• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-287

CVE-2021-4142

February 23, 2023 by

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

CVE-2021-41317

February 23, 2023 by

XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.

CVE-2021-41286

February 23, 2023 by

Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a debugger to the process or create a patch that manipulates the behavior of the login function. When the function always returns the success value (corresponding to a correct password), an attacker can login with any desired account, such as the administrative account of the application.

CVE-2021-41292

February 23, 2023 by

ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC.

CVE-2021-41309

February 23, 2023 by

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user’s Jira Service Management project via a Broken Authentication vulnerability in the /plugins/servlet/audit/resource endpoint. The affected versions of Jira Server and Data Center are before version 8.19.1.

CVE-2021-41311

February 23, 2023 by

Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an administrator account that has had its access revoked to modify projects’ Users & Roles settings, via a Broken Authentication vulnerability in the /plugins/servlet/project-config/PROJECT/roles endpoint. The affected versions are before version 8.19.1.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 182
  • Go to page 183
  • Go to page 184
  • Go to page 185
  • Go to page 186
  • Interim pages omitted …
  • Go to page 289
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE