CWE:
 

Tytuł
Data
Autor
Med.
Zoom 5.4.3 (54779.1115) / 5.5.4 (13142.0301) Information Disclosure
23.03.2021
Matthias Deeg


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-11-30
Low
CVE-2021-42116

Vendor: Businessdnasolutions
Software: Topease
 

 

 
2021-11-24
Medium
CVE-2021-22957

Vendor: UI
Software: Unifi protect
 

 

 
Medium
CVE-2021-36917

Vendor: Wpwave
Software: Hide my wp
 

 
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.

 
Low
CVE-2021-42306

Vendor: Microsoft
Software: Azure active...
 

 
Azure Active Directory Information Disclosure Vulnerability

 
2021-11-23
Low
CVE-2021-38004

Vendor: Google
Software: Chrome
 

 
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

 
2021-11-22
Medium
CVE-2021-38376

Vendor: Open-xchange
Software: Ox app suite
 

 
OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.

 
Low
CVE-2021-38378

Vendor: Open-xchange
Software: Ox app suite
 

 
OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.

 
Medium
CVE-2021-43560

Vendor: Moodle
Software: Moodle
 

 
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events.

 
2021-11-20
Low
CVE-2021-36319

Vendor: DELL
Software: Networking os10
 

 
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages.

 
2021-11-19
Medium
CVE-2021-41532

Vendor: Apache
Software: Ozone
 

 
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top