Export limit exceeded: 10729 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10729 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42029 | 1 Siemens | 71 Simatic S7-1200 Cpu, Simatic S7-1200 Cpu 1211c, Simatic S7-1200 Cpu 1212c and 68 more | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 (All versions), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 5), SIMATIC STEP 7 (TIA Portal) V17 (All versions < V17 Update 2). An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. | ||||
| CVE-2021-42000 | 1 Pingidentity | 1 Pingfederate | 2024-11-21 | 5.3 Medium |
| When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password. | ||||
| CVE-2021-41995 | 2 Apple, Pingidentity | 2 Macos, Pingid Integration For Mac Login | 2024-11-21 | 7.7 High |
| A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | ||||
| CVE-2021-41992 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 7.7 High |
| A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | ||||
| CVE-2021-41976 | 1 Tad Uploader Project | 1 Tad Uploader | 2024-11-21 | 5.3 Medium |
| Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in. | ||||
| CVE-2021-41975 | 1 Tadtools Project | 1 Tadtools | 2024-11-21 | 7.5 High |
| TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in. | ||||
| CVE-2021-41974 | 1 Tad Book3 Project | 1 Tad Book3 | 2024-11-21 | 9.1 Critical |
| Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission. | ||||
| CVE-2021-41834 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 5.3 Medium |
| JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | ||||
| CVE-2021-41716 | 1 Mahadiscom | 1 Mahavitaran | 2024-11-21 | 9.8 Critical |
| Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function | ||||
| CVE-2021-41638 | 1 Melag | 1 Ftp Server | 2024-11-21 | 7.5 High |
| The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. | ||||
| CVE-2021-41568 | 1 Tad Web Project | 1 Tad Web | 2024-11-21 | 5.3 Medium |
| Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system. | ||||
| CVE-2021-41564 | 1 Tad Honor Project | 1 Tad Honor | 2024-11-21 | 5.3 Medium |
| Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in. | ||||
| CVE-2021-41543 | 1 Siemens | 2 Climatix Pol909, Climatix Pol909 Firmware | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files. | ||||
| CVE-2021-41506 | 1 Xiongmaitech | 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more | 2024-11-21 | 9.8 Critical |
| Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. | ||||
| CVE-2021-41503 | 2 D-link, Dlink | 5 Dcs-5000l Firmware, Dcs-932l Firmware, Dcs-5000l and 2 more | 2024-11-21 | 8 High |
| DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-41317 | 1 Xss Hunter Express Project | 1 Xss Hunter Express | 2024-11-21 | 9.8 Critical |
| XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. | ||||
| CVE-2021-41313 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 4.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.7. | ||||
| CVE-2021-41312 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1. | ||||
| CVE-2021-41311 | 1 Atlassian | 3 Jira Data Center, Jira Server, Jira Software Data Center | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects' Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1. | ||||
| CVE-2021-41309 | 1 Atlassian | 3 Jira Data Center, Jira Server, Jira Software Data Center | 2024-11-21 | 5.3 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1. | ||||