Total
7426 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22740 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause information to be exposed when an unauthorized file is uploaded. | |||||
| CVE-2021-22739 | 1 Schneider-electric | 4 Homelynk, Homelynk Firmware, Spacelynk and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Information Exposure vulnerability exists in homeLYnk (Wiser For KNX) and spaceLYnk V2.60 and prior which could cause a device to be compromised when it is first configured. | |||||
| CVE-2021-22728 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could cause disclosure of encrypted credentials when consulting the maintenance report. | |||||
| CVE-2021-22721 | 1 Schneider-electric | 12 Evlink City Evc1s22p4, Evlink City Evc1s22p4 Firmware, Evlink City Evc1s7p4 and 9 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-200: Information Exposure vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to get limited knowledge of javascript code when crafted malicious parameters are submitted to the charging station web server. | |||||
| CVE-2021-22172 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page | |||||
| CVE-2021-22135 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| Elasticsearch versions before 7.11.2 and 6.8.15 contain a document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view. | |||||
| CVE-2021-22036 | 1 Vmware | 2 Vrealize Automation, Vrealize Orchestrator | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domain due to improper path handling in vRealize Orchestrator leading to sensitive information disclosure. | |||||
| CVE-2021-21823 | 1 Komoot | 1 Komoot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information. | |||||
| CVE-2021-21817 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-21816 | 1 Dlink | 2 Dir-3040, Dir-3040 Firmware | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21733 | 1 Zte | 1 Zxcdn | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| The management system of ZXCDN is impacted by the information leak vulnerability. Attackers can make further analysis according to the information returned by the program, and then obtain some sensitive information. This affects ZXCDN V7.01 all versions up to IAMV7.01.01.02. | |||||
| CVE-2021-21621 | 1 Jenkins | 1 Support Core | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations. | |||||
| CVE-2021-21587 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders. | |||||
| CVE-2021-21584 | 1 Dell | 2 Openmanage Enterprise, Openmanage Enterprise-modular | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. | |||||
| CVE-2021-21537 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to view and exfiltrate sensitive information on the system. | |||||
| CVE-2021-21536 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to register the client to a server in order to view sensitive information. | |||||
| CVE-2021-21534 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain access to sensitive information via the local API. | |||||
| CVE-2021-21512 | 1 Dell | 1 Emc Powerprotect Cyber Recovery | 2024-11-21 | 3.6 LOW | 7.9 HIGH |
| Dell EMC PowerProtect Cyber Recovery, version 19.7.0.1, contains an Information Disclosure vulnerability. A locally authenticated high privileged Cyber Recovery user may potentially exploit this vulnerability leading to the takeover of the notification email account. | |||||
| CVE-2021-21469 | 1 Sap | 1 Netweaver Master Data Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When security guidelines for SAP NetWeaver Master Data Management running on windows have not been thoroughly reviewed, it might be possible for an external operator to try and set custom paths in the MDS server configuration. When no adequate protection has been enforced on any level (e.g., MDS Server password not set, network and OS configuration not properly secured, etc.), a malicious user might define UNC paths which could then be exploited to put the system at risk using a so-called SMB relay attack and obtain highly sensitive data, which leads to Information Disclosure. | |||||
| CVE-2021-21435 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.3 MEDIUM | 5.7 MEDIUM |
| Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions. | |||||