Total
1599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32701 | 1 Ory | 1 Oathkeeper | 2021-06-30 | 4.3 MEDIUM | 7.5 HIGH |
| ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the scope `foo` using an access token granted with that `foo` scope, introspection will be valid and that token will be cached. The problem comes when a second requests to an endpoint that requires the scope `bar` is made before the cache has expired. Whether the token is granted or not to the `bar` scope, introspection will be valid. A patch will be released with `v0.38.12-beta.1`. Per default, caching is disabled for the `oauth2_introspection` authenticator. When caching is disabled, this vulnerability does not exist. The cache is checked in [`func (a *AuthenticatorOAuth2Introspection) Authenticate(...)`](https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L152). From [`tokenFromCache()`](https://github.com/ory/oathkeeper/blob/6a31df1c3779425e05db1c2a381166b087cb29a4/pipeline/authn/authenticator_oauth2_introspection.go#L97) it seems that it only validates the token expiration date, but ignores whether the token has or not the proper scopes. The vulnerability was introduced in PR #424. During review, we failed to require appropriate test coverage by the submitter which is the primary reason that the vulnerability passed the review process. | |||||
| CVE-2010-2525 | 1 Linux | 1 Linux Kernel | 2021-06-28 | 7.2 HIGH | 7.8 HIGH |
| A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system. | |||||
| CVE-2020-20466 | 1 White Shark Systems Project | 1 White Shark Systems | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php, remote attackers can modify the password of any user. | |||||
| CVE-2020-20471 | 1 White Shark Systems Project | 1 White Shark Systems | 2021-06-23 | 9.0 HIGH | 8.8 HIGH |
| White Shark System (WSS) 1.3.2 has an unauthorized access vulnerability in default_user_edit.php, remote attackers can exploit this vulnerability to escalate to admin privileges. | |||||
| CVE-2021-33881 | 1 Nxp | 16 Mifare Ultralight C, Mifare Ultralight C Firmware, Mifare Ultralight Ev1 and 13 more | 2021-06-17 | 1.9 LOW | 4.2 MEDIUM |
| On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a write operation (aka conduct a "tear off" attack) over RFID to bypass a Monotonic Counter protection mechanism. The impact depends on how the anti tear-off feature is used in specific applications such as public transportation, physical access control, etc. | |||||
| CVE-2021-25406 | 1 Samsung | 1 Gear S | 2021-06-17 | 3.3 LOW | 6.5 MEDIUM |
| Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. | |||||
| CVE-2021-25418 | 1 Samsung | 1 Internet | 2021-06-16 | 4.4 MEDIUM | 7.8 HIGH |
| Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | |||||
| CVE-2021-3469 | 1 Theforeman | 1 Foreman | 2021-06-10 | 3.5 LOW | 5.4 MEDIUM |
| Foreman versions before 2.3.4 and before 2.4.0 is affected by an improper authorization handling flaw. An authenticated attacker can impersonate the foreman-proxy if product enable the Puppet Certificate authority (CA) to sign certificate requests that have subject alternative names (SANs). Foreman do not enable SANs by default and `allow-authorization-extensions` is set to `false` unless user change `/etc/puppetlabs/puppetserver/conf.d/ca.conf` configuration explicitly. | |||||
| CVE-2021-20229 | 3 Fedoraproject, Postgresql, Redhat | 4 Fedora, Postgresql, Enterprise Linux and 1 more | 2021-06-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-1729 | 1 Redhat | 1 Smallrye Config | 2021-06-08 | 2.1 LOW | 4.4 MEDIUM |
| A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2 | |||||
| CVE-2021-29943 | 1 Apache | 1 Solr | 2021-06-08 | 6.4 MEDIUM | 9.1 CRITICAL |
| When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. | |||||
| CVE-2021-29642 | 1 Gistpad Project | 1 Gistpad | 2021-06-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which leads to leakage of GitHub access tokens. | |||||
| CVE-2020-26559 | 1 Bluetooth | 1 Mesh Profile | 2021-06-03 | 5.8 MEDIUM | 8.8 HIGH |
| Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue. | |||||
| CVE-2020-26560 | 1 Bluetooth | 1 Mesh Profile | 2021-06-03 | 4.8 MEDIUM | 8.1 HIGH |
| Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey. | |||||
| CVE-2021-31876 | 1 Bitcoin | 1 Bitcoin | 2021-05-26 | 6.4 MEDIUM | 6.5 MEDIUM |
| Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction. | |||||
| CVE-2021-31158 | 1 Couchbase | 1 Couchbase Server | 2021-05-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, Common Table Expression queries were not correctly checking the user's permissions, allowing read-access to resources beyond what those users were explicitly allowed to access. | |||||
| CVE-2021-23015 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-05-24 | 6.5 MEDIUM | 7.2 HIGH |
| On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-3457 | 1 Theforeman | 1 Smart Proxy Shell Hooks | 2021-05-20 | 3.6 LOW | 6.1 MEDIUM |
| An improper authorization handling flaw was found in Foreman. The Shellhooks plugin for the smart-proxy allows Foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. | |||||
| CVE-2021-24278 | 1 Querysol | 1 Redirection For Contact Form 7 | 2021-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function. | |||||
| CVE-2021-24282 | 1 Querysol | 1 Redirection For Contact Form 7 | 2021-05-17 | 6.5 MEDIUM | 6.3 MEDIUM |
| In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For example, an attacker could use wpcf7r_reset_settings to reset the plugin’s settings, wpcf7r_add_action to add actions to a form, and more. | |||||