Export limit exceeded: 336257 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10708 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44514 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 9.8 Critical |
| OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication for a few audit directories. | ||||
| CVE-2021-44460 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.5 Medium |
| Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests. | ||||
| CVE-2021-44458 | 2 Linux, Mirantis | 2 Linux Kernel, Lens | 2024-11-21 | 8.3 High |
| Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user. | ||||
| CVE-2021-44225 | 3 Fedoraproject, Keepalived, Redhat | 3 Fedora, Keepalived, Enterprise Linux | 2024-11-21 | 5.4 Medium |
| In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property | ||||
| CVE-2021-44204 | 2 Acronis, Microsoft | 5 Agent, Cyber Protect, Cyber Protect Home Office and 2 more | 2024-11-21 | 7.8 High |
| Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | ||||
| CVE-2021-44057 | 1 Qnap | 1 Photo Station | 2024-11-21 | 7.1 High |
| An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later | ||||
| CVE-2021-44056 | 1 Qnap | 1 Video Station | 2024-11-21 | 7.1 High |
| An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later | ||||
| CVE-2021-44038 | 1 Quagga | 1 Quagga | 2024-11-21 | 7.8 High |
| An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. | ||||
| CVE-2021-43999 | 1 Apache | 1 Guacamole | 2024-11-21 | 8.8 High |
| Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user. | ||||
| CVE-2021-43985 | 1 Myscada | 1 Mypro | 2024-11-21 | 9.1 Critical |
| An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization. | ||||
| CVE-2021-43935 | 1 Baxter | 10 Welch Allyn Connex Cardio, Welch Allyn Diagnostic Cardiology Suite, Welch Allyn Hscribe Holter Analysis System and 7 more | 2024-11-21 | 8.1 High |
| The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges. | ||||
| CVE-2021-43931 | 1 Webhmi | 2 Webhmi, Webhmi Firmware | 2024-11-21 | 9.8 Critical |
| The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. | ||||
| CVE-2021-43847 | 1 Humhub | 1 Humhub | 2024-11-21 | 6.5 Medium |
| HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue. | ||||
| CVE-2021-43834 | 1 Elabftw | 1 Elabftw | 2024-11-21 | 9.1 Critical |
| eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows an attacker to authenticate as an existing user, if that user was created using a single sign-on authentication option such as LDAP or SAML. It impacts instances where LDAP or SAML is used for authentication instead of the (default) local password mechanism. Users should upgrade to at least version 4.2.0. | ||||
| CVE-2021-43833 | 1 Elabftw | 1 Elabftw | 2024-11-21 | 8.1 High |
| eLabFTW is an electronic lab notebook manager for research teams. In versions prior to 4.2.0 there is a vulnerability which allows any authenticated user to gain access to arbitrary accounts by setting a specially crafted email address. This vulnerability impacts all instances that have not set an explicit email domain name allowlist. Note that whereas neither administrators nor targeted users are notified of a change, an attacker will need to control an account. The default settings require administrators to validate newly created accounts. The problem has been patched. Users should upgrade to at least version 4.2.0. For users unable to upgrade enabling an email domain allow list (from Sysconfig panel, Security tab) will completely resolve the issue. | ||||
| CVE-2021-43786 | 1 Nodebb | 1 Nodebb | 2024-11-21 | 9.8 Critical |
| Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible. | ||||
| CVE-2021-43708 | 1 Helpsystems | 1 Titus Data Classification | 2024-11-21 | 5.5 Medium |
| The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode. | ||||
| CVE-2021-43528 | 3 Debian, Mozilla, Redhat | 5 Debian Linux, Thunderbird, Enterprise Linux and 2 more | 2024-11-21 | 6.5 Medium |
| Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. | ||||
| CVE-2021-43415 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 8.8 High |
| HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. | ||||
| CVE-2021-43414 | 1 Gnu | 1 Hurd | 2024-11-21 | 7.0 High |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access. | ||||