Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7871 | 3 Debian, Netapp, Ntp | 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more | 2021-04-13 | 7.5 HIGH | 9.8 CRITICAL |
| Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | |||||
| CVE-2019-7392 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. | |||||
| CVE-2018-9024 | 1 Broadcom | 1 Privileged Access Manager | 2021-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file. | |||||
| CVE-2021-24175 | 1 Posimyth | 1 The Plus Addons For Elementor | 2021-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.7 was being actively exploited to by malicious actors to bypass authentication, allowing unauthenticated users to log in as any user (including admin) by just providing the related username, as well as create accounts with arbitrary roles, such as admin. These issues can be exploited even if registration is disabled, and the Login widget is not active. | |||||
| CVE-2019-20464 | 1 Sannce | 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware | 2021-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating. | |||||
| CVE-2020-29633 | 1 Apple | 2 Mac Os X, Macos | 2021-04-08 | 6.5 MEDIUM | 8.8 HIGH |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy. | |||||
| CVE-2007-5006 | 2 Broadcom, Ca | 3 Brightstor Arcserve Backup Laptops Desktops, Desktop Management Suite, Protection Suites | 2021-04-08 | 10.0 HIGH | N/A |
| Multiple command handlers in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 do not verify if a peer is authenticated, which allows remote attackers to add and delete users, and start client restores. | |||||
| CVE-2019-18246 | 1 Biotronik | 4 Cardiomessenger Ii-s Gsm, Cardiomessenger Ii-s Gsm Firmware, Cardiomessenger Ii-s T-line and 1 more | 2021-04-06 | 3.3 LOW | 4.3 MEDIUM |
| BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure. | |||||
| CVE-2019-18252 | 1 Biotronik | 4 Cardiomessenger Ii-s Gsm, Cardiomessenger Ii-s Gsm Firmware, Cardiomessenger Ii-s T-line and 1 more | 2021-04-06 | 3.3 LOW | 4.3 MEDIUM |
| BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure. | |||||
| CVE-2021-21982 | 2 Linux, Vmware | 2 Linux Kernel, Carbon Black Cloud Workload | 2021-04-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings. | |||||
| CVE-2021-23923 | 1 Devolutions | 1 Devolutions Server | 2021-04-06 | 4.9 MEDIUM | 8.1 HIGH |
| An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. | |||||
| CVE-2016-4422 | 2 Debian, Libpam-sshauth Project | 2 Debian Linux, Libpam-sshauth | 2021-04-05 | 10.0 HIGH | 9.8 CRITICAL |
| The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. | |||||
| CVE-2021-25368 | 1 Samsung | 1 Cloud | 2021-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. | |||||
| CVE-2021-22496 | 1 Microfocus | 1 Access Manager | 2021-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. | |||||
| CVE-2021-24148 | 1 Inspireui | 1 Mstore Api | 2021-03-23 | 10.0 HIGH | 9.8 CRITICAL |
| A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cookie with only an email address. | |||||
| CVE-2021-22860 | 1 Eic | 1 E-document System | 2021-03-23 | 7.5 HIGH | 9.8 CRITICAL |
| EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends. | |||||
| CVE-2021-20632 | 1 Cybozu | 1 Office | 2021-03-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via unspecified vectors. | |||||
| CVE-2021-20630 | 1 Cybozu | 1 Office | 2021-03-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via unspecified vectors. | |||||
| CVE-2021-20634 | 1 Cybozu | 1 Office | 2021-03-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors. | |||||
| CVE-2021-20018 | 1 Sonicwall | 2 Sma100, Sma100 Firmware | 2021-03-19 | 4.0 MEDIUM | 4.9 MEDIUM |
| A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. | |||||