Total
28991 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36177 | 1 Fortinet | 1 Fortiauthenticator | 2024-02-28 | 3.3 LOW | 4.3 MEDIUM |
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthenticated direct connection to the FAC's database. | |||||
CVE-2021-45092 | 1 Cybelesoft | 1 Thinfinity Virtualui | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter. | |||||
CVE-2021-25490 | 1 Google | 1 Android | 2024-02-28 | 3.6 LOW | 6.0 MEDIUM |
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process. | |||||
CVE-2021-34696 | 1 Cisco | 23 Asr 902, Asr 903, Asr 907 and 20 more | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
A vulnerability in the access control list (ACL) programming of Cisco ASR 900 and ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect programming of hardware when an ACL is configured using a method other than the configuration CLI. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. | |||||
CVE-2021-42326 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter. | |||||
CVE-2021-41137 | 1 Minio | 1 Minio | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Minio is a Kubernetes native application for cloud storage. All users on release `RELEASE.2021-10-10T16-53-30Z` are affected by a vulnerability that involves bypassing policy restrictions on regular users. Normally, checkKeyValid() should return owner true for rootCreds. In the affected version, policy restriction did not work properly for users who did not have service (svc) or security token service (STS) accounts. This issue is fixed in `RELEASE.2021-10-13T00-23-17Z`. A downgrade back to release `RELEASE.2021-10-08T23-58-24Z` is available as a workaround. | |||||
CVE-2021-34754 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Multiple vulnerabilities in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic. These vulnerabilities are due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit these vulnerabilities by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should be activated for the ENIP packet. | |||||
CVE-2021-23861 | 1 Bosch | 4 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 1 more | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. | |||||
CVE-2021-42375 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-02-28 | 1.9 LOW | 5.5 MEDIUM |
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. | |||||
CVE-2021-33089 | 1 Intel | 4 Nuc Hdmi Firmware Update Tool, Nuc Kit Nuc8i3be, Nuc Kit Nuc8i5be and 1 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2021-0769 | 1 Google | 1 Android | 2024-02-28 | 4.4 MEDIUM | 7.3 HIGH |
In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requirements due to unclear UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-184676316 | |||||
CVE-2020-4160 | 1 Ibm | 1 Qradar Network Security | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340. | |||||
CVE-2021-42124 | 1 Ivanti | 1 Avalanche | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. | |||||
CVE-2020-4654 | 1 Ibm | 1 Sterling File Gateway | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090. | |||||
CVE-2021-35245 | 2 Microsoft, Solarwinds | 2 Windows, Serv-u | 2024-02-28 | 6.8 MEDIUM | 6.8 MEDIUM |
When a user has admin rights in Serv-U Console, the user can move, create and delete any files are able to be accessed on the Serv-U host machine. | |||||
CVE-2021-25504 | 1 Samsung | 1 Group Sharing | 2024-02-28 | 2.1 LOW | 4.0 MEDIUM |
Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. | |||||
CVE-2021-42336 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters. | |||||
CVE-2021-45896 | 1 Nokia | 2 Fastmile, Fastmile Firmware | 2024-02-28 | 6.0 MEDIUM | 8.8 HIGH |
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File. | |||||
CVE-2021-23261 | 1 Craftercms | 1 Crafter Cms | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Authenticated administrators may override the system configuration file and cause a denial of service. | |||||
CVE-2021-3510 | 1 Zephyrproject | 1 Zephyr | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4 |