Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11301 | 1 Qualcomm | 534 Apq8009, Apq8009 Firmware, Apq8017 and 531 more | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-21513 | 1 Dell | 1 Openmanage Server Administrator | 2021-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system. | |||||
| CVE-2017-3854 | 1 Cisco | 12 2500 Wireless Lan Controller, 2504 Wireless Lan Controller, 5500 Wireless Lan Controller and 9 more | 2021-09-14 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit could allow the attacker to control the traffic flowing through the impacted access point or take full control of the target system. This vulnerability affects the following products running a vulnerable version of Wireless LAN Controller software and configured for meshed mode: Cisco 8500 Series Wireless Controller, Cisco 5500 Series Wireless Controller, Cisco 2500 Series Wireless Controller, Cisco Flex 7500 Series Wireless Controller, Cisco Virtual Wireless Controller, Wireless Services Module 2 (WiSM2). Note that additional configuration is needed in addition to upgrading to a fixed release. Cisco Bug IDs: CSCuc98992 CSCuu14804. | |||||
| CVE-2019-1724 | 1 Cisco | 4 Rv320 Dual Gigabit Wan Vpn Router, Rv320 Dual Gigabit Wan Vpn Router Software, Rv325 Dual Wan Gigabit Vpn Router and 1 more | 2021-09-13 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated session to create a new user account or otherwise control the device with the privileges of the hijacked session. The vulnerability is due to a lack of proper session management controls. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted device. A successful exploit could allow the attacker to take control of an existing user session on the device. Exploitation of the vulnerability requires that an authorized user session is active and that the attacker can craft an HTTP request to impersonate that session. | |||||
| CVE-2016-4503 | 1 Moxa | 2 Device Server Web Console 5232-n, Device Server Web Console 5232-n Firmware | 2021-09-13 | 5.0 MEDIUM | 9.8 CRITICAL |
| Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value. | |||||
| CVE-2021-39177 | 1 Geysermc | 1 Geyser | 2021-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch for the issue. There are no known workarounds aside from upgrading. | |||||
| CVE-2021-40350 | 1 Christiedigital | 2 Dwu850-gs, Dwu850-gs Firmware | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate. | |||||
| CVE-2018-7745 | 1 Cobub | 1 Razor | 2021-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/install/installation/createuserinfo requests, resulting in account creation. | |||||
| CVE-2021-22002 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2021-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. | |||||
| CVE-2017-10873 | 1 Osstech | 1 Openam | 2021-09-09 | 6.8 MEDIUM | 8.1 HIGH |
| OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. | |||||
| CVE-2021-22943 | 1 Ui | 1 Unifi Protect | 2021-09-08 | 8.3 HIGH | 9.6 CRITICAL |
| A vulnerability found in UniFi Protect application V1.18.1 and earlier permits a malicious actor who has already gained access to a network to subsequently control the Protect camera(s) assigned to said network. This vulnerability is fixed in UniFi Protect application V1.19.0 and later. | |||||
| CVE-2021-34578 | 1 Wago | 24 750-362, 750-362 Firmware, 750-363 and 21 more | 2021-09-08 | 6.8 MEDIUM | 8.1 HIGH |
| This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07. | |||||
| CVE-2021-36370 | 1 Midnight-commander | 1 Midnight Commander | 2021-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. | |||||
| CVE-2021-39165 | 1 Chachethq | 1 Cachet | 2021-09-01 | 5.0 MEDIUM | 6.5 MEDIUM |
| Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet <https://github.com/CachetHQ/Cachet> is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected. | |||||
| CVE-2021-20598 | 1 Mitsubishielectric | 16 R08psfcpu, R08psfcpu Firmware, R08sfcpu and 13 more | 2021-08-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU modules (R08/16/32/120SFCPU all versions, R08/16/32/120PSFCPU all versions) allows a remote unauthenticated attacker to lockout a legitimate user by continuously trying login with incorrect password. | |||||
| CVE-2021-3458 | 1 Motorola | 2 Mm1000, Mm1000 Firmware | 2021-08-24 | 2.1 LOW | 4.6 MEDIUM |
| The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified. | |||||
| CVE-2021-37597 | 1 Wpcerber | 1 Wp Cerber | 2021-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation. | |||||
| CVE-2021-36921 | 1 Monitorapp | 2 Application Insight Manager, Application Insight Web Application Firewall | 2021-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying the response to an authentication check request. | |||||
| CVE-2021-20759 | 1 Cybozu | 1 Garoon | 2021-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege. | |||||
| CVE-2021-20757 | 1 Cybozu | 1 Garoon | 2021-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege. | |||||