Total
3419 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-8650 | 2 Debian, Requests-kerberos Project | 2 Debian Linux, Requests-kerberos | 2019-12-19 | 9.8 Critical |
python-requests-Kerberos through 0.5 does not handle mutual authentication | ||||
CVE-2019-19507 | 1 Json Pattern Validator Project | 1 Json Pattern Validator | 2019-12-19 | 5.3 Medium |
In jpv (aka Json Pattern Validator) before 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. | ||||
CVE-2014-1867 | 1 Suphp | 1 Suphp | 2019-12-17 | 7.8 High |
suPHP before 0.7.2 source-highlighting feature allows security bypass which could lead to arbitrary code execution | ||||
CVE-2019-18380 | 1 Symantec | 1 Industrial Control System Protection | 2019-12-17 | 6.5 Medium |
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication. | ||||
CVE-2019-5218 | 1 Huawei | 4 Band 2, Band 2 Firmware, Band 3 and 1 more | 2019-12-16 | 8.8 High |
There is an insufficient authentication vulnerability in Huawei Band 2 and Honor Band 3. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band. | ||||
CVE-2019-14909 | 1 Redhat | 1 Keycloak | 2019-12-16 | 8.3 High |
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | ||||
CVE-2013-4593 | 1 Omniauth-facebook Project | 1 Omniauth-facebook | 2019-12-16 | 7.5 High |
RubyGem omniauth-facebook has an access token security vulnerability | ||||
CVE-2019-19598 | 1 Dlink | 2 Dap-1860, Dap-1860 Firmware | 2019-12-14 | 8.8 High |
D-Link DAP-1860 devices before v1.04b03 Beta allow access to administrator functions without authentication via the HNAP_AUTH header timestamp value. In HTTP requests, part of the HNAP_AUTH header is the timestamp used to determine the time when the user sent the request. If this value is equal to the value stored in the device's /var/hnap/timestamp file, the request will pass the HNAP_AUTH check function. | ||||
CVE-2019-17437 | 1 Paloaltonetworks | 1 Pan-os | 2019-12-13 | 7.8 High |
An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue. | ||||
CVE-2019-12394 | 1 Anviz | 1 Management System | 2019-12-12 | 9.8 Critical |
Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. | ||||
CVE-2019-19521 | 1 Openbsd | 1 Openbsd | 2019-12-12 | 9.8 Critical |
libc in OpenBSD 6.6 allows authentication bypass via the -schallenge username, as demonstrated by smtpd, ldapd, or radiusd. This is related to gen/auth_subr.c and gen/authenticate.c in libc (and login/login.c and xenocara/app/xenodm/greeter/verify.c). | ||||
CVE-2019-15987 | 1 Cisco | 6 Webex Event Center, Webex Meeting Center, Webex Meetings Online and 3 more | 2019-12-09 | 5.3 Medium |
A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain URLs. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to know if a given username is valid and find the real name of the user. | ||||
CVE-2014-2904 | 1 Wolfssl | 1 Wolfssl | 2019-12-04 | 7.5 High |
wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication. | ||||
CVE-2013-3072 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2019-11-20 | 9.8 Critical |
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in http://<router_ip>/apply.cgi?/hdd_usr_setup.htm that when visited by any user, authenticated or not, causes the router to no longer require a password to access the web administration portal. | ||||
CVE-2019-11170 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2019-11-19 | 7.8 High |
Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access. | ||||
CVE-2019-5213 | 1 Huawei | 2 Honor Play, Honor Play Firmware | 2019-11-15 | 2.4 Low |
Honor play smartphones with versions earlier than Cornell-AL00A 9.1.0.321(C00E320R1P1T8) have an insufficient authentication vulnerability. The system has a logic judge error under certain scenario. Successful exploit could allow the attacker to modify the alarm clock settings after a serious of uncommon operations without unlock the screen lock. | ||||
CVE-2019-5233 | 1 Huawei | 2 Taurus-al00b, Taurus-al00b Firmware | 2019-11-15 | 8.8 High |
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components. | ||||
CVE-2013-5123 | 5 Debian, Fedoraproject, Pypa and 2 more | 6 Debian Linux, Fedora, Pip and 3 more | 2019-11-12 | 5.9 Medium |
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks. | ||||
CVE-2019-1980 | 1 Cisco | 3 Firepower Management Center, Firepower Services Software For Asa, Firepower Threat Defense | 2019-11-08 | 5.3 Medium |
A vulnerability in the protocol detection component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper detection of the initial use of a protocol on a nonstandard port. An attacker could exploit this vulnerability by sending traffic on a nonstandard port for the protocol in use through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. Once the initial protocol flow on the nonstandard port is detected, future flows on the nonstandard port will be successfully detected and handled as configured by the applied policy. | ||||
CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2019-11-08 | 9.8 Critical |
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. |