Total
3925 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45900 | 1 Vivoh | 1 Webinar Manager | 2024-11-21 | 6.5 Medium |
| Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf. | ||||
| CVE-2021-45890 | 1 Authguard Project | 1 Authguard | 2024-11-21 | 9.8 Critical |
| basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authentication via an inactive identifier. | ||||
| CVE-2021-45841 | 1 Terra-master | 3 F2-210, F4-210, Tos | 2024-11-21 | 8.1 High |
| In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. | ||||
| CVE-2021-45786 | 1 Maccms | 1 Maccms | 2024-11-21 | 9.8 Critical |
| In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid" parameters to gain privileges. | ||||
| CVE-2021-45389 | 1 Starwind | 2 Command Center, San\&nas | 2024-11-21 | 9.8 Critical |
| A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864. | ||||
| CVE-2021-45379 | 1 Glewlwyd Project | 1 Glewlwyd | 2024-11-21 | 8.8 High |
| Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password. | ||||
| CVE-2021-45347 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.5 High |
| An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. | ||||
| CVE-2021-45331 | 1 Gitea | 1 Gitea | 2024-11-21 | 9.8 Critical |
| An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once. | ||||
| CVE-2021-44937 | 1 Glfusion | 1 Glfusion | 2024-11-21 | 5.3 Medium |
| glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied. | ||||
| CVE-2021-44759 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 8.1 High |
| Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0. | ||||
| CVE-2021-44736 | 1 Lexmark | 2 Mc3224i, Mc3224i Firmware | 2024-11-21 | 9.8 Critical |
| The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature. | ||||
| CVE-2021-44676 | 1 Zohocorp | 1 Manageengine Access Manager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | ||||
| CVE-2021-44675 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. | ||||
| CVE-2021-44525 | 1 Zohocorp | 1 Manageengine Pam360 | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. | ||||
| CVE-2021-44524 | 1 Siemens | 2 Sipass Integrated, Siveillance Identity | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All versions < V1.6.284.0). Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. | ||||
| CVE-2021-44514 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 9.8 Critical |
| OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | ||||
| CVE-2021-44458 | 2 Linux, Mirantis | 2 Linux Kernel, Lens | 2024-11-21 | 8.3 High |
| Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user. | ||||
| CVE-2021-44225 | 3 Fedoraproject, Keepalived, Redhat | 3 Fedora, Keepalived, Enterprise Linux | 2024-11-21 | 5.4 Medium |
| In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property | ||||
| CVE-2021-44057 | 1 Qnap | 1 Photo Station | 2024-11-21 | 7.1 High |
| An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later | ||||
| CVE-2021-44056 | 1 Qnap | 1 Video Station | 2024-11-21 | 7.1 High |
| An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later | ||||