Total
3555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28503 | 1 Arista | 1 Eos | 2024-11-21 | 6.8 MEDIUM | 7.4 HIGH |
| The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. | |||||
| CVE-2021-28495 | 1 Arista | 2 7130, Metamako Operating System | 2024-11-21 | 6.8 MEDIUM | 7.2 HIGH |
| In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.13 and post releases in the MOS-0.1x train MOS-0.26.6 and below releases in the MOS-0.2x train MOS-0.31.1 and below releases in the MOS-0.3x train | |||||
| CVE-2021-28494 | 1 Arista | 2 7130, Metamako Operating System | 2024-11-21 | 6.5 MEDIUM | 9.6 CRITICAL |
| In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, authentication is bypassed by unprivileged users who are accessing the Web UI. This issue affects: Arista Metamako Operating System MOS-0.34.0 and prior releases | |||||
| CVE-2021-28493 | 1 Arista | 2 7130, Metamako Operating System | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases | |||||
| CVE-2021-28174 | 1 Mitake | 1 Smart Stock Selection | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Mitake smart stock selection system contains a broken authentication vulnerability. By manipulating the parameters in the URL, remote attackers can gain the privileged permissions to access transaction record, and fraudulent trading without login. | |||||
| CVE-2021-28152 | 1 Hongdian | 2 H8922, H8922 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn. | |||||
| CVE-2021-27990 | 1 Appspace | 1 Appspace | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. | |||||
| CVE-2021-27878 | 1 Veritas | 1 Backup Exec | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges. | |||||
| CVE-2021-27877 | 1 Veritas | 1 Backup Exec | 2024-11-21 | 7.5 HIGH | 8.2 HIGH |
| An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands. | |||||
| CVE-2021-27876 | 1 Veritas | 1 Backup Exec | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
| An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges. | |||||
| CVE-2021-27794 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the authentication mechanism of Brocade Fabric OS versions before Brocade Fabric OS v.9.0.1a, v8.2.3a and v7.4.2h could allow a user to Login with empty password, and invalid password through telnet, ssh and REST. | |||||
| CVE-2021-27734 | 1 Belden | 2 Hirschmann Hios, Hisecos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users. | |||||
| CVE-2021-27715 | 1 Mofinetwork | 2 Mofi4500-4gxelte-v2, Mofi4500-4gxelte-v2 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request. | |||||
| CVE-2021-27651 | 1 Pega | 1 Infinity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. | |||||
| CVE-2021-27610 | 1 Sap | 2 Netweaver Abap, Netweaver Application Server Abap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, does not create information about internal and external RFC user in consistent and distinguished format, which could lead to improper authentication and may be exploited by malicious users to obtain illegitimate access to the system. | |||||
| CVE-2021-27522 | 1 Learnsite Project | 1 Learnsite | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Learnsite 1.2.5.0 contains a remote privilege escalation vulnerability in /Manager/index.aspx through the JudgIsAdmin() function. By modifying the initial letter of the key of a user cookie, the key of the administrator cookie can be obtained. | |||||
| CVE-2021-27451 | 1 Mesalabs | 1 Amegaview | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible algorithm, which may allow an attacker to gain access to the device. | |||||
| CVE-2021-26905 | 1 1password | 1 Scim Bridge | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| 1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key. | |||||
| CVE-2021-26638 | 1 Xisnd | 1 S\&d Smarthome | 2024-11-21 | 10.0 HIGH | 7.3 HIGH |
| Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control. | |||||
| CVE-2021-26627 | 1 Qcp | 2 Qcp200w, Qcp200w Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Real-time image information exposure is caused by insufficient authentication for activated RTSP port. This vulnerability could allow to remote attackers to send the RTSP requests using ffplay command and lead to leakage a live image. | |||||