Total
6955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9849 | 1 Apple | 6 Icloud, Ipados, Itunes and 3 more | 2021-03-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory. | |||||
| CVE-2018-12438 | 1 Libsunec Project | 1 Libsunec | 2021-03-09 | 1.9 LOW | 4.9 MEDIUM |
| The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | |||||
| CVE-2018-12433 | 1 Cryptlib | 1 Cryptlib | 2021-03-09 | 1.9 LOW | 4.9 MEDIUM |
| ** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model. | |||||
| CVE-2017-15709 | 1 Apache | 1 Activemq | 2021-03-05 | 4.3 MEDIUM | 3.7 LOW |
| When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 it was found that certain system details (such as the OS and kernel version) are exposed as plain text. | |||||
| CVE-2020-28199 | 1 Bestit | 1 Amazon Pay | 2021-03-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor. | |||||
| CVE-2021-24079 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2021-03-04 | 2.1 LOW | 5.5 MEDIUM |
| Windows Backup Engine Information Disclosure Vulnerability | |||||
| CVE-2021-24076 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Server 2012 and 2 more | 2021-03-04 | 2.1 LOW | 5.5 MEDIUM |
| Microsoft Windows VMSwitch Information Disclosure Vulnerability | |||||
| CVE-2021-24100 | 1 Microsoft | 1 Edge | 2021-03-04 | 2.6 LOW | 4.4 MEDIUM |
| Microsoft Edge for Android Information Disclosure Vulnerability | |||||
| CVE-2021-24084 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-03-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| Windows Mobile Device Management Information Disclosure Vulnerability | |||||
| CVE-2021-24101 | 1 Microsoft | 1 Dynamics 365 | 2021-03-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft Dataverse Information Disclosure Vulnerability | |||||
| CVE-2021-24114 | 1 Microsoft | 1 Teams | 2021-03-03 | 3.5 LOW | 5.7 MEDIUM |
| Microsoft Teams iOS Information Disclosure Vulnerability | |||||
| CVE-2021-24106 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-03-03 | 2.1 LOW | 5.5 MEDIUM |
| Windows DirectX Information Disclosure Vulnerability | |||||
| CVE-2021-1734 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-03-03 | 5.0 MEDIUM | 7.5 HIGH |
| Windows Remote Procedure Call Information Disclosure Vulnerability | |||||
| CVE-2021-24071 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2021-03-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Microsoft SharePoint Information Disclosure Vulnerability | |||||
| CVE-2020-11281 | 1 Qualcomm | 694 Aqt1000, Aqt1000 Firmware, Ar8031 and 691 more | 2021-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-26593 | 1 Rangerstudio | 1 Directus | 2021-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. For each call, they get in response a lot of information about the user (such as email address, first name, and last name) but also the secret for 2FA if one exists. This secret can be regenerated. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-27583 | 1 Rangerstudio | 1 Directus | 2021-03-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-20656 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2021-03-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors. | |||||
| CVE-2021-21323 | 1 Brave | 1 Brave | 2021-03-01 | 4.3 MEDIUM | 5.3 MEDIUM |
| Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108 | |||||
| CVE-2020-4953 | 1 Ibm | 1 Planning Analytics | 2021-02-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029. | |||||