Total
4618 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38486 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected. | |||||
| CVE-2021-38431 | 1 Advantech | 1 Webaccess Scada | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | |||||
| CVE-2021-38388 | 1 Linecorp | 1 Central Dogma | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project. | |||||
| CVE-2021-38164 | 1 Sap | 1 Erp Financial Accounting | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to. | |||||
| CVE-2021-37764 | 1 Xos-shop | 1 Xos Shop System | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php. | |||||
| CVE-2021-37738 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2021-37572 | 1 Mediatek | 14 Mt7603e, Mt7603e Firmware, Mt7613 and 11 more | 2024-11-21 | 5.0 MEDIUM | 8.2 HIGH |
| MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Missing authorization). | |||||
| CVE-2021-37535 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. | |||||
| CVE-2021-37270 | 1 S-cms | 1 Cms Enterprise Website Construction System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority. | |||||
| CVE-2021-36917 | 1 Wpwave | 1 Hide My Wp | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. | |||||
| CVE-2021-36909 | 1 Webfactoryltd | 1 Wp Reset Pro | 2024-11-21 | 5.5 MEDIUM | 8.8 HIGH |
| Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. | |||||
| CVE-2021-36232 | 1 Unit4 | 1 Mik.starlight | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. | |||||
| CVE-2021-36124 | 1 Echobh | 1 Sharecare | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection. | |||||
| CVE-2021-35413 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. | |||||
| CVE-2021-35327 | 1 Totolink | 2 A720r, A720r Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start the Telnet service, then login with the default credentials via a crafted POST request. | |||||
| CVE-2021-34648 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.0 MEDIUM | 6.4 MEDIUM |
| The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to send arbitrary emails from the affected server via the /ninja-forms-submissions/email-action REST API which can be used to socially engineer victims. | |||||
| CVE-2021-34647 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Ninja Forms WordPress plugin is vulnerable to sensitive information disclosure via the bulk_export_submissions function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. This allows authenticated attackers to export all Ninja Forms submissions data via the /ninja-forms-submissions/export REST API which can include personally identifiable information. | |||||
| CVE-2021-33924 | 1 Confluent | 1 Ansible | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information. | |||||
| CVE-2021-33704 | 1 Sap | 1 Business One | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users. | |||||
| CVE-2021-33676 | 1 Sap | 1 Customer Relationship Management | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system. | |||||