Total
3419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-10389 | 1 Wpsupportplus | 1 Wp Support Plus Responsive Ticket System | 2019-08-29 | N/A |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. | ||||
| CVE-2018-1129 | 4 Ceph, Debian, Opensuse and 1 more | 10 Ceph, Debian Linux, Leap and 7 more | 2019-08-29 | N/A |
| A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. | ||||
| CVE-2018-14008 | 1 Arista | 1 Eos | 2019-08-28 | N/A |
| Arista EOS through 4.21.0F allows a crash because 802.1x authentication is mishandled. | ||||
| CVE-2019-14432 | 1 Loom | 1 Loom | 2019-08-19 | N/A |
| Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time. | ||||
| CVE-2019-5223 | 1 Huawei | 1 Pcmanager | 2019-08-16 | N/A |
| PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution. | ||||
| CVE-2016-10836 | 1 Cpanel | 1 Cpanel | 2019-08-13 | N/A |
| cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | ||||
| CVE-2016-10832 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | ||||
| CVE-2016-10833 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | ||||
| CVE-2016-10835 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | ||||
| CVE-2018-20937 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | ||||
| CVE-2016-10831 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | ||||
| CVE-2019-7163 | 1 Tcl | 2 Alcatel Linkzone, Alcatel Linkzone Firmware | 2019-08-12 | N/A |
| The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password. | ||||
| CVE-2018-20924 | 1 Cpanel | 1 Cpanel | 2019-08-08 | N/A |
| cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | ||||
| CVE-2013-2157 | 1 Openstack | 1 Keystone | 2019-08-08 | N/A |
| OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. | ||||
| CVE-2012-3424 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | N/A |
| The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method. | ||||
| CVE-2018-20888 | 1 Cpanel | 1 Cpanel | 2019-08-07 | N/A |
| cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | ||||
| CVE-2016-10826 | 1 Cpanel | 1 Cpanel | 2019-08-06 | N/A |
| cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | ||||
| CVE-2018-17213 | 1 Printeron | 1 Central Print Services | 2019-08-05 | N/A |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform other attacks. | ||||
| CVE-2018-13927 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2019-07-24 | N/A |
| Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130 | ||||
| CVE-2005-3979 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2019-07-16 | N/A |
| relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | ||||