Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19037 | 1 Halo | 1 Halo | 2021-07-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies. | |||||
| CVE-2021-25430 | 1 Google | 1 Android | 2021-07-14 | 3.3 LOW | 4.3 MEDIUM |
| Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | |||||
| CVE-2021-20776 | 1 A-stage-inc | 4 At-40cm01sr, At-40cm01sr Firmware, Sct-40cm01sr and 1 more | 2021-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet. | |||||
| CVE-2021-25442 | 1 Samsung | 1 Knox Cloud Services | 2021-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication. | |||||
| CVE-2021-35029 | 1 Zyxel | 74 Usg100, Usg1000, Usg1000 Firmware and 71 more | 2021-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 through 5.01, which could allow a remote attacker to execute arbitrary commands on an affected device. | |||||
| CVE-2018-16668 | 1 Circontrol | 1 Circarlife Scada | 2021-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in CIRCONTROL CirCarLife before 4.3. There is internal installation path disclosure due to the lack of authentication for /html/repository. | |||||
| CVE-2021-30648 | 1 Broadcom | 15 Symantec Advanced Secure Gateway 500-10, Symantec Advanced Secure Gateway 500-10 Firmware, Symantec Advanced Secure Gateway S200-30 and 12 more | 2021-07-06 | 9.0 HIGH | 9.8 CRITICAL |
| The Symantec Advanced Secure Gateway (ASG) and ProxySG web management consoles are susceptible to an authentication bypass vulnerability. An unauthenticated attacker can execute arbitrary CLI commands, view/modify the appliance configuration and policy, and shutdown/restart the appliance. | |||||
| CVE-2017-14147 | 1 Fiberhome | 2 Adsl An1020-25, Adsl An1020-25 Firmware | 2021-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password. | |||||
| CVE-2021-20737 | 1 Weseek | 1 Growi | 2021-07-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors. | |||||
| CVE-2018-8171 | 1 Microsoft | 3 Asp.net Core, Asp.net Model View Controller, Asp.net Webpages | 2021-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. | |||||
| CVE-2021-21998 | 1 Vmware | 1 Carbon Black App Control | 2021-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| VMware Carbon Black App Control 8.0, 8.1, 8.5 prior to 8.5.8, and 8.6 prior to 8.6.2 has an authentication bypass. A malicious actor with network access to the VMware Carbon Black App Control management server might be able to obtain administrative access to the product without the need to authenticate. | |||||
| CVE-2021-32693 | 1 Sensiolabs | 1 Symfony | 2021-06-24 | 6.5 MEDIUM | 8.8 HIGH |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the application could be considered authenticated on the rest of the application. Starting in version 5.3.2, a patch ensures that the authenticated token is only available for the firewall that generates it. | |||||
| CVE-2018-10603 | 1 Martem | 4 Telem-gw6, Telem-gw6 Firmware, Telem-gwm and 1 more | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process. | |||||
| CVE-2021-34546 | 1 Netsetman | 1 Netsetman | 2021-06-22 | 7.2 HIGH | 6.8 MEDIUM |
| An unauthenticated attacker with physical access to a computer with NetSetMan Pro before 5.0 installed, that has the pre-logon profile switch button within the Windows logon screen enabled, is able to drop to an administrative shell and execute arbitrary commands as SYSTEM via the "save log to file" feature. To accomplish this, the attacker can navigate to cmd.exe. | |||||
| CVE-2020-24514 | 1 Intel | 4 Realsense Id F450, Realsense Id F450 Firmware, Realsense Id F455 and 1 more | 2021-06-17 | 4.6 MEDIUM | 6.8 MEDIUM |
| Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2021-25389 | 1 Google | 1 Android | 2021-06-17 | 3.6 LOW | 6.1 MEDIUM |
| Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. | |||||
| CVE-2021-25424 | 1 Samsung | 18 Galaxy Watch, Galaxy Watch 3, Galaxy Watch 3 Firmware and 15 more | 2021-06-17 | 5.8 MEDIUM | 8.8 HIGH |
| Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. | |||||
| CVE-2020-26136 | 1 Silverstripe | 1 Silverstripe | 2021-06-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. | |||||
| CVE-2021-32637 | 1 Authelia | 1 Authelia | 2021-06-09 | 7.5 HIGH | 10.0 CRITICAL |
| Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism. It additionally could theoretically affect other proxy servers, but all of the ones we officially support except nginx do not allow malformed URI paths. The problem is rectified entirely in v4.29.3. As this patch is relatively straightforward we can back port this to any version upon request. Alternatively we are supplying a git patch to 4.25.1 which should be relatively straightforward to apply to any version, the git patches for specific versions can be found in the references. The most relevant workaround is upgrading. You can also add a block which fails requests that contains a malformed URI in the internal location block. | |||||
| CVE-2021-31251 | 1 Chiyu-tech | 20 Bf-430, Bf-430 Firmware, Bf-431 and 17 more | 2021-06-08 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated. | |||||