Export limit exceeded: 11077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11077 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37624 | 1 Freeswitch | 1 Freeswitch | 2024-11-21 | 7.5 High |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing. By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the `auth-messages` parameter to `true`, it is not the default setting. Abuse of this security issue allows attackers to send SIP MESSAGE messages to any SIP user agent that is registered with the server without requiring authentication. Additionally, since no authentication is required, chat messages can be spoofed to appear to come from trusted entities. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. This issue is patched in version 1.10.7. Maintainers recommend that this SIP message type is authenticated by default so that FreeSWITCH administrators do not need to be explicitly set the `auth-messages` parameter. When following such a recommendation, a new parameter can be introduced to explicitly disable authentication. | ||||
| CVE-2021-37597 | 1 Wpcerber | 1 Wp Cerber | 2024-11-21 | 9.8 Critical |
| WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash] manipulation. | ||||
| CVE-2021-37580 | 1 Apache | 1 Shenyu | 2024-11-21 | 9.8 Critical |
| A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0 | ||||
| CVE-2021-37545 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2021.1.1, insufficient authentication checks for agent requests were made. | ||||
| CVE-2021-37417 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. | ||||
| CVE-2021-37414 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.5 High |
| Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get a valid user's APIKEY without authentication. | ||||
| CVE-2021-37175 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices. | ||||
| CVE-2021-37172 | 1 Siemens | 10 Cpu 1211c, Cpu 1212c, Cpu 1212fc and 7 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device. | ||||
| CVE-2021-37123 | 1 Huawei | 2 Hero-ct060, Hero-ct060 Firmware | 2024-11-21 | 9.8 Critical |
| There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do. | ||||
| CVE-2021-37100 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. | ||||
| CVE-2021-37086 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 8.6 High |
| There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across the UID sandbox. | ||||
| CVE-2021-37056 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.3 Medium |
| There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. | ||||
| CVE-2021-37054 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-37044 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. | ||||
| CVE-2021-37043 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious application processes occupy system resources. | ||||
| CVE-2021-37006 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.5 High |
| There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. | ||||
| CVE-2021-36949 | 1 Microsoft | 2 Azure Active Directory Connect, Azure Active Directory Connect Provisioning Agent | 2024-11-21 | 7.1 High |
| Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability | ||||
| CVE-2021-36921 | 1 Monitorapp | 2 Application Insight Manager, Application Insight Web Application Firewall | 2024-11-21 | 8.8 High |
| AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying the response to an authentication check request. | ||||
| CVE-2021-36776 | 1 Rancher | 1 Rancher | 2024-11-21 | 8.8 High |
| A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10. | ||||
| CVE-2021-36775 | 1 Rancher | 1 Rancher | 2024-11-21 | 8.8 High |
| a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. | ||||