Total
3419 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-1112 | 1 Gluster | 1 Glusterfs | 2020-01-20 | N/A |
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. | ||||
CVE-2019-19518 | 1 Broadcom | 1 Ca Automic Sysload | 2020-01-17 | 9.8 Critical |
CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands. | ||||
CVE-2013-3088 | 1 Belkin | 2 N900, N900 Firmware | 2020-01-16 | 9.8 Critical |
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". | ||||
CVE-2012-3824 | 1 Arialsoftware | 1 Campaign Enterprise | 2020-01-15 | 7.5 High |
In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. | ||||
CVE-2020-1786 | 1 Huawei | 2 Mate 20 Pro, Mate 20 Pro Firmware | 2020-01-15 | 4.6 Medium |
HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function. | ||||
CVE-2013-4982 | 1 Avtech | 2 Avn801 Dvr, Avn801 Dvr Firmware | 2020-01-15 | 9.8 Critical |
AVTECH AVN801 DVR has a security bypass via the administration login captcha | ||||
CVE-2013-4976 | 1 Hikvision | 2 Ds-2cd7153-e, Ds-2cd7153-e Firmware | 2020-01-10 | 9.8 Critical |
Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials | ||||
CVE-2013-5122 | 1 Cisco | 8 Linksys E4200, Linksys E4200 Firmware, Linksys Ea2700 and 5 more | 2020-01-09 | 9.8 Critical |
Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access | ||||
CVE-2013-3085 | 1 Belkin | 2 F5d8236-4, F5d8236-4 Firmware | 2020-01-09 | 9.8 Critical |
An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2. | ||||
CVE-2019-16327 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2020-01-08 | 9.8 Critical |
D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product. | ||||
CVE-2018-20489 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 5.3 Medium |
An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | ||||
CVE-2013-4621 | 1 Magdevgroup | 1 Magnolia Cms | 2020-01-04 | 9.8 Critical |
Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities | ||||
CVE-2012-3462 | 1 Fedoraproject | 1 Sssd | 2020-01-03 | 8.8 High |
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. | ||||
CVE-2019-5486 | 1 Gitlab | 1 Gitlab | 2019-12-30 | 8.8 High |
A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements. | ||||
CVE-2019-19982 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2019-12-30 | 5.3 Medium |
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request. | ||||
CVE-2019-5253 | 1 Huawei | 2 E5572-855, E5572-855 Firmware | 2019-12-30 | 5.9 Medium |
E5572-855 with versions earlier than 8.0.1.3(H335SP1C233) has an improper authentication vulnerability. The device does not perform a sufficient authentication when doing certain operations, successful exploit could allow an attacker to cause the device to reboot after launch a man in the middle attack. | ||||
CVE-2019-5252 | 1 Huawei | 12 Enjoy 8 Plus, Enjoy 8 Plus Firmware, Honor 8x and 9 more | 2019-12-27 | 3.5 Low |
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant. | ||||
CVE-2019-8533 | 1 Apple | 1 Mac Os X | 2019-12-26 | 7.8 High |
A lock handling issue was addressed with improved lock handling. This issue is fixed in macOS Mojave 10.14.4. A Mac may not lock when disconnecting from an external monitor. | ||||
CVE-2019-8804 | 1 Apple | 2 Ipados, Iphone Os | 2019-12-26 | 5.7 Medium |
An inconsistency in Wi-Fi network configuration settings was addressed. This issue is fixed in iOS 13.2 and iPadOS 13.2. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup. | ||||
CVE-2019-8704 | 1 Apple | 2 Iphone Os, Tvos | 2019-12-20 | 5.5 Medium |
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information. |