Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-668
Total 688 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-35215 1 Atomix 1 Atomix 2021-12-21 4.0 MEDIUM 6.5 MEDIUM
An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.
CVE-2021-45097 1 Knime 1 Knime Server 2021-12-20 2.1 LOW 5.5 MEDIUM
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.
CVE-2021-1045 1 Google 1 Android 2021-12-20 5.0 MEDIUM 7.5 HIGH
Product: AndroidVersions: Android kernelAndroid ID: A-195580473References: N/A
CVE-2021-41065 1 Bopsoft 1 Listary 2021-12-20 4.4 MEDIUM 7.3 HIGH
An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds).
CVE-2021-39646 1 Google 1 Android 2021-12-17 5.0 MEDIUM 7.5 HIGH
Product: AndroidVersions: Android kernelAndroid ID: A-201537251References: N/A
CVE-2021-0986 1 Google 1 Android 2021-12-17 2.1 LOW 5.5 MEDIUM
In hasGrantedPolicy of DevicePolicyManagerService.java, there is a possible information disclosure about the device owner, profile owner, or device admin due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192247339
CVE-2021-0978 1 Google 1 Android 2021-12-17 2.1 LOW 3.3 LOW
In getSerialForPackage of DeviceIdentifiersPolicyService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-192587406
CVE-2021-44523 1 Siemens 2 Sipass Integrated, Siveillance Identity 2021-12-17 6.4 MEDIUM 9.1 CRITICAL
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.
CVE-2021-44522 1 Siemens 2 Sipass Integrated, Siveillance Identity 2021-12-16 5.0 MEDIUM 7.5 HIGH
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.
CVE-2021-39915 1 Gitlab 1 Gitlab 2021-12-15 5.0 MEDIUM 5.3 MEDIUM
Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to see the names of project access tokens on arbitrary projects
CVE-2021-22568 1 Dart 1 Dart Software Development Kit 2021-12-14 6.0 MEDIUM 8.8 HIGH
When using the dart pub publish command to publish a package to a third-party package server, the request would be authenticated with an oauth2 access_token that is valid for publishing on pub.dev. Using these obtained credentials, an attacker can impersonate the user on pub.dev. We recommend upgrading past https://github.com/dart-lang/sdk/commit/d787e78d21e12ec1ef712d229940b1172aafcdf8 or beyond version 2.15.0
CVE-2021-38505 2 Microsoft, Mozilla 4 Windows 10, Firefox, Firefox Esr and 1 more 2021-12-10 4.3 MEDIUM 6.5 MEDIUM
Microsoft introduced a new feature in Windows 10 known as Cloud Clipboard which, if enabled, will record data copied to the clipboard to the cloud, and make it available on other computers in certain scenarios. Applications that wish to prevent copied data from being recorded in Cloud History must use specific clipboard formats; and Firefox before versions 94 and ESR 91.3 did not implement them. This could have caused sensitive data to be recorded to a user's Microsoft account. *This bug only affects Firefox for Windows 10+ with Cloud Clipboard enabled. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
CVE-2021-40288 1 Tp-link 2 Archer Ax10, Archer Ax10 Firmware 2021-12-10 7.8 HIGH 7.5 HIGH
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames
CVE-2021-36198 1 Johnsoncontrols 1 Kantech Entrapass 2021-12-07 5.0 MEDIUM 7.5 HIGH
Successful exploitation of this vulnerability could allow an unauthorized user to access sensitive data.
CVE-2021-23264 1 Craftercms 1 Crafter Cms 2021-12-03 6.4 MEDIUM 9.1 CRITICAL
Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.
CVE-2021-42254 1 Beyondtrust 1 Privilege Management For Windows 2021-11-24 7.2 HIGH 7.8 HIGH
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.
CVE-2021-36319 1 Dell 1 Networking Os10 2021-11-23 2.1 LOW 3.3 LOW
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.
CVE-2021-26327 1 Amd 40 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 37 more 2021-11-19 2.1 LOW 5.5 MEDIUM
Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality.
CVE-2020-12488 1 Vivo 1 Jovi Smart Scene 2021-11-15 2.1 LOW 5.5 MEDIUM
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.
CVE-2019-14905 3 Fedoraproject, Opensuse, Redhat 8 Fedora, Backports Sle, Leap and 5 more 2021-11-02 4.6 MEDIUM 5.6 MEDIUM
A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craft the filename parameter to perform OS command injections. This could result in a loss of confidentiality of the system among other issues.