Total
3710 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39872 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. | |||||
| CVE-2021-39296 | 1 Openbmc-project | 1 Openbmc | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. | |||||
| CVE-2021-39215 | 1 8x8 | 1 Jitsi Meet | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating. | |||||
| CVE-2021-39177 | 1 Geysermc | 1 Geyser | 2024-11-21 | 7.5 HIGH | 7.4 HIGH |
| Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch for the issue. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-39165 | 1 Chachethq | 1 Cachet | 2024-11-21 | 5.0 MEDIUM | 8.1 HIGH |
| Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected. | |||||
| CVE-2021-39064 | 2 Ibm, Linux | 2 Spectrum Copy Data Management, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID: 214957. | |||||
| CVE-2021-38688 | 1 Qnap | 1 Qfile | 2024-11-21 | 5.0 MEDIUM | 7.1 HIGH |
| An improper authentication vulnerability has been reported to affect Android App Qfile. If exploited, this vulnerability allows attackers to compromise app and access information We have already fixed this vulnerability in the following versions of Qfile: Qfile 3.0.0.1105 and later | |||||
| CVE-2021-38686 | 1 Qnap | 1 Qvr | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later | |||||
| CVE-2021-38679 | 1 Qnap | 1 Kazoo Server | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.22 and later | |||||
| CVE-2021-38376 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. | |||||
| CVE-2021-38299 | 1 Spomky-labs | 1 Webauthn Framwork | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence. | |||||
| CVE-2021-38161 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8. | |||||
| CVE-2021-37597 | 1 Wpcerber | 1 Wp Cerber | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation. | |||||
| CVE-2021-37580 | 1 Apache | 1 Shenyu | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0 | |||||
| CVE-2021-37545 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. | |||||
| CVE-2021-37417 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. | |||||
| CVE-2021-37414 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | |||||
| CVE-2021-37172 | 1 Siemens | 10 Cpu 1211c, Cpu 1212c, Cpu 1212fc and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device. | |||||
| CVE-2021-37123 | 1 Huawei | 2 Hero-ct060, Hero-ct060 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do. | |||||
| CVE-2021-37100 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. | |||||