Total
3419 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-6360 | 1 Trendnet | 2 Ts-s402, Ts-s402 Firmware | 2020-02-26 | 7.5 High |
TRENDnet TS-S402 has a backdoor to enable TELNET. | ||||
CVE-2015-6922 | 1 Kaseya | 1 Virtual System Administrator | 2020-02-26 | 9.8 Critical |
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx. | ||||
CVE-2011-4338 | 1 Shaman Project | 1 Shaman | 2020-02-25 | 7.8 High |
Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password. | ||||
CVE-2019-3998 | 1 Simplisafe | 2 Simplisafe Ss3, Simplisafe Ss3 Firmware | 2020-02-25 | 5.5 Medium |
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to modify the Wi-Fi network the base station connects to. | ||||
CVE-2019-20046 | 1 S3india | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2020-02-25 | 9.8 Critical |
The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. The affected product does not require adequate authentication, which may allow an attacker to read sensitive information or execute arbitrary code. This is a different issue than CVE-2019-16879 and CVE-2019-20045. | ||||
CVE-2020-5532 | 1 Extrun | 1 Ilbo | 2020-02-25 | 4.3 Medium |
ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for iOS prior to version 1.2.01) allows an attacker on the same network segment to bypass authentication and to view the images which were recorded by the other ilbo user's device via unspecified vectors. | ||||
CVE-2011-2054 | 1 Cisco | 24 Asa 5500, Asa 5500 Firmware, Asa 5510 and 21 more | 2020-02-24 | 7.5 High |
A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. | ||||
CVE-2013-2120 | 1 Kde | 1 Paste Applet | 2020-02-21 | 8.4 High |
The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. | ||||
CVE-2013-4454 | 1 Getbutterfly | 1 Portable-phpmyadmin | 2020-02-21 | 9.1 Critical |
WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypass Vulnerabilities | ||||
CVE-2020-1789 | 1 Huawei | 8 Osca-550, Osca-550 Firmware, Osca-550a and 5 more | 2020-02-20 | 6.8 Medium |
Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential. | ||||
CVE-2020-1812 | 1 Huawei | 2 P30, P30 Firmware | 2020-02-20 | 7.8 High |
HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. | ||||
CVE-2020-8595 | 2 Istio, Redhat | 3 Istio, Enterprise Linux, Openshift Service Mesh | 2020-02-20 | 7.3 High |
Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. | ||||
CVE-2020-1842 | 1 Huawei | 10 Hege-560, Hege-560 Firmware, Osca-550 and 7 more | 2020-02-20 | 6.8 Medium |
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege. | ||||
CVE-2018-6180 | 1 Themashabrand | 1 Online Voting Platform | 2020-02-19 | 9.8 Critical |
A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. | ||||
CVE-2014-4198 | 1 Bssys | 1 Rbs Bs-client. Retail Client | 2020-02-19 | 9.1 Critical |
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function. | ||||
CVE-2013-5582 | 1 Ammyy | 1 Ammyy Admin | 2020-02-18 | 7.8 High |
Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. | ||||
CVE-2018-8715 | 1 Embedthis | 1 Appweb | 2020-02-17 | N/A |
The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. | ||||
CVE-2012-6603 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | N/A |
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. | ||||
CVE-2013-1359 | 1 Sonicwall | 4 Analyzer, Global Management System, Universal Management Appliance and 1 more | 2020-02-14 | 9.8 Critical |
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. | ||||
CVE-2019-15615 | 1 Nextcloud | 1 Nextcloud | 2020-02-13 | 6.1 Medium |
A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. |