Total
3924 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3788 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-11-21 | 6.8 Medium |
| An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. | ||||
| CVE-2021-3652 | 2 Port389, Redhat | 4 389-ds-base, Directory Server, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either accidentally or maliciously, then instead of being inactive, any password will successfully match during authentication. This flaw allows an attacker to successfully authenticate as a user whose password was disabled. | ||||
| CVE-2021-3636 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 Medium |
| It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service. | ||||
| CVE-2021-3632 | 1 Redhat | 4 Enterprise Linux, Keycloak, Red Hat Single Sign On and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. | ||||
| CVE-2021-3519 | 2 Lenovo, Microsoft | 119 Ideacentre 3-07imb05, Ideacentre 3-07imb05 Firmware, Ideacentre 310s-08igm and 116 more | 2024-11-21 | 6.4 Medium |
| A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. | ||||
| CVE-2021-3458 | 1 Motorola | 2 Mm1000, Mm1000 Firmware | 2024-11-21 | 6.1 Medium |
| The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified. | ||||
| CVE-2021-3424 | 1 Redhat | 2 Red Hat Single Sign On, Single Sign-on | 2024-11-21 | 5.3 Medium |
| A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges. | ||||
| CVE-2021-3339 | 1 Microsoft | 1 Modernflow | 2024-11-21 | 4.3 Medium |
| ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. | ||||
| CVE-2021-3332 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 5.3 Medium |
| WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. | ||||
| CVE-2021-3297 | 1 Zyxel | 2 Nbg2105, Nbg2105 Firmware | 2024-11-21 | 7.8 High |
| On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | ||||
| CVE-2021-3282 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 High |
| HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2. | ||||
| CVE-2021-3153 | 1 Hashicorp | 1 Terraform Enterprise | 2024-11-21 | 6.5 Medium |
| HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1. | ||||
| CVE-2021-3145 | 1 Ionic | 1 Identity Vault | 2024-11-21 | 6.7 Medium |
| In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication. | ||||
| CVE-2021-3046 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 6.8 Medium |
| An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 10.1 versions are not impacted. | ||||
| CVE-2021-39890 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. | ||||
| CVE-2021-39872 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. | ||||
| CVE-2021-39296 | 1 Openbmc-project | 1 Openbmc | 2024-11-21 | 10.0 Critical |
| In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. | ||||
| CVE-2021-39215 | 1 8x8 | 1 Jitsi Meet | 2024-11-21 | 7.5 High |
| Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. This issue is fixed in Jitsi Meet 2.0.5963. There are no known workarounds aside from updating. | ||||
| CVE-2021-39212 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.4 Medium |
| ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />. | ||||
| CVE-2021-39196 | 1 Pcapture Project | 1 Pcapture | 2024-11-21 | 7.7 High |
| pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filters can effectively limit the scope of information that a user can see in the data captures. If no filter is present, then all data on the local network segment where the program is running can be captured and downloaded. v3.12 fixes this problem. There is no workaround, you must upgrade to v3.12 or greater. | ||||