Total
4061 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40693 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.5 Medium |
| An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | ||||
| CVE-2021-40376 | 1 Otris | 1 Update Manager | 2024-11-21 | 7.8 High |
| otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000. | ||||
| CVE-2021-40350 | 1 Christiedigital | 2 Dwu850-gs, Dwu850-gs Firmware | 2024-11-21 | 9.8 Critical |
| webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows attackers to perform any desired action via a crafted query containing an unspecified Cookie header. Authentication bypass can be achieved by including an administrative cookie that the device does not validate. | ||||
| CVE-2021-3850 | 2 Adodb Project, Debian | 2 Adodb, Debian Linux | 2024-11-21 | 9.1 Critical |
| Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | ||||
| CVE-2021-3827 | 1 Redhat | 6 Enterprise Linux, Keycloak, Openshift Container Platform and 3 more | 2024-11-21 | 6.8 Medium |
| A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity. | ||||
| CVE-2021-3788 | 1 Binatoneglobal | 42 Cn28, Cn28 Firmware, Cn40 and 39 more | 2024-11-21 | 6.8 Medium |
| An exposed debug interface was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker with physical access unauthorized access to the device. | ||||
| CVE-2021-3636 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 Medium |
| It was found in OpenShift, before version 4.8, that the generated certificate for the in-cluster Service CA, incorrectly included additional certificates. The Service CA is automatically mounted into all pods, allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service. | ||||
| CVE-2021-3632 | 1 Redhat | 4 Enterprise Linux, Keycloak, Red Hat Single Sign On and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. | ||||
| CVE-2021-3519 | 2 Lenovo, Microsoft | 119 Ideacentre 3-07imb05, Ideacentre 3-07imb05 Firmware, Ideacentre 310s-08igm and 116 more | 2024-11-21 | 6.4 Medium |
| A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. | ||||
| CVE-2021-3458 | 1 Motorola | 2 Mm1000, Mm1000 Firmware | 2024-11-21 | 6.1 Medium |
| The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified. | ||||
| CVE-2021-3424 | 1 Redhat | 2 Red Hat Single Sign On, Single Sign-on | 2024-11-21 | 5.3 Medium |
| A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges. | ||||
| CVE-2021-3339 | 1 Microsoft | 1 Modernflow | 2024-11-21 | 4.3 Medium |
| ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen. | ||||
| CVE-2021-3332 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 5.3 Medium |
| WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. | ||||
| CVE-2021-3282 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 High |
| HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2. | ||||
| CVE-2021-3153 | 1 Hashicorp | 1 Terraform Enterprise | 2024-11-21 | 6.5 Medium |
| HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting that required users within an organization to have two-factor authentication enabled. Fixed in v202103-1. | ||||
| CVE-2021-3145 | 1 Ionic | 1 Identity Vault | 2024-11-21 | 6.7 Medium |
| In Ionic Identity Vault before 5, a local root attacker on an Android device can bypass biometric authentication. | ||||
| CVE-2021-3046 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 6.8 Medium |
| An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 10.1 versions are not impacted. | ||||
| CVE-2021-39890 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. | ||||
| CVE-2021-39872 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab through git and API through access tokens acquired before password expiration. | ||||
| CVE-2021-39296 | 1 Openbmc-project | 1 Openbmc | 2024-11-21 | 10.0 Critical |
| In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. | ||||