Total
324 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4241 | 1 Phpservermonitor | 1 Php Server Monitor | 2024-11-21 | N/A | 2.6 LOW |
| A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is bb10a5f3c68527c58073258cb12446782d223bc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213744. | |||||
| CVE-2021-4240 | 1 Phpservermonitor | 1 Php Server Monitor | 2024-11-21 | N/A | 2.6 LOW |
| A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is 3daa804d5f56c55b3ae13bfac368bb84ec632193. It is recommended to apply a patch to fix this issue. The identifier VDB-213717 was assigned to this vulnerability. | |||||
| CVE-2021-46010 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. | |||||
| CVE-2021-45488 | 1 Netbsd | 1 Netbsd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. | |||||
| CVE-2021-45487 | 1 Netbsd | 1 Netbsd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures. | |||||
| CVE-2021-45458 | 1 Apache | 1 Kylin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | |||||
| CVE-2021-44151 | 1 Reprisesoftware | 1 Reprise License Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit. | |||||
| CVE-2021-41994 | 1 Pingidentity | 2 Pingid, Pingid Windows Login | 2024-11-21 | 1.9 LOW | 6.6 MEDIUM |
| A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | |||||
| CVE-2021-41993 | 1 Pingidentity | 2 Pingid, Pingid Windows Login | 2024-11-21 | 1.9 LOW | 6.6 MEDIUM |
| A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | |||||
| CVE-2021-41829 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. | |||||
| CVE-2021-41694 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php. | |||||
| CVE-2021-41061 | 1 Riot-os | 1 Riot | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots. | |||||
| CVE-2021-40422 | 1 Swiftsensors | 2 Sg3-1010, Sg3-1010 Firmware | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-3692 | 1 Yiiframework | 1 Yii | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | |||||
| CVE-2021-3689 | 1 Yiiframework | 1 Yii | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator | |||||
| CVE-2021-3446 | 3 Fedoraproject, Libtpms Project, Redhat | 3 Fedora, Libtpms, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2021-39249 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mt_rand function. | |||||
| CVE-2021-38606 | 1 Yogeshojha | 1 Rengine | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| reNgine through 0.5 relies on a predictable directory name. | |||||
| CVE-2021-38377 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. | |||||
| CVE-2021-37186 | 1 Siemens | 12 Logo\! Cmr2020, Logo\! Cmr2020 Firmware, Logo\! Cmr2040 and 9 more | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9). The underlying TCP/IP stack does not properly calculate the random numbers used as ISN (Initial Sequence Numbers). An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information. | |||||