• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-287

CVE-2021-3632

February 23, 2023 by

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.

CVE-2021-35964

February 23, 2023 by

The management page of the Orca HCM digital learning platform does not perform identity verification, which allows remote attackers to execute the management function without logging in, access members’ information, modify and delete the courses in system, thus causing users fail to access the learning content.

CVE-2021-35943

February 23, 2023 by

Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513.

CVE-2021-35530

February 23, 2023 by

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy’s TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.

CVE-2021-35395

February 23, 2023 by

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affected by these vulnerabilities. Specifically, these binaries are vulnerable to the following issues: – stack buffer overflow in formRebootCheck due to unsafe copy of submit-url parameter – stack buffer overflow in formWsc due to unsafe copy of submit-url parameter – stack buffer overflow in formWlanMultipleAP due to unsafe copy of submit-url parameter – stack buffer overflow in formWlSiteSurvey due to unsafe copy of ifname parameter – stack buffer overflow in formStaticDHCP due to unsafe copy of hostname parameter – stack buffer overflow in formWsc due to unsafe copy of ‘peerPin’ parameter – arbitrary command execution in formSysCmd via the sysCmd parameter – arbitrary command injection in formWsc via the ‘peerPin’ parameter Exploitability of identified issues will differ based on what the end vendor/manufacturer did with the Realtek SDK webserver. Some vendors use it as-is, others add their own authentication implementation, some kept all the features from the server, some remove some of them, some inserted their own set of features. However, given that Realtek SDK implementation is full of insecure calls and that developers tends to re-use those examples in their custom code, any binary based on Realtek SDK webserver will probably contains its own set of issues on top of the Realtek ones (if kept). Successful exploitation of these issues allows remote attackers to gain arbitrary code execution on the device.

CVE-2021-35296

February 23, 2023 by

An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 192
  • Go to page 193
  • Go to page 194
  • Go to page 195
  • Go to page 196
  • Interim pages omitted …
  • Go to page 289
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE