Total
1299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21725 | 1 Zte | 2 Zxhn H196q, Zxhn H196q Firmware | 2021-03-12 | 2.7 LOW | 5.7 MEDIUM |
| A ZTE product has an information leak vulnerability. An attacker with higher authority can go beyond their authority to access files in other directories by performing specific operations, resulting in information leak. This affects: ZXHN H196Q V9.1.0C2. | |||||
| CVE-2020-29020 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2021-03-12 | 6.5 MEDIUM | 7.2 HIGH |
| Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware. | |||||
| CVE-2021-26964 | 1 Arubanetworks | 1 Airwave | 2021-03-11 | 5.5 MEDIUM | 7.1 HIGH |
| A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the AirWave web-based management interface could allow an authenticated remote attacker to improperly access and modify devices and management user details. A successful exploit would consist of an attacker using a lower privileged account to change management user or device details. This could allow the attacker to escalate privileges and/or change network details that they should not have access to. | |||||
| CVE-2021-27225 | 1 Dataiku | 1 Data Science Studio | 2021-03-05 | 5.5 MEDIUM | 5.4 MEDIUM |
| In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not authorized to access. | |||||
| CVE-2021-22113 | 1 Vmware | 1 Spring Cloud Netflix Zuul | 2021-03-02 | 4.3 MEDIUM | 5.3 MEDIUM |
| Applications using the “Sensitive Headers” functionality in Spring Cloud Netflix Zuul 2.2.6.RELEASE and below may be vulnerable to bypassing the “Sensitive Headers” restriction when executing requests with specially constructed URLs. Applications that use Spring Security's StrictHttpFirewall (enabled by default for all URLs) are not affected by the vulnerability, as they reject requests that allow bypassing. | |||||
| CVE-2021-27509 | 1 Visualware | 1 Myconnection Server | 2021-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. | |||||
| CVE-2021-21318 | 1 Apereo | 1 Opencast | 2021-02-25 | 5.5 MEDIUM | 5.4 MEDIUM |
| Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial of access for all users without superuser privileges, effectively hiding the series. Access to series and series metadata on the search service (shown in media module and player) depends on the events published which are part of the series. Publishing an event will automatically publish a series and update access to it. Removing an event or republishing the event should do the same. Affected versions of Opencast may not update the series access or remove a published series if an event is being removed. On removal of an episode, this may lead to an access control list for series metadata with broader access rules than the merged access rules of all remaining events, or the series metadata still being available although all episodes of that series have been removed. This problem is fixed in Opencast 9.2. | |||||
| CVE-2021-25648 | 1 Testes-codigo | 1 Testes De Codigo | 2021-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and "isPremium" located on device storage. | |||||
| CVE-2021-20188 | 2 Podman Project, Redhat | 3 Podman, Enterprise Linux, Openshift Container Platform | 2021-02-17 | 6.9 MEDIUM | 7.0 HIGH |
| A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-27177 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2021-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass authentication by sending the decoded value of the GgpoZWxwCmxpc3QKd2hvCg== string to the telnet server. | |||||
| CVE-2020-8806 | 1 Electriccoin | 1 Zcashd | 2021-02-08 | 5.0 MEDIUM | 7.5 HIGH |
| Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced. | |||||
| CVE-2020-27873 | 1 Netgear | 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more | 2021-02-08 | 3.3 LOW | 6.5 MEDIUM |
| This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SOAP API endpoint, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-11559. | |||||
| CVE-2021-25244 | 1 Trendmicro | 1 Worry-free Business Security | 2021-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton. | |||||
| CVE-2021-25245 | 1 Trendmicro | 1 Worry-free Business Security | 2021-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton. | |||||
| CVE-2021-25229 | 1 Trendmicro | 2 Apex One, Officescan | 2021-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server. | |||||
| CVE-2021-25228 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2021-02-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about hotfix history. | |||||
| CVE-2021-25246 | 1 Trendmicro | 3 Apex One, Officescan, Worry-free Business Security | 2021-02-05 | 6.4 MEDIUM | 6.5 MEDIUM |
| An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user to create a bogus agent on an affected server that could be used then make valid configuration queries. | |||||
| CVE-2021-21286 | 1 Wwbn | 1 Avideo | 2021-02-05 | 6.5 MEDIUM | 8.8 HIGH |
| AVideo Platform is an open-source Audio and Video platform. It is similar to a self-hosted YouTube. In AVideo Platform before version 10.2 there is an authorization bypass vulnerability which enables an ordinary user to get admin control. This is fixed in version 10.2. All queries now remove the pass hash and the recoverPass hash. | |||||
| CVE-2021-25774 | 1 Jetbrains | 1 Teamcity | 2021-02-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of another user. | |||||
| CVE-2021-25777 | 1 Jetbrains | 1 Teamcity | 2021-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. | |||||