Vulnerabilities > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2021-31406 | Information Exposure Through Discrepancy vulnerability in Vaadin Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack. | 2.5 |
| 2021-04-23 | CVE-2021-26908 | Information Exposure Through Log Files vulnerability in Automox Automox Agent prior to version 31 logs potentially sensitive information in local log files, which could be used by a locally-authenticated attacker to subvert an organization's security program. | 3.3 |
| 2021-04-22 | CVE-2021-24242 | Unspecified vulnerability in Themeum Tutor LMS The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file | 3.8 |
| 2021-04-15 | CVE-2021-30487 | Unspecified vulnerability in Zulip Server 3.0/3.1 In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation. | 2.7 |
| 2021-04-15 | CVE-2021-26076 | Unspecified vulnerability in Atlassian products The jira.editor.user.mode cookie set by the Jira Editor Plugin in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.0 allows remote anonymous attackers who can perform an attacker in the middle attack to learn which mode a user is editing in due to the cookie not being set with a secure attribute if Jira was configured to use https. | 3.7 |
| 2021-04-14 | CVE-2021-27260 | Unspecified vulnerability in Parallels Desktop 16.0.1 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. | 3.2 |
| 2021-04-14 | CVE-2021-25316 | Unspecified vulnerability in Suse S390-Tools 2.1.018.29.1 A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. | 3.3 |
| 2021-04-09 | CVE-2021-25379 | Unspecified vulnerability in Samsung Gallery Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. | 3.3 |
| 2021-04-09 | CVE-2021-25364 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0 A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. | 3.3 |
| 2021-04-09 | CVE-2021-25359 | Incorrect Default Permissions vulnerability in Google Android 10.0/11.0 An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications. | 3.3 |