CVSS: 6.5EPSS: 0%CPEs: 46EXPL: 0CVE-2021-3791
https://notcve.org/view.php?id=CVE-2021-3791
12 Nov 2021 — An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password. • https://binatoneglobal.com/security-advisory • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.6EPSS: 0%CPEs: 46EXPL: 0CVE-2021-3789
https://notcve.org/view.php?id=CVE-2021-3789
12 Nov 2021 — An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access to obtain the encryption key used to decrypt firmware update packages. • https://binatoneglobal.com/security-advisory • CWE-326: Inadequate Encryption Strength CWE-522: Insufficiently Protected Credentials •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3720
https://notcve.org/view.php?id=CVE-2021-3720
12 Nov 2021 — An information disclosure vulnerability was reported in the Time Weather system widget on Legion Phone Pro (L79031) and Legion Phone2 Pro (L70081) that could allow other applications to access device GPS data. • https://iknow.lenovo.com.cn/detail/dc_199217.html • CWE-276: Incorrect Default Permissions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43576 – Jenkins pom2config XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-43576
12 Nov 2021 — Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. El plugin Jenkins pom2config versiones 1.2 y anteriores, no configura su analizador XML para prevenir ataques de entidad externa XML (XXE), permitiendo a atacantes con perm... • http://www.openwall.com/lists/oss-security/2021/11/12/1 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21701 – Jenkins Performance XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-21701
12 Nov 2021 — Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Jenkins Performance Plugin versiones 3.20 y anteriores, no configuran su analizador XML para prevenir ataques de tipo XML external entity (XXE) This vulnerability allows remote attackers to disclose sensitive information on affected installations of Jenkins Performance. Authentication is required to exploit this vulnerability. The specific flaw exists within the TaurusParser class. Due... • http://www.openwall.com/lists/oss-security/2021/11/12/1 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 0%CPEs: 634EXPL: 0CVE-2021-1924
https://notcve.org/view.php?id=CVE-2021-1924
12 Nov 2021 — Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Una revelación de información mediante canales laterales de tiempo y energía durante la exponenciación de mods para RSA-CRT ... • https://www.qualcomm.com/company/product-security/bulletins/november-2021-bulletin • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 0CVE-2021-40503
https://notcve.org/view.php?id=CVE-2021-40503
10 Nov 2021 — An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to obtain an equivalent of the user’s password. With this highly sensitive data leaked, the attacker would be able to logon to the backend system the SAP GUI for Windows was connected to and launch further attacks depending on the authorizations of the user. • https://launchpad.support.sap.com/#/notes/3080106 • CWE-522: Insufficiently Protected Credentials •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42323 – Azure RTOS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-42323
10 Nov 2021 — Azure RTOS Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información en Azure RTOS. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42323 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42301 – Azure RTOS Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-42301
10 Nov 2021 — Azure RTOS Information Disclosure Vulnerability Azure RTOS Una vulnerabilidad de Divulgación de Información. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42301 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41376 – Azure Sphere Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2021-41376
10 Nov 2021 — Azure Sphere Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información en Azure Sphere. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41376 •