Total
3930 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45841 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. | |||||
| CVE-2021-45786 | 1 Maccms | 1 Maccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges. | |||||
| CVE-2021-45389 | 1 Starwind | 2 Command Center, San\&nas | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864. | |||||
| CVE-2021-45379 | 1 Glewlwyd Project | 1 Glewlwyd | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password. | |||||
| CVE-2021-45347 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. | |||||
| CVE-2021-45331 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once. | |||||
| CVE-2021-45036 | 1 Velneo | 1 Vclient | 2024-11-21 | N/A | 8.7 HIGH |
| Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's username and hashed password to spoof the victim's id against the server. | |||||
| CVE-2021-45035 | 1 Velneo | 1 Vclient | 2024-11-21 | N/A | 6.3 MEDIUM |
| Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials. | |||||
| CVE-2021-44937 | 1 Glfusion | 1 Glfusion | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied. | |||||
| CVE-2021-44759 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0. | |||||
| CVE-2021-44736 | 1 Lexmark | 2 Mc3224i, Mc3224i Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature. | |||||
| CVE-2021-44676 | 1 Zohocorp | 1 Manageengine Access Manager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | |||||
| CVE-2021-44675 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | |||||
| CVE-2021-44525 | 1 Zohocorp | 1 Manageengine Pam360 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | |||||
| CVE-2021-44524 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. | |||||
| CVE-2021-44514 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | |||||
| CVE-2021-44458 | 2 Linux, Mirantis | 2 Linux Kernel, Lens | 2024-11-21 | 5.1 MEDIUM | 8.3 HIGH |
| Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user. | |||||
| CVE-2021-44057 | 1 Qnap | 1 Photo Station | 2024-11-21 | 10.0 HIGH | 7.1 HIGH |
| An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later | |||||
| CVE-2021-44056 | 1 Qnap | 1 Video Station | 2024-11-21 | 10.0 HIGH | 7.1 HIGH |
| An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later | |||||
| CVE-2021-43999 | 1 Apache | 1 Guacamole | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user. | |||||