Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-30 | CVE-2021-21534 | Information Exposure vulnerability in Dell Hybrid Client 1.0/1.1/1.1.01 Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability. | 3.3 |
| 2021-04-28 | CVE-2021-31815 | Cleartext Transmission of Sensitive Information vulnerability in Google Google/Apple Exposure Notifications 20210427 GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties. | 3.3 |
| 2021-04-27 | CVE-2021-21429 | Unspecified vulnerability in Openapi-Generator Openapi Generator OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. | 3.3 |
| 2021-04-26 | CVE-2021-29473 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. | 2.5 |
| 2021-04-23 | CVE-2021-31403 | Information Exposure Through Discrepancy vulnerability in Vaadin Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack | 2.5 |
| 2021-04-23 | CVE-2021-31404 | Information Exposure Through Discrepancy vulnerability in Vaadin Flow Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack. | 2.5 |
| 2021-04-23 | CVE-2021-31406 | Information Exposure Through Discrepancy vulnerability in Vaadin Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack. | 2.5 |
| 2021-04-23 | CVE-2021-26908 | Information Exposure Through Log Files vulnerability in Automox Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. | 3.3 |
| 2021-04-22 | CVE-2021-24242 | Unspecified vulnerability in Themeum Tutor LMS The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file | 3.8 |
| 2021-04-15 | CVE-2021-30487 | Unspecified vulnerability in Zulip Server 3.0/3.1 In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation. | 2.7 |