Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32951 | 1 Advantech | 1 Webaccess\/nms | 2021-10-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper authentication vulnerability, which may allow unauthorized users to view resources monitored and controlled by the WebAccess/NMS, as well as IP addresses and names of all the devices managed via WebAccess/NMS. | |||||
| CVE-2021-30312 | 1 Qualcomm | 388 Apq8053, Apq8053 Firmware, Aqt1000 and 385 more | 2021-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30302 | 1 Qualcomm | 248 Aqt1000, Aqt1000 Firmware, Ar8035 and 245 more | 2021-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-21745 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2021-10-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification, an attackercould use this vulnerability to perform illegal authorization operations by sending a request to the user to click. | |||||
| CVE-2010-2496 | 1 Clusterlabs | 2 Cluster Glue, Pacemaker | 2021-10-21 | 2.1 LOW | 5.5 MEDIUM |
| stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | |||||
| CVE-2020-27266 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2021-10-19 | 3.3 LOW | 6.5 MEDIUM |
| In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy. | |||||
| CVE-2021-37123 | 1 Huawei | 2 Hero-ct060, Hero-ct060 Firmware | 2021-10-18 | 7.5 HIGH | 9.8 CRITICAL |
| There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do. | |||||
| CVE-2021-20375 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept and replace a message sent by another user due to improper access controls. IBM X-Force ID: 195567. | |||||
| CVE-2021-20372 | 1 Ibm | 1 Sterling B2b Integrator | 2021-10-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote authenticated user to cause a denial of another user's service due to insufficient permission checking. IBM X-Force ID: 195518. | |||||
| CVE-2021-41126 | 1 Octobercms | 1 October | 2021-10-14 | 6.5 MEDIUM | 7.2 HIGH |
| October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update. | |||||
| CVE-2021-25484 | 1 Google | 1 Android | 2021-10-13 | 2.1 LOW | 3.3 LOW |
| Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. | |||||
| CVE-2021-39872 | 1 Gitlab | 1 Gitlab | 2021-10-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. | |||||
| CVE-2021-41286 | 1 Omikron | 1 Multicash | 2021-10-08 | 4.6 MEDIUM | 7.8 HIGH |
| Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a debugger to the process or create a patch that manipulates the behavior of the login function. When the function always returns the success value (corresponding to a correct password), an attacker can login with any desired account, such as the administrative account of the application. | |||||
| CVE-2021-35296 | 1 Ptcl | 2 Hg150-ub, Hg150-ub Firmware | 2021-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path. | |||||
| CVE-2021-24017 | 1 Fortinet | 1 Fortimanager | 2021-10-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. | |||||
| CVE-2020-24675 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2021-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. | |||||
| CVE-2021-20578 | 2 Ibm, Redhat | 2 Cloud Pak For Security, Openshift | 2021-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282. | |||||
| CVE-2021-31606 | 1 Openvpn-monitor Project | 1 Openvpn-monitor | 2021-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to disconnect arbitrary clients. | |||||
| CVE-2021-41503 | 1 D-link | 4 Dcs-5000l, Dcs-5000l Firmware, Dcs-932l and 1 more | 2021-09-30 | 5.2 MEDIUM | 8.0 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2019-10911 | 2 Drupal, Sensiolabs | 2 Drupal, Symfony | 2021-09-29 | 6.0 MEDIUM | 7.5 HIGH |
| In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, a vulnerability would allow an attacker to authenticate as a privileged user on sites with user registration and remember me login functionality enabled. This is related to symfony/security. | |||||