CWE:
 

Topic
Date
Author
High
SmartFoxServer 2X 2.17.0 Credential Disclosure
08.02.2021
LiquidWorm
Med.
URVE Software Build 24.03.2020 Information Disclosure
30.12.2020
Erik Steltzner
High
Brickcom 100ap Series Authentication Bypass / CSRF
13.06.2013
Eliezer Varade Lopez


CVEMAP Search Results

CVE
Details
Description
2021-02-23
Medium
CVE-2021-26595

Vendor: Rangerstudio
Software: Directus
 

 
** UNSUPPORTED WHEN ASSIGNED ** In Directus 8.x through 8.8.1, an attacker can learn sensitive information such as the version of the CMS, the PHP version used by the site, and the name of the DBMS, simply by view the result of the api-aa, called automatically upon a connection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

 
Low
CVE-2021-23827

Updating...
 

 
Keybase Desktop Client before 5.6.0 on Windows and macOS, and before 5.6.1 on Linux, allows an attacker to obtain potentially sensitive media (such as private pictures) in the Cache and uploadtemps directories. It fails to effectively clear cached pictures, even after deletion via normal methodology within the client, or by utilizing the "Explode message/Explode now" functionality. Local filesystem access is needed by the attacker.

 
2021-02-22
Medium
CVE-2021-27549

Vendor: Genymobile
Software: Genymotion d...
 

 
** DISPUTED ** Genymotion Desktop through 3.2.0 leaks the host's clipboard data to the Android application by default. NOTE: the vendor's position is that this is intended behavior that can be changed through the Settings > Device screen.

 
2021-02-19
Low
CVE-2020-36248

Vendor: Owncloud
Software: Owncloud
 

 
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.

 
2021-02-17
Low
CVE-2020-24491

Vendor: Intel
Software: Core i3
 

 
Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access.

 
2021-02-16
Low
CVE-2021-27233

Vendor: Mutare
Software: Voice
 

 
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. On the admin portal of the web application, password information for external systems is visible in cleartext. The Settings.asp page is affected by this issue.

 
2021-02-13
Low
CVE-2021-27210

Updating...
 

 
TP-Link Archer C5v 1.7_181221 devices allows remote attackers to retrieve cleartext credentials via [USER_CFG#0,0,0,0,0,0#0,0,0,0,0,0]0,0 to the /cgi?1&5 URI.

 
2021-02-12
Low
CVE-2021-20408

Updating...
 

 
IBM Security Verify Information Queue 1.0.6 and 1.0.7 could disclose highly sensitive information to a local user due to inproper storage of a plaintext cryptographic key. IBM X-Force ID: 198187.

 
Low
CVE-2021-27204

Updating...
 

 
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.

 
Low
CVE-2021-27205

Updating...
 

 
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top