Total
29064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26266 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 92.0.9 allows a Reseller to bypass the suspension lock (SEC-578). | |||||
| CVE-2021-26262 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2024-11-21 | 5.0 MEDIUM | 6.2 MEDIUM |
| Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||
| CVE-2021-26258 | 1 Intel | 1 Killer Control Center | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may allow an authorized user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-26118 | 2 Apache, Netapp | 2 Activemq Artemis, Oncommand Workflow Automation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| While investigating ARTEMIS-2964 it was found that the creation of advisory messages in the OpenWire protocol head of Apache ActiveMQ Artemis 2.15.0 bypassed policy based access control for the entire session. Production of advisory messages was not subject to access control in error. | |||||
| CVE-2021-26110 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. | |||||
| CVE-2021-26107 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 4.0 MEDIUM | 6.3 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiManager versions 6.4.4 and 6.4.5 may allow an authenticated attacker with a restricted user profile to modify the VPN tunnel status of other VDOMs using VPN Manager. | |||||
| CVE-2021-26099 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 4.0 MEDIUM | 4.4 MEDIUM |
| Missing cryptographic steps in the Identity-Based Encryption service of FortiMail before 7.0.0 may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext. | |||||
| CVE-2021-26029 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! 1.6.0 through 3.9.24. Inadequate filtering of form contents could allow to overwrite the author field. | |||||
| CVE-2021-25991 | 1 If-me | 1 Ifme | 2024-11-21 | 4.9 MEDIUM | 5.7 MEDIUM |
| In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete loss of admin access to Ifme. | |||||
| CVE-2021-25956 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2024-11-21 | 6.5 MEDIUM | 4.7 MEDIUM |
| In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name. | |||||
| CVE-2021-25778 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.2.1, permissions during user deletion were checked improperly. | |||||
| CVE-2021-25768 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.4.4701, permissions for attachments actions were checked improperly. | |||||
| CVE-2021-25755 | 1 Jetbrains | 1 Code With Me | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID, could get access to the encrypted traffic. | |||||
| CVE-2021-25743 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 2.1 LOW | 3.0 LOW |
| kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events. | |||||
| CVE-2021-25735 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. | |||||
| CVE-2021-25695 | 1 Teradici | 1 Pcoip | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The USB vHub in the Teradici PCOIP Software Agent prior to version 21.07.0 would accept commands from any program, which may allow an attacker to elevate privileges by changing the flow of program execution within the vHub driver. | |||||
| CVE-2021-25672 | 1 Mendix | 1 Forgot Password | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Mendix Forgot Password Appstore module (All Versions < V3.2.1). The Forgot Password Marketplace module does not properly control access. An attacker could take over accounts. | |||||
| CVE-2021-25657 | 1 Avaya | 1 Ip Office | 2024-11-21 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | |||||
| CVE-2021-25649 | 1 Avaya | 1 Aura Utility Services | 2024-11-21 | 2.1 LOW | 4.9 MEDIUM |
| An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Utility Services. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be available to a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | |||||
| CVE-2021-25648 | 1 Testes-codigo | 1 Testes De Codigo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and "isPremium" located on device storage. | |||||