Search
Total
676 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40684 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiswitchmanager | 2023-08-08 | N/A | 9.8 CRITICAL |
| An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. | |||||
| CVE-2022-30270 | 1 Motorola | 2 Ace1000, Ace1000 Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5 preconfigured accounts (root, abuilder, acelogin, cappl, ace), all of which come with default credentials. Although the ACE1000 documentation mentions the root, abuilder and acelogin accounts and instructs users to change the default credentials, the cappl and ace accounts remain undocumented and thus are unlikely to have their credentials changed. | |||||
| CVE-2022-35843 | 1 Fortinet | 2 Fortios, Fortiproxy | 2023-08-08 | N/A | 9.8 CRITICAL |
| An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. | |||||
| CVE-2022-48066 | 1 Totolink | 2 A830r, A830r Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie. | |||||
| CVE-2022-37298 | 1 Shinken-monitoring | 1 Shinken Monitoring | 2023-08-08 | N/A | 9.8 CRITICAL |
| Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server. | |||||
| CVE-2022-37163 | 1 Ihatetobudget Project | 1 Ihatetobudget | 2023-08-08 | N/A | 9.8 CRITICAL |
| Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | |||||
| CVE-2021-28152 | 1 Hongdian | 2 H8922, H8922 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Hongdian H8922 3.0.5 devices have an undocumented feature that allows access to a shell as a superuser. To connect, the telnet service is used on port 5188 with the default credentials of root:superzxmn. | |||||
| CVE-2021-44676 | 1 Zohocorp | 1 Manageengine Access Manager Plus | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. | |||||
| CVE-2022-28321 | 2 Linux-pam, Opensuse | 2 Linux-pam, Tumbleweed | 2023-08-08 | N/A | 9.8 CRITICAL |
| The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. | |||||
| CVE-2022-38557 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | |||||
| CVE-2022-38556 | 1 Trendnet | 2 Tew733gr, Tew733gr Firmware | 2023-08-08 | N/A | 9.8 CRITICAL |
| Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | |||||
| CVE-2023-29129 | 1 Mendix | 1 Saml | 2023-08-08 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. This CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration. | |||||
| CVE-2023-3326 | 1 Freebsd | 1 Freebsd | 2023-08-01 | N/A | 9.8 CRITICAL |
| pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system. | |||||
| CVE-2023-37471 | 1 Openidentityplatform | 1 Openam | 2023-07-31 | N/A | 9.8 CRITICAL |
| Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the SAMLPOSTProfileServlet servlet. This problem has been patched in OpenAM 14.7.3-SNAPSHOT and later. User unable to upgrade should comment servlet `SAMLPOSTProfileServlet` from their pom file. See the linked GHSA for details. | |||||
| CVE-2023-37266 | 1 Icewhale | 1 Casaos | 2023-07-31 | N/A | 9.8 CRITICAL |
| CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. | |||||
| CVE-2018-17153 | 1 Western Digital | 21 My Cloud Dl2100, My Cloud Dl4100, My Cloud Dl4100 Firmware and 18 more | 2023-07-28 | 10.0 HIGH | 9.8 CRITICAL |
| It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie. | |||||
| CVE-2023-3638 | 1 Geovision | 2 Gv-adr2701, Gv-adr2701 Firmware | 2023-07-28 | N/A | 9.8 CRITICAL |
| In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. | |||||
| CVE-2021-21965 | 1 Sealevel | 2 Seaconnect 370w, Seaconnect 370w Firmware | 2022-07-29 | 6.4 MEDIUM | 9.3 CRITICAL |
| A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2021-21952 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to increased privileges. | |||||
| CVE-2021-27651 | 1 Pega | 1 Infinity | 2022-07-29 | 7.5 HIGH | 9.8 CRITICAL |
| In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. | |||||
| CVE-2022-2141 | 1 Micodus | 2 Mv720, Mv720 Firmware | 2022-07-27 | N/A | 9.8 CRITICAL |
| SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. | |||||
| CVE-2021-40874 | 2 Debian, Lemonldap-ng | 2 Debian Linux, Lemonldap\ | 2022-07-25 | N/A | 9.8 CRITICAL |
| An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user. | |||||
| CVE-2021-41303 | 1 Apache | 1 Shiro | 2022-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0. | |||||
| CVE-2021-43935 | 1 Baxter | 10 Welch Allyn Connex Cardio, Welch Allyn Diagnostic Cardiology Suite, Welch Allyn Hscribe Holter Analysis System and 7 more | 2022-07-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges. | |||||
| CVE-2022-30623 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2022-07-23 | N/A | 9.8 CRITICAL |
| The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using a username and password. | |||||
| CVE-2017-20133 | 1 Itechscripts | 1 Job Portal Script | 2022-07-21 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13. This affects an unknown part of the file /admin. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. | |||||
