Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41179 | 1 Nextcloud | 1 Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn't authenticated. This particularly affects the Nextcloud Talk application, as this could be leveraged to gain access to any private chat channel without going through the Two-Factor flow. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading. | |||||
| CVE-2019-16766 | 1 Labdigital | 1 Wagtail-2fa | 2024-11-21 | 4.0 MEDIUM | 8.7 HIGH |
| When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0. | |||||
| CVE-2011-3172 | 1 Suse | 1 Suse Linux Enterprise Server | 2024-11-21 | 10.0 HIGH | 5.4 MEDIUM |
| A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. | |||||
| CVE-2024-45764 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-13 | N/A | 9.0 CRITICAL |
| Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-7745 | 1 Progress | 1 Ws Ftp Server | 2024-09-04 | N/A | 6.5 MEDIUM |
| In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor Authentication of the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only. | |||||