** be patched. As a workaround, protect the `/vendor` directory from public access. | |||||
| CVE-2021-37703 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta5, a user's read state for a topic such as the last read post number and the notification level is exposed. | |||||
| CVE-2021-37629 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled. | |||||
| CVE-2021-37326 | 1 Netsarang | 1 Xshell | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. | |||||
| CVE-2021-37125 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause confidentiality is affected. | |||||
| CVE-2021-37067 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality impacted. | |||||
| CVE-2021-37010 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. | |||||
| CVE-2021-36793 | 1 Routes Project | 1 Routes | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output. | |||||
| CVE-2021-36723 | 1 Emuse - Eservices \/ Envoice Project | 1 Emuse - Eservices \/ Envoice | 2024-11-21 | 5.0 MEDIUM | 6.1 MEDIUM |
| Emuse - eServices / eNvoice Exposure Of Private Personal Information due to lack of identification mechanisms and predictable IDs an attacker can scrape all the files on the service. | |||||