| CVE-2022-2302 | 1 Lenze | 6 C520, C520 Firmware, C550 and 3 more | 2022-07-18 | 9.3 HIGH | 9.8 CRITICAL |
| Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password. | |||||
| CVE-2022-31125 | 1 Roxy-wi | 1 Roxy-wi | 2022-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-2197 | 1 Exemys | 2 Rme1, Rme1 Firmware | 2022-07-13 | 10.0 HIGH | 9.8 CRITICAL |
| By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. | |||||
| CVE-2021-21502 | 1 Dell | 1 Emc Powerscale Onefs | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity. | |||||
| CVE-2021-31326 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2022-07-12 | 9.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. | |||||
| CVE-2021-27734 | 1 Belden | 2 Hirschmann Hios, Hisecos | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users. | |||||
| CVE-2021-29012 | 1 Dmasoftlab | 1 Dma Radius Manager | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| DMA Softlab Radius Manager 4.4.0 assigns the same session cookie to every admin session. The cookie is valid when the admin is logged in, but is invalid (temporarily) during times when the admin is logged out. In other words, the cookie is functionally equivalent to a static password, and thus provides permanent access if stolen. | |||||
| CVE-2021-45389 | 1 Starwind | 2 Command Center, San\&nas | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| StarWind SAN & NAS build 1578 and StarWind Command Center Build 6864 Update Manager allows authentication with JTW token which is signed with any key. An attacker could use self-signed JTW token to bypass authentication resulting in escalation of privileges. | |||||
| CVE-2021-35943 | 1 Couchbase | 1 Couchbase Server | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513. | |||||
| CVE-2020-19111 | 1 Projectworlds | 1 Online Book Store Project In Php | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | |||||
| CVE-2021-42837 | 1 Talend | 1 Data Catalog | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed. | |||||
| CVE-2021-38299 | 1 Spomky-labs | 1 Webauthn Framwork | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence. | |||||
| CVE-2021-37417 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-07-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation. | |||||
| CVE-2020-24987 | 1 Tendacn | 2 Ac18, Ac18 Firmware | 2022-07-10 | 6.8 MEDIUM | 9.8 CRITICAL |
| Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius". | |||||
| CVE-2021-32691 | 1 Apollosapp | 1 Data-connector-rock | 2022-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within the app, as well as any authenticated links to Rock-based webpages (such as giving and events). There is a patch in version 2.20.0. As a workaround, one can patch one's server by overriding the `create` data source method on the `People` class. | |||||
| CVE-2021-32967 | 1 Deltaww | 1 Diaenergie | 2022-07-02 | 10.0 HIGH | 9.8 CRITICAL |
| Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. | |||||
| CVE-2020-25251 | 1 Hyland | 1 Onbase | 2022-06-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client-side authentication is used for critical functions such as adding users or retrieving sensitive information. | |||||
| CVE-2021-26638 | 1 Xisnd | 1 S\&d Smarthome | 2022-06-30 | 10.0 HIGH | 9.8 CRITICAL |
| Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control. | |||||
| CVE-2021-26637 | 1 Shinasys | 6 Sihas Acm-300, Sihas Acm-300 Firmware, Sihas Gcm-300 and 3 more | 2022-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device. | |||||
| CVE-2022-33139 | 1 Siemens | 1 Wincc Open Architecture | 2022-06-29 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. | |||||
| CVE-2022-29775 | 1 Ispyconnect | 1 Ispy | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. | |||||
| CVE-2022-33750 | 1 Broadcom | 1 Ca Automic Automation | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. | |||||
| CVE-2022-20798 | 1 Cisco | 2 Email Security Appliance, Secure Email And Web Manager | 2022-06-27 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device. This vulnerability is due to improper authentication checks when an affected device uses Lightweight Directory Access Protocol (LDAP) for external authentication. An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device. | |||||
| CVE-2022-20733 | 1 Cisco | 1 Identity Services Engine | 2022-06-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions. This vulnerability is due to exposed sensitive Security Assertion Markup Language (SAML) metadata. An attacker could exploit this vulnerability by using the exposed SAML metadata to bypass authentication to the user portal. A successful exploit could allow the attacker to access all roles without any restrictions. | |||||