Vulnerabilities > Information Exposure
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-01 | CVE-2021-25122 | Information Exposure vulnerability in multiple products When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. | 7.5 |
| 2021-02-26 | CVE-2021-26566 | Information Exposure vulnerability in Synology products Insertion of sensitive information into sent data vulnerability in synorelayd in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows man-in-the-middle attackers to execute arbitrary commands via inbound QuickConnect traffic. | 9.0 |
| 2021-02-26 | CVE-2020-28199 | Information Exposure vulnerability in Bestit Amazon PAY best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized Actor. | 9.1 |
| 2021-02-24 | CVE-2021-21621 | Information Exposure vulnerability in Jenkins Support Core Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations. | 5.3 |
| 2021-02-24 | CVE-2021-20656 | Information Exposure vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.0/6.00 Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors. | 4.3 |
| 2021-02-23 | CVE-2021-21323 | Information Exposure vulnerability in Brave Brave is an open source web browser with a focus on privacy and security. | 5.3 |
| 2021-02-23 | CVE-2021-20256 | Information Exposure vulnerability in Redhat Satellite 6.0 A flaw was found in Red Hat Satellite. | 5.3 |
| 2021-02-23 | CVE-2021-26593 | Information Exposure vulnerability in Rangerstudio Directus In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/{id}. | 7.5 |
| 2021-02-23 | CVE-2020-4953 | Information Exposure vulnerability in IBM Planning Analytics 2.0 IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. | 4.3 |
| 2021-02-23 | CVE-2020-29075 | Information Exposure vulnerability in Adobe products Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. | 6.5 |