Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24226 | 1 Accessally | 1 Accessally | 2021-04-16 | 5.0 MEDIUM | 7.5 HIGH |
| In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required. | |||||
| CVE-2021-27093 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-04-16 | 2.1 LOW | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28309. | |||||
| CVE-2021-28325 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-04-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28324. | |||||
| CVE-2021-28309 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-04-15 | 2.1 LOW | 5.5 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-27093. | |||||
| CVE-2021-28318 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-04-15 | 2.1 LOW | 5.5 MEDIUM |
| Windows GDI+ Information Disclosure Vulnerability | |||||
| CVE-2021-28317 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-04-15 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Windows Codecs Library Information Disclosure Vulnerability | |||||
| CVE-2021-28324 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2021-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| Windows SMB Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-28325. | |||||
| CVE-2021-27079 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-04-15 | 6.3 MEDIUM | 5.7 MEDIUM |
| Windows Media Photo Codec Information Disclosure Vulnerability | |||||
| CVE-2021-27067 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2021-04-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability | |||||
| CVE-2021-26417 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-04-15 | 2.1 LOW | 5.5 MEDIUM |
| Windows Overlay Filter Information Disclosure Vulnerability | |||||
| CVE-2008-3094 | 1 Organic Groups Project | 1 Organic Groups | 2021-04-15 | 4.3 MEDIUM | N/A |
| The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors. | |||||
| CVE-2021-3413 | 2 Redhat, Theforeman | 2 Satellite, Foreman Azurerm | 2021-04-14 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-24227 | 1 Patreon | 1 Patreon Wordpress | 2021-04-14 | 5.0 MEDIUM | 7.5 HIGH |
| The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies. | |||||
| CVE-2018-7675 | 1 Microfocus | 1 Sentinel | 2021-04-13 | 3.5 LOW | 5.3 MEDIUM |
| In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the Sentinel Web Interface. After performing some tasks within Sentinel the user does not log out but does go idle for a period of time. This in turn causes the interface to timeout so that it requires the user to re-authenticate. If another user is passing by and decides to login, their credentials are accepted. While The user does not inherit any of the other users privileges, they are able to view the previous screen. In this case it is possible that the user can see another users events or configuration information for whatever view is currently showing. | |||||
| CVE-2018-7686 | 1 Microfocus | 1 Edirectory | 2021-04-13 | 5.0 MEDIUM | 7.5 HIGH |
| Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. | |||||
| CVE-2021-24170 | 1 Cozmoslabs | 1 User Profile Picture | 2021-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| The REST API endpoint get_users in the User Profile Picture WordPress plugin before 2.5.0 returned more information than was required for its functionality to users with the upload_files capability. This included password hashes, hashed user activation keys, usernames, emails, and other less sensitive information. | |||||
| CVE-2014-5215 | 1 Microfocus | 1 Access Manager | 2021-04-09 | 4.0 MEDIUM | N/A |
| NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote authenticated administrators to discover service-account passwords via a request to (1) roma/jsp/volsc/monitoring/dev_services.jsp or (2) roma/jsp/debug/debug.jsp. | |||||
| CVE-2021-24167 | 1 Web-stat | 1 Web-stat | 2021-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| When visiting a site running Web-Stat < 1.4.0, the "wts_web_stat_load_init" function used the visitor’s browser to send an XMLHttpRequest request to https://wts2.one/ajax.htm?action=lookup_WP_account. | |||||
| CVE-2007-5439 | 1 Broadcom | 1 Etrust Integrated Threat Management | 2021-04-09 | 5.0 MEDIUM | N/A |
| CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 stores sensitive user information in log files with predictable names, which allows remote attackers to obtain this information via unspecified vectors. | |||||
| CVE-2020-27946 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory. | |||||