Total
3924 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22860 | 1 Eic | 1 E-document System | 2024-11-21 | 9.8 Critical |
| EIC e-document system does not perform completed identity verification for sorting and filtering personnel data. The vulnerability allows remote attacker to obtain users’ credential information without logging in the system, and further acquire the privileged permissions and execute arbitrary commends. | ||||
| CVE-2021-22858 | 1 Changjia Property Management System Project | 1 Changjia Property Management System | 2024-11-21 | 8.8 High |
| Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. | ||||
| CVE-2021-22796 | 1 Schneider-electric | 1 C-gate Server | 2024-11-21 | 7.8 High |
| A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) | ||||
| CVE-2021-22507 | 1 Microfocus | 1 Operations Bridge Manager | 2024-11-21 | 9.8 Critical |
| Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access. | ||||
| CVE-2021-22497 | 1 Microfocus | 1 Netiq Advanced Authentication | 2024-11-21 | 3.8 Low |
| Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue. | ||||
| CVE-2021-22496 | 1 Microfocus | 1 Access Manager | 2024-11-21 | 7.5 High |
| Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. | ||||
| CVE-2021-22490 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.3 Medium |
| There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance. | ||||
| CVE-2021-22473 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 High |
| There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-22171 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.3 High |
| Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link | ||||
| CVE-2021-22155 | 1 Blackberry | 1 Workspaces Server | 2024-11-21 | 8.8 High |
| An Authentication Bypass vulnerability in the SAML Authentication component of BlackBerry Workspaces Server (deployed with Appliance-X) version(s) 10.1, 9.1 and earlier could allow an attacker to potentially gain access to the application in the context of the targeted user’s account. | ||||
| CVE-2021-22025 | 1 Vmware | 3 Cloud Foundation, Vrealize Operations Manager, Vrealize Suite Lifecycle Manager | 2024-11-21 | 7.5 High |
| The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to the vRealize Operations Manager API can add new nodes to existing vROps cluster. | ||||
| CVE-2021-22004 | 3 Fedoraproject, Microsoft, Saltstack | 3 Fedora, Windows, Salt | 2024-11-21 | 6.4 Medium |
| An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software. | ||||
| CVE-2021-22002 | 2 Linux, Vmware | 5 Linux Kernel, Cloud Foundation, Identity Manager and 2 more | 2024-11-21 | 9.8 Critical |
| VMware Workspace ONE Access and Identity Manager, allow the /cfg web app and diagnostic endpoints, on port 8443, to be accessed via port 443 using a custom host header. A malicious actor with network access to port 443 could tamper with host headers to facilitate access to the /cfg web app, in addition a malicious actor could access /cfg diagnostic endpoints without authentication. | ||||
| CVE-2021-21998 | 1 Vmware | 1 Carbon Black App Control | 2024-11-21 | 9.8 Critical |
| VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate. | ||||
| CVE-2021-21994 | 1 Vmware | 2 Cloud Foundation, Esxi | 2024-11-21 | 9.8 Critical |
| SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request. | ||||
| CVE-2021-21982 | 2 Linux, Vmware | 2 Linux Kernel, Carbon Black Cloud Workload | 2024-11-21 | 9.1 Critical |
| VMware Carbon Black Cloud Workload appliance 1.0.0 and 1.01 has an authentication bypass vulnerability that may allow a malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance to obtain a valid authentication token. Successful exploitation of this issue would result in the attacker being able to view and alter administrative configuration settings. | ||||
| CVE-2021-21955 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2024-11-21 | 7.5 High |
| An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability. | ||||
| CVE-2021-21952 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges. | ||||
| CVE-2021-21902 | 1 Garrett | 1 Ic Module Cma | 2024-11-21 | 8.1 High |
| An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2021-21564 | 1 Dell | 1 Openmanage Enterprise | 2024-11-21 | 9.8 Critical |
| Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | ||||