Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-668
Total 428 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44717 2 Golang, Opengroup 2 Go, Unix 2022-01-21 5.8 MEDIUM 4.8 MEDIUM
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.
CVE-2021-42067 1 Sap 2 Netweaver Abap, Netweaver Application Server For Abap 2022-01-21 4.0 MEDIUM 4.3 MEDIUM
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.
CVE-2021-38931 6 Hp, Ibm, Linux and 3 more 7 Hp-ux, Aix, Db2 and 4 more 2022-01-21 4.0 MEDIUM 6.5 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.
CVE-2021-45116 1 Djangoproject 1 Django 2022-01-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key.
CVE-2022-21964 1 Microsoft 1 Windows 10 2022-01-20 4.9 MEDIUM 5.5 MEDIUM
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability.
CVE-2021-29701 3 Ibm, Linux, Microsoft 4 Engineering Workflow Management, Rational Team Concert, Linux Kernel and 1 more 2022-01-20 4.0 MEDIUM 4.3 MEDIUM
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657.
CVE-2021-1037 1 Google 1 Android 2022-01-20 5.0 MEDIUM 5.3 MEDIUM
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-162951906
CVE-2021-39633 1 Google 1 Android 2022-01-19 2.1 LOW 5.5 MEDIUM
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel
CVE-2022-21915 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2022-01-19 4.0 MEDIUM 6.5 MEDIUM
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880.
CVE-2022-21904 1 Microsoft 9 Windows 10, Windows 7, Windows 8.1 and 6 more 2022-01-19 5.0 MEDIUM 7.5 HIGH
Windows GDI Information Disclosure Vulnerability.
CVE-2021-30314 1 Qualcomm 148 Qca6390, Qca6390 Firmware, Qca6391 and 145 more 2022-01-18 2.1 LOW 5.5 MEDIUM
Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-20620 1 Jenkins 1 Ssh Agent 2022-01-18 4.0 MEDIUM 4.3 MEDIUM
Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2022-21880 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2022-01-18 7.8 HIGH 7.5 HIGH
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21915.
CVE-2021-37967 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-15 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
CVE-2021-38004 1 Google 1 Chrome 2022-01-15 4.3 MEDIUM 4.3 MEDIUM
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-37965 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-15 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-38009 1 Google 1 Chrome 2022-01-15 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-37968 2 Fedoraproject, Google 2 Fedora, Chrome 2022-01-15 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2021-39628 1 Google 1 Android 2022-01-14 2.1 LOW 3.3 LOW
In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-189575031
CVE-2021-42749 1 Fastlinemedia 1 Beaver Themer 2022-01-14 5.0 MEDIUM 5.3 MEDIUM
In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives. Exploitation requires that a Themer layout is applied to the archives, and that the post excerpt field is not set.