Total
1492 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22850 | 1 Hgiga | 1 Oaklouds Portal | 2024-11-21 | 5.3 Medium |
| HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions. | ||||
| CVE-2021-22823 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2024-11-21 | 9.1 Critical |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) | ||||
| CVE-2021-22805 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2024-11-21 | 9.1 Critical |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | ||||
| CVE-2021-22784 | 1 Schneider-electric | 1 C-bus Toolkit | 2024-11-21 | 5.7 Medium |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1.15.8 and prior that could allow an attacker to use a crafted webpage to obtain remote access to the system. | ||||
| CVE-2021-22772 | 1 Schneider-electric | 6 T200e, T200e Firmware, T200i and 3 more | 2024-11-21 | 9.8 Critical |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T200 ((Modbus) SC2-04MOD-07000100 and earlier), Easergy T200 ((IEC104) SC2-04IEC-07000100 and earlier), and Easergy T200 ((DNP3) SC2-04DNP-07000102 and earlier) that could cause unauthorized operation when authentication is bypassed. | ||||
| CVE-2021-22652 | 1 Advantech | 1 Iview | 2024-11-21 | 9.8 Critical |
| Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. | ||||
| CVE-2021-22322 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality. | ||||
| CVE-2021-22316 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 6.8 Medium |
| There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability. | ||||
| CVE-2021-22279 | 1 Abb | 2 Omnicore C30, Omnicore C30 Firmware | 2024-11-21 | 9.8 Critical |
| A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an attacker to read and modify files on the robot controller if the attacker has access to the Connected Services Gateway Ethernet port. | ||||
| CVE-2021-22159 | 1 Proofpoint | 1 Insider Threat Management | 2024-11-21 | 7.8 High |
| Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected. | ||||
| CVE-2021-22012 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 7.5 High |
| The vCenter Server contains an information disclosure vulnerability due to an unauthenticated appliance management API. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information. | ||||
| CVE-2021-21986 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 9.8 Critical |
| The vSphere Client (HTML5) contains a vulnerability in a vSphere authentication mechanism for the Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability plug-ins. A malicious actor with network access to port 443 on vCenter Server may perform actions allowed by the impacted plug-ins without authentication. | ||||
| CVE-2021-21535 | 1 Dell | 1 Hybrid Client | 2024-11-21 | 7.4 High |
| Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system. | ||||
| CVE-2021-21472 | 1 Sap | 1 Software Provisioning Manager | 2024-11-21 | 8.8 High |
| SAP Software Provisioning Manager 1.0 (SAP NetWeaver Master Data Management Server 7.1) does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack, Security Downgrade. | ||||
| CVE-2021-20998 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2024-11-21 | 10 Critical |
| In multiple managed switches by WAGO in different versions without authorization and with specially crafted packets it is possible to create users. | ||||
| CVE-2021-20990 | 1 Fibaro | 4 Home Center 2, Home Center 2 Firmware, Home Center Lite and 1 more | 2024-11-21 | 7.5 High |
| In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal management service is accessible on port 8000 and some API endpoints could be accessed without authentication to trigger a shutdown, a reboot or a reboot into recovery mode. | ||||
| CVE-2021-20697 | 1 Dlink | 2 Dap-1880ac, Dap-1880ac Firmware | 2024-11-21 | 9.8 Critical |
| Missing authentication for critical function in DAP-1880AC firmware version 1.21 and earlier allows a remote attacker to login to the device as an authenticated user without the access privilege via unspecified vectors. | ||||
| CVE-2021-20662 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 7.5 High |
| Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors. | ||||
| CVE-2021-20474 | 1 Ibm | 1 Guardium Data Encryption | 2024-11-21 | 7.5 High |
| IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. | ||||
| CVE-2021-20262 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-11-21 | 6.8 Medium |
| A flaw was found in Keycloak 12.0.0 where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||