Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2021-04-30 CVE-2021-21534 Information Exposure vulnerability in Dell Hybrid Client 1.0/1.1/1.1.01
Dell Hybrid Client versions prior to 1.5 contain an information exposure vulnerability.
local
low complexity
dell CWE-200
3.3
2021-04-28 CVE-2021-31815 Cleartext Transmission of Sensitive Information vulnerability in Google Google/Apple Exposure Notifications 20210427
GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties.
local
low complexity
google CWE-319
3.3
2021-04-27 CVE-2021-21429 Unspecified vulnerability in Openapi-Generator Openapi Generator
OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec.
local
low complexity
openapi-generator
3.3
2021-04-26 CVE-2021-29473 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata.
local
high complexity
exiv2 fedoraproject debian
2.5
2021-04-23 CVE-2021-31403 Information Exposure Through Discrepancy vulnerability in Vaadin
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack
local
high complexity
vaadin CWE-203
2.5
2021-04-23 CVE-2021-31404 Information Exposure Through Discrepancy vulnerability in Vaadin Flow
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack.
local
high complexity
vaadin CWE-203
2.5
2021-04-23 CVE-2021-31406 Information Exposure Through Discrepancy vulnerability in Vaadin
Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack.
local
high complexity
vaadin CWE-203
2.5
2021-04-23 CVE-2021-26908 Information Exposure Through Log Files vulnerability in Automox
Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program.
local
low complexity
automox CWE-532
3.3
2021-04-22 CVE-2021-24242 Unspecified vulnerability in Themeum Tutor LMS
The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file
network
low complexity
themeum
3.8
2021-04-15 CVE-2021-30487 Unspecified vulnerability in Zulip Server 3.0/3.1
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
network
low complexity
zulip
2.7