Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43175 | 1 Goautodial | 2 Goautodial, Goautodial Api | 2022-08-09 | 7.5 High |
| The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C | ||||
| CVE-2020-15077 | 1 Openvpn | 1 Openvpn Access Server | 2022-08-05 | 5.3 Medium |
| OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | ||||
| CVE-2021-28503 | 1 Arista | 1 Eos | 2022-08-02 | 9.8 Critical |
| The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. | ||||
| CVE-2022-23729 | 1 Google | 1 Android | 2022-03-11 | 7.8 High |
| When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. | ||||
| CVE-2022-0451 | 1 Dart | 1 Dart Software Development Kit | 2022-02-26 | 6.5 Medium |
| Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond. | ||||
| CVE-2020-10126 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2021-12-20 | 7.6 High |
| NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive. | ||||
| CVE-2019-0042 | 1 Juniper | 1 Identity Management Service | 2021-10-28 | 4.2 Medium |
| Juniper Identity Management Service (JIMS) for Windows versions prior to 1.1.4 may send an incorrect message to associated SRX services gateways. This may allow an attacker with physical access to an existing domain connected Windows system to bypass SRX firewall policies, or trigger a Denial of Service (DoS) condition for the network. | ||||
| CVE-2020-11012 | 1 Minio | 1 Minio | 2021-10-26 | 7.5 High |
| MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating new service accounts for existing access keys - without knowing the admin secret key. This has been fixed and released in version RELEASE.2020-04-23T00-58-49Z. | ||||
| CVE-2020-24683 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2021-10-07 | 9.8 Critical |
| The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application. | ||||
| CVE-2020-15787 | 1 Siemens | 2 Simatic Hmi United Comfort Panels, Simatic Hmi United Comfort Panels Firmware | 2021-06-08 | 9.8 Critical |
| A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | ||||
| CVE-2019-14910 | 1 Redhat | 1 Keycloak | 2020-10-09 | 9.8 Critical |
| A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | ||||
| CVE-2020-10123 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2020-08-27 | 5.3 Medium |
| The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows. | ||||
| CVE-2020-10923 | 1 Netgear | 2 R6700, R6700 Firmware | 2020-07-29 | 8.8 High |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642. | ||||
| CVE-2019-14909 | 1 Redhat | 1 Keycloak | 2019-12-16 | 8.3 High |
| A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted. | ||||