Search
Total
676 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7378 | 1 Opencrx | 1 Opencrx | 2020-12-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020. | |||||
| CVE-2020-7199 | 1 Hp | 1 Edgeline Infrastructure Manager | 2020-12-04 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. | |||||
| CVE-2020-29127 | 1 Fujitsu | 2 Eternus Storage Dx200 S4, Eternus Storage Dx200 S4 Firmware | 2020-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser. | |||||
| CVE-2020-28638 | 1 Dyne | 1 Tomb | 2020-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key. | |||||
| CVE-2020-26542 | 1 Percona | 1 Percona Server | 2020-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account. | |||||
| CVE-2020-26168 | 1 Hazelcast | 2 Hazelcast, Jet | 2020-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| The LDAP authentication method in LdapLoginModule in Hazelcast IMDG Enterprise 4.x before 4.0.3, and Jet Enterprise 4.x through 4.2, doesn't verify properly the password in some system-user-dn scenarios. As a result, users (clients/members) can be authenticated even if they provide invalid passwords. | |||||
| CVE-2020-26214 | 1 Alerta Project | 1 Alerta | 2020-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| In Alerta before version 8.1.0, users may be able to bypass LDAP authentication if they provide an empty password when Alerta server is configure to use LDAP as the authorization provider. Only deployments where LDAP servers are configured to allow unauthenticated authentication mechanism for anonymous authorization are affected. A fix has been implemented in version 8.1.0 that returns HTTP 401 Unauthorized response for any authentication attempts where the password field is empty. As a workaround LDAP administrators can disallow unauthenticated bind requests by clients. | |||||
| CVE-2020-7197 | 1 Hp | 1 Storeserv Management Console | 2020-11-16 | 7.5 HIGH | 9.8 CRITICAL |
| SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later. | |||||
| CVE-2020-12145 | 1 Silver-peak | 1 Unity Orchestrator | 2020-11-12 | 7.5 HIGH | 9.8 CRITICAL |
| Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+ uses HTTP headers to authenticate REST API calls from localhost. This makes it possible to log in to Orchestrator by introducing an HTTP HOST header set to 127.0.0.1 or localhost. Orchestrator instances that are hosted by customers –on-premise or in a public cloud provider –are affected by this vulnerability. | |||||
| CVE-2020-2299 | 1 Jenkins | 1 Active Directory | 2020-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user if a magic constant is used as the password. | |||||
| CVE-2020-2301 | 1 Jenkins | 1 Active Directory | 2020-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins Active Directory Plugin 2.19 and earlier allows attackers to log in as any user with any password while a successful authentication of that user is still in the optional cache when using Windows/ADSI mode. | |||||
| CVE-2020-2300 | 1 Jenkins | 1 Active Directory | 2020-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the use of an empty password in Windows/ADSI mode, which allows attackers to log in to Jenkins as any user depending on the configuration of the Active Directory server. | |||||
| CVE-2020-24629 | 1 Hp | 1 Intelligent Management Center | 2020-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2019-3927 | 1 Crestron | 4 Am-100, Am-100 Firmware, Am-101 and 1 more | 2020-10-16 | 5.0 MEDIUM | 9.8 CRITICAL |
| Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.2.8.2 OIDs. A remote, unauthenticated attacker can use this vulnerability to change the admin or moderator user's password and gain access to restricted areas on the HTTP interface. | |||||
| CVE-2020-12126 | 1 Wavlink | 2 Wn530h4, Wn530h4 Firmware | 2020-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint. | |||||
| CVE-2019-16028 | 1 Cisco | 1 Firepower Management Center | 2020-10-07 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device. | |||||
| CVE-2020-16251 | 1 Hashicorp | 1 Vault | 2020-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. | |||||
| CVE-2019-11064 | 2 Androvideo, Geovision | 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more | 2020-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. | |||||
| CVE-2018-17431 | 1 Comodo | 1 Unified Threat Management Firewall | 2020-09-22 | 7.5 HIGH | 9.8 CRITICAL |
| Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. | |||||
| CVE-2020-24786 | 1 Zohocorp | 11 Manageengine Ad360, Manageengine Adaudit Plus, Manageengine Admanager Plus and 8 more | 2020-09-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before build number 12136, ADAudit Plus before build number 6052, O365 Manager Plus before build number 4334, Cloud Security Plus before build number 4110, ADManager Plus before build number 7055, and Log360 before build number 5166. The remotely accessible Java servlet com.manageengine.ads.fw.servlet.UpdateProductDetails is prone to an authentication bypass. System integration properties can be modified and lead to full ManageEngine suite compromise. | |||||
| CVE-2020-24029 | 1 Forlogic | 1 Qualiex | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. | |||||
| CVE-2020-5777 | 1 Magmi Project | 1 Magmi | 2020-09-08 | 7.5 HIGH | 9.8 CRITICAL |
| MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. A remote attacker can trigger this connection failure if the Mysql setting max_connections (default 151) is lower than Apache (or another web server) setting MaxRequestWorkers (formerly MaxClients) (default 256). This can be done by sending at least 151 simultaneous requests to the Magento website to trigger a "Too many connections" error, then use default magmi:magmi basic authentication to remotely bypass authentication. | |||||
| CVE-2020-16169 | 1 Robotemi | 1 Robox Os | 2020-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified vectors. | |||||
| CVE-2019-13336 | 1 Dbell | 2 Db01-s, Db01-s Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The dbell Wi-Fi Smart Video Doorbell DB01-S Gen 1 allows remote attackers to launch commands with no authentication verification via TCP port 81, because the loginuse and loginpass parameters to openlock.cgi can have arbitrary values. NOTE: the vendor's position is that this product reached end of life in 2016. | |||||
| CVE-2019-13372 | 1 Dlink | 1 Central Wifimanager | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| /web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. | |||||
| CVE-2019-14985 | 1 Eq-3 | 4 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 1 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| eQ-3 Homematic CCU2 and CCU3 with the CUxD AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because this interface can access the CMD_EXEC virtual device type 28. | |||||
| CVE-2019-15803 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. | |||||
| CVE-2019-15897 | 1 Thinkparq | 1 Beegfs | 2020-08-24 | 8.3 HIGH | 9.6 CRITICAL |
| beegfs-ctl in ThinkParQ BeeGFS through 7.1.3 allows Authentication Bypass via communication with a BeeGFS metadata server (which is typically not exposed to external networks). | |||||
| CVE-2019-16649 | 1 Supermicro | 672 A1sa2-2750f, A1sa2-2750f Firmware, A1sai-2550f and 669 more | 2020-08-24 | 5.0 MEDIUM | 10.0 CRITICAL |
| On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. | |||||
| CVE-2019-13294 | 1 Arox | 1 School-erp | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| AROX School-ERP Pro has a command execution vulnerability. import_stud.php and upload_fille.php do not have session control. Therefore an unauthenticated user can execute a command on the system. | |||||
| CVE-2019-13188 | 1 Eng | 1 Knowage | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| In Knowage through 6.1.1, an unauthenticated user can bypass access controls and access the entire application. | |||||
| CVE-2019-12564 | 1 Douco | 1 Douphp | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| In DouCo DouPHP v1.5 Release 20190516, remote attackers can view the database backup file via a brute-force guessing approach for data/backup/DyyyymmddThhmmss.sql filenames. | |||||
| CVE-2019-12530 | 1 Glpi Dashboard Project | 1 Glpi Dashboard | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect access control was discovered in the stdonato Dashboard plugin through 0.9.7 for GLPI, affecting df.php, issue.php, load.php, mem.php, traf.php, and uptime.php in front/sh. | |||||
| CVE-2019-19006 | 1 Sangoma | 1 Freepbx | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control. | |||||
| CVE-2019-12440 | 1 Sitecore | 1 Rocks | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service. | |||||
| CVE-2019-11733 | 1 Mozilla | 2 Firefox, Firefox Esr | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2. | |||||
| CVE-2019-11576 | 1 Gitea | 1 Gitea | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password. | |||||
| CVE-2019-20489 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header in the 401 Unauthorized response, and then repeats the FW_remote.htm&todo=cfg_init request with the specified cookie. | |||||
| CVE-2019-20481 | 1 Miele | 2 Xgw 3000 Zigbee Gateway, Xgw 3000 Zigbee Gateway Firmware | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480. | |||||
| CVE-2019-11232 | 1 Eic | 1 Biyan | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information (Password) without being authenticated, by sending an EMP_NO element to the kws_login/asp/query_user.asp URI, and then reading the PWD element. | |||||
| CVE-2019-5909 | 1 Yokogawa | 4 B\/m 9000 Vp, Centum Vp, Prm and 1 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| License Manager Service of YOKOGAWA products (CENTUM VP (R5.01.00 - R6.06.00), CENTUM VP Entry Class (R5.01.00 - R6.06.00), ProSafe-RS (R3.01.00 - R4.04.00), PRM (R4.01.00 - R4.02.00), B/M9000 VP(R7.01.01 - R8.02.03)) allows remote attackers to bypass access restriction to send malicious files to the PC where License Manager Service runs via unspecified vectors. | |||||
| CVE-2019-11187 | 2 Debian, Gonicus | 2 Debian Linux, Gosa | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided. | |||||
| CVE-2019-6441 | 1 Coship | 8 Rt3050, Rt3050 Firmware, Rt3052 and 5 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router. | |||||
| CVE-2019-11202 | 1 Rancher | 1 Rancher | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them. | |||||
| CVE-2019-11081 | 1 Dentsplysirona | 1 Sidexis | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| A default username and password in Dentsply Sirona Sidexis 4.3.1 and earlier allows an attacker to gain administrative access to the application server. | |||||
| CVE-2019-10661 | 1 Grandstream | 2 Gxv3611ir Hd, Gxv3611ir Hd Firmware | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password. | |||||
| CVE-2019-9124 | 1 D-link | 2 Dir-878, Dir-878 Firmware | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on D-Link DIR-878 1.12B01 devices. At the /HNAP1 URI, an attacker can log in with a blank password. | |||||
| CVE-2019-9629 | 1 Sonatype | 1 Nexus Repository Manager | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Sonatype Nexus Repository Manager before 3.17.0 establishes a default administrator user with weak defaults (fixed credentials). | |||||
| CVE-2018-19392 | 1 Cobham | 4 Satcom Sailor 250, Satcom Sailor 250 Firmware, Satcom Sailor 500 and 1 more | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields). | |||||
| CVE-2018-7213 | 1 Abine | 1 Blur | 2020-08-24 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 allows attackers to bypass the Multi-Factor Authentication and macOS disk-encryption protection mechanisms, and consequently exfiltrate secured data, because the right-click context menu is not secured. | |||||