Search
Total
644 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16160 | 2 Ftsafe, Microsoft | 3 Securecore, Windows 8, Windows 8.1 | 2018-12-20 | 4.6 MEDIUM | 7.8 HIGH |
| SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC. | |||||
| CVE-2015-3206 | 1 Apple | 1 Pykerberos | 2018-12-20 | 6.8 MEDIUM | 8.1 HIGH |
| The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. | |||||
| CVE-2018-7958 | 1 Huawei | 2 Espace 7950, Espace 7950 Firmware | 2018-12-20 | 5.8 MEDIUM | 7.4 HIGH |
| There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information. | |||||
| CVE-2018-12169 | 2 Intel, Lenovo | 32 Core I3, Core I5, Core I7 and 29 more | 2018-12-20 | 4.6 MEDIUM | 7.6 HIGH |
| Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. | |||||
| CVE-2018-19458 | 1 Php-proxy | 1 Php-proxy | 2018-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. | |||||
| CVE-2017-15297 | 1 Sap | 1 Host Agent | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993. | |||||
| CVE-2018-11787 | 1 Apache | 1 Karaf | 2018-12-06 | 6.8 MEDIUM | 8.1 HIGH |
| In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised. | |||||
| CVE-2018-18891 | 1 1234n | 1 Minicms | 2018-12-03 | 6.4 MEDIUM | 7.5 HIGH |
| MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. | |||||
| CVE-2018-12455 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2018-11-28 | 9.3 HIGH | 8.1 HIGH |
| Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie. | |||||
| CVE-2018-18061 | 1 Tecrail | 1 Responsive Filemanager | 2018-11-28 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files. | |||||
| CVE-2017-7660 | 1 Apache | 1 Solr | 2018-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected. | |||||
| CVE-2018-17341 | 2 Bigtreecms, Microsoft | 2 Bigtree Cms, Windows | 2018-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| BigTree 4.2.23 on Windows, when Advanced or Simple Rewrite routing is enabled, allows remote attackers to bypass authentication via a ..\ substring, as demonstrated by a launch.php?bigtree_htaccess_url=admin/images/..\ URI. | |||||
| CVE-2016-7141 | 2 Haxx, Opensuse | 2 Libcurl, Leap | 2018-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | |||||
| CVE-2018-13435 | 1 Linecorp | 1 Line | 2018-11-08 | 4.4 MEDIUM | 7.0 HIGH |
| ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred. | |||||
| CVE-2018-13446 | 1 Linecorp | 1 Line | 2018-11-08 | 4.4 MEDIUM | 7.0 HIGH |
| ** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred. | |||||
| CVE-2017-10784 | 1 Ruby-lang | 1 Ruby | 2018-10-31 | 9.3 HIGH | 8.8 HIGH |
| The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. | |||||
| CVE-2016-2076 | 1 Vmware | 3 Vcenter Server, Vcloud Automation Identity Appliance, Vcloud Director | 2018-10-30 | 6.8 MEDIUM | 7.6 HIGH |
| Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site. | |||||
| CVE-2016-0755 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Curl | 2018-10-17 | 5.0 MEDIUM | 7.3 HIGH |
| The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. | |||||
| CVE-2017-16348 | 1 Insteon | 2 Insteon Hub, Insteon Hub Firmware | 2018-10-15 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send a UDP packet to trigger this vulnerability. | |||||
| CVE-2016-8371 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2018-10-14 | 7.5 HIGH | 7.3 HIGH |
| The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. | |||||
| CVE-2016-8380 | 1 Phoenixcontact | 2 Ilc Plcs, Ilc Plcs Firmware | 2018-10-14 | 7.5 HIGH | 7.3 HIGH |
| The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication. | |||||
| CVE-2018-2449 | 1 Sap | 1 Supplier Relationship Management Mdm Catalog | 2018-10-11 | 7.5 HIGH | 8.6 HIGH |
| SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying. | |||||
| CVE-2018-7069 | 1 Hp | 1 Centralview Fraud Risk Management | 2018-10-10 | 5.0 MEDIUM | 7.5 HIGH |
| HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version. | |||||
| CVE-2015-7521 | 1 Apache | 1 Hive | 2018-10-09 | 7.5 HIGH | 8.3 HIGH |
| The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations. | |||||
| CVE-2018-10576 | 1 Watchguard | 6 Ap100, Ap100 Firmware, Ap102 and 3 more | 2018-09-16 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user). | |||||
| CVE-2018-7943 | 1 Huawei | 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more | 2018-07-20 | 6.5 MEDIUM | 8.8 HIGH |
| There is an authentication bypass vulnerability in some Huawei servers. A remote attacker with low privilege may bypass the authentication by some special operations. Due to insufficient authentication, an attacker may exploit the vulnerability to get some sensitive information and high-level users' privilege. | |||||
| CVE-2018-11478 | 1 Vgate | 2 Icar 2 Wi-fi Obd2, Icar 2 Wi-fi Obd2 Firmware | 2018-07-05 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network. | |||||
| CVE-2018-7949 | 1 Huawei | 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more | 2018-07-05 | 4.0 MEDIUM | 8.8 HIGH |
| The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users. | |||||
| CVE-2018-7941 | 1 Huawei | 40 1288h V5, 1288h V5 Firmware, 2288h V5 and 37 more | 2018-06-14 | 6.5 MEDIUM | 8.8 HIGH |
| Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A remote attacker with low privilege may craft specific messages to upload authentication certificate to the affected products. Due to improper validation of the upload authority, successful exploit may cause privilege elevation. | |||||
| CVE-2018-9232 | 1 Twsz | 2 Be126, Be126 Firmware | 2018-06-13 | 9.3 HIGH | 7.8 HIGH |
| Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update. | |||||
| CVE-2018-6960 | 1 Vmware | 1 Horizon Daas | 2018-05-22 | 6.5 MEDIUM | 8.8 HIGH |
| VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. | |||||
| CVE-2014-0927 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2018-05-22 | 4.3 MEDIUM | 8.1 HIGH |
| The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port number and webapp path. IBM X-Force ID: 92259. | |||||
| CVE-2014-3999 | 1 Horde | 1 Horde Ldap | 2018-05-18 | 6.8 MEDIUM | 8.1 HIGH |
| The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. | |||||
| CVE-2016-10434 | 1 Qualcomm | 4 Sd 820, Sd 820 Firmware, Sd 820a and 1 more | 2018-05-01 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. However, some of the processing occurs before the buffer is authenticated. The function will return various types of errors depending on the values of the `response` and `result` fields of the buffer before verifying the HMAC tag. | |||||
| CVE-2017-18223 | 1 Bmc | 1 Remedy Action Request System | 2018-04-09 | 6.8 MEDIUM | 8.1 HIGH |
| BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is enabled, allows attackers to obtain administrative access. | |||||
| CVE-2016-7114 | 1 Siemens | 2 En100 Ethernet Module, En100 Ethernet Module Firmware | 2018-03-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02; SIPROTEC 7SJ686 : All versions < V 4.87; SIPROTEC 7UT686 : All versions < V 4.02; SIPROTEC 7SD686 : All versions < V 4.05; SIPROTEC 7SJ66 : All versions < V 4.30. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. A legitimate user must be logged into the web interface for the attack to be successful. | |||||
| CVE-2018-6569 | 1 West-wind | 1 Web Connection | 2018-03-13 | 10.0 HIGH | 8.8 HIGH |
| West Wind Web Server 6.x does not require authentication for /ADMIN.ASP. | |||||
| CVE-2017-18179 | 1 Progress | 1 Sitefinity | 2018-03-05 | 6.5 MEDIUM | 8.8 HIGH |
| Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring authentication token that remains valid after a password change or a session termination. Also, it is transmitted as a GET parameter. This is fixed in 10.1. | |||||
| CVE-2017-1000354 | 1 Jenkins | 1 Jenkins | 2018-02-15 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance. | |||||
| CVE-2017-3765 | 2 Ibm, Lenovo | 30 1g L2-7 Slb Switch For Bladecenter, Bladecenter 1\, Bladecenter Layer 2\/3 Copper Ethernet Switch Module and 27 more | 2018-02-06 | 6.2 MEDIUM | 7.0 HIGH |
| In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted. | |||||
| CVE-2014-6435 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2018-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. | |||||
| CVE-2017-16689 | 1 Sap | 1 Sap Kernel | 2018-01-04 | 6.5 MEDIUM | 8.8 HIGH |
| A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. | |||||
| CVE-2017-13872 | 1 Apple | 1 Mac Os X | 2017-12-30 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name. | |||||
| CVE-2017-6868 | 1 Siemens | 1 Simatic Cp 44x-1 Redundant Network Access Modules | 2017-12-30 | 6.8 MEDIUM | 8.1 HIGH |
| An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attacker may be able to perform administrative actions on the Communication Process (CP) of the RNA series module, if network access to Port 102/TCP is available and the configuration file for the CP is stored on the RNA's CPU. | |||||
| CVE-2017-16953 | 1 Zte | 2 Zxdsl 831cii, Zxdsl 831cii Firmware | 2017-12-28 | 5.0 MEDIUM | 7.5 HIGH |
| connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. | |||||
| CVE-2017-17435 | 1 Vaulteksafe | 2 Vt20i, Vt20i Firmware | 2017-12-22 | 8.3 HIGH | 8.8 HIGH |
| An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request, the safe does not check the PIN code, so an attacker can obtain authorization using any value. Once an attacker sees the Bluetooth Low Energy (BLE) advertisement for the safe, they need only to write a BLE characteristic to enable notifications, and send a crafted getAuthor packet that returns a temporary key, and an unlock packet including that temporary key. The safe then opens after the unlock packet is processed, with no verification of PIN or other credentials. | |||||
| CVE-2017-8194 | 1 Huawei | 1 Fusionsphere Openstack | 2017-12-20 | 6.5 MEDIUM | 8.8 HIGH |
| The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. | |||||
| CVE-2017-8195 | 1 Huawei | 1 Fusionsphere Openstack | 2017-12-08 | 6.5 MEDIUM | 8.8 HIGH |
| The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. | |||||
| CVE-2017-9314 | 1 Dahuasecurity | 44 Nvr5208-4ks2, Nvr5208-4ks2 Firmware, Nvr5208-8p-4ks2 and 41 more | 2017-11-29 | 6.5 MEDIUM | 8.8 HIGH |
| Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. | |||||
| CVE-2017-14032 | 1 Arm | 1 Mbed Tls | 2017-11-08 | 6.8 MEDIUM | 8.1 HIGH |
| ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. | |||||