Total
1780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-20803 | 1 Cybozu | 1 Remote Service Manager | 2024-08-03 | 5.4 Medium |
| Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen. | ||||
| CVE-2021-20676 | 1 M-system | 10 Dl8-a, Dl8-a Firmware, Dl8-b and 7 more | 2024-08-03 | 4.3 Medium |
| M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E (DL8-E) versions prior to Ver3.0) allows remote authenticated attackers to bypass access restriction and conduct prohibited operations via unspecified vectors. | ||||
| CVE-2021-20306 | 1 Redhat | 3 Descision Manager, Jbpm, Process Automation | 2024-08-03 | 4.3 Medium |
| A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-20281 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-03 | 5.3 Medium |
| It was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | ||||
| CVE-2021-20282 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-03 | 5.3 Medium |
| When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | ||||
| CVE-2021-20290 | 1 Theforeman | 1 Openscap | 2024-08-03 | 6.1 Medium |
| An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. | ||||
| CVE-2021-20283 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-03 | 4.3 Medium |
| The web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | ||||
| CVE-2021-20179 | 3 Dogtagpki, Fedoraproject, Redhat | 5 Dogtagpki, Fedora, Certificate System and 2 more | 2024-08-03 | 8.1 High |
| A flaw was found in pki-core. An attacker who has successfully compromised a key could use this flaw to renew the corresponding certificate over and over again, as long as it is not explicitly revoked. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-20188 | 2 Podman Project, Redhat | 5 Podman, Enterprise Linux, Openshift Container Platform and 2 more | 2024-08-03 | 7.0 High |
| A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-20119 | 1 Commscope | 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware | 2024-08-03 | 7.1 High |
| The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. | ||||
| CVE-2021-20149 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-08-03 | 9.8 Critical |
| Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN interface. The default iptables ruleset for governing access to services on the device only apply to IPv4. All services running on the devices are accessible via the WAN interface via IPv6 by default. | ||||
| CVE-2021-20229 | 3 Fedoraproject, Postgresql, Redhat | 4 Fedora, Postgresql, Enterprise Linux and 1 more | 2024-08-03 | 4.3 Medium |
| A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2021-4352 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2024-08-03 | 5.3 Medium |
| The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the plugin. | ||||
| CVE-2021-4275 | 1 Pyambic-pentameter Project | 1 Pyambic-pentameter | 2024-08-03 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-4268 | 1 Phpredisadmin Project | 1 Phpredisadmin | 2024-08-03 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in phpRedisAdmin up to 1.17.3. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.18.0 is able to address this issue. The name of the patch is b9039adbb264c81333328faa9575ecf8e0d2be94. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216471. | ||||
| CVE-2021-4194 | 1 Bookstackapp | 1 Bookstack | 2024-08-03 | 6.5 Medium |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-4133 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Rhosemc | 2024-08-03 | 8.8 High |
| A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | ||||
| CVE-2021-4026 | 1 Bookstackapp | 1 Bookstack | 2024-08-03 | 4.3 Medium |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-3956 | 1 Lenovo | 46 Thinkagile Hx1320, Thinkagile Hx1321, Thinkagile Hx1520-r and 43 more | 2024-08-03 | 4.3 Medium |
| A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected. | ||||
| CVE-2021-3763 | 1 Redhat | 1 Amq Broker | 2024-08-03 | 4.3 Medium |
| A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity. | ||||