Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2021-05-07 CVE-2021-31467 Unspecified vulnerability in Foxitsoftware 3D
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.3.37598.
local
low complexity
foxitsoftware
3.3
2021-05-07 CVE-2021-31469 Unspecified vulnerability in Foxitsoftware 3D
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader 10.1.1.37576.
local
low complexity
foxitsoftware
3.3
2021-05-05 CVE-2021-25317 A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content.
local
low complexity
suse fedoraproject
3.3
2021-04-30 CVE-2021-21544 Improper Authentication vulnerability in Dell Idrac9 Firmware
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability.
network
low complexity
dell CWE-287
2.7
2021-04-30 CVE-2021-21534 Information Exposure vulnerability in Dell Hybrid Client 1.0/1.1/1.1.01
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability.
local
low complexity
dell CWE-200
3.3
2021-04-28 CVE-2021-31815 Cleartext Transmission of Sensitive Information vulnerability in Google Google/Apple Exposure Notifications 20210427
GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties.
local
low complexity
google CWE-319
3.3
2021-04-27 CVE-2021-21429 Unspecified vulnerability in Openapi-Generator Openapi Generator
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec.
local
low complexity
openapi-generator
3.3
2021-04-26 CVE-2021-29473 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata.
local
high complexity
exiv2 fedoraproject debian
2.5
2021-04-23 CVE-2021-31403 Information Exposure Through Discrepancy vulnerability in Vaadin
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack
local
high complexity
vaadin CWE-203
2.5
2021-04-23 CVE-2021-31404 Information Exposure Through Discrepancy vulnerability in Vaadin Flow
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack.
local
high complexity
vaadin CWE-203
2.5