Total
3604 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37417 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. | |||||
| CVE-2021-37414 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | |||||
| CVE-2021-37172 | 1 Siemens | 10 Cpu 1211c, Cpu 1212c, Cpu 1212fc and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device. | |||||
| CVE-2021-37123 | 1 Huawei | 2 Hero-ct060, Hero-ct060 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do. | |||||
| CVE-2021-37100 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. | |||||
| CVE-2021-37054 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2021-37043 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious application processes occupy system resources. | |||||
| CVE-2021-36949 | 1 Microsoft | 2 Azure Active Directory Connect, Azure Active Directory Connect Provisioning Agent | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
| Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | |||||
| CVE-2021-36921 | 1 Monitorapp | 2 Application Insight Manager, Application Insight Web Application Firewall | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying the response to an authentication check request. | |||||
| CVE-2021-36718 | 1 Synel | 2 Eharmonynew, Synel Reports | 2024-11-21 | 6.8 MEDIUM | 6.1 MEDIUM |
| SYNEL - eharmonynew / Synel Reports - The attacker can log in to the system with default credentials and export a report of eharmony system with sensetive data (Employee name, Employee ID number, Working hours etc') The vulnerabilety has been addressed and fixed on version 11. Default credentials , Security miscommunication , Sensetive data exposure vulnerability in Synel Reports of SYNEL eharmonynew, Synel Reports allows an attacker to log into the system with default credentials. This issue affects: SYNEL eharmonynew, Synel Reports 8.0.2 version 11 and prior versions. | |||||
| CVE-2021-36460 | 1 Veryfitpro Project | 1 Veryfitpro | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user's account, rendering the benefits of storing hashed passwords in the database useless. | |||||
| CVE-2021-36370 | 1 Midnight-commander | 1 Midnight Commander | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. | |||||
| CVE-2021-36368 | 2 Debian, Openbsd | 2 Debian Linux, Openssh | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed. | |||||
| CVE-2021-36350 | 1 Dell | 1 Powerscale Onefs | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. | |||||
| CVE-2021-36308 | 1 Dell | 1 Networking Os10 | 2024-11-21 | 9.3 HIGH | 5.9 MEDIUM |
| Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. | |||||
| CVE-2021-36306 | 1 Dell | 1 Networking Os10 | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. | |||||
| CVE-2021-35964 | 1 Learningdigital | 1 Orca Hcm | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content. | |||||
| CVE-2021-35943 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513. | |||||
| CVE-2021-35296 | 1 Ptcl | 2 Hg150-ub, Hg150-ub Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. | |||||
| CVE-2021-35252 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | N/A | 7.5 HIGH |
| Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext. | |||||