Search
Total
644 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27985 | 1 Securityonionsolutions | 1 Security Onion | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup. | |||||
| CVE-2020-9910 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | |||||
| CVE-2019-10562 | 1 Qualcomm | 56 Ipq6018, Ipq6018 Firmware, Kamorta and 53 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MSM8998, Nicobar, QCS404, QCS605, QCS610, Rennell, SA415M, SA6155P, SC7180, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-6235 | 1 Sap | 1 Solution Manager | 2021-07-21 | 5.0 MEDIUM | 8.6 HIGH |
| SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication. | |||||
| CVE-2020-10833 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. The DeX Lockscreen allows attackers to access the quick panel and notifications. The Samsung ID is SVE-2019-16532 (March 2020). | |||||
| CVE-2019-20771 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, 8.1, and 9.0 software. WapService allows unconfirmed configuration changes via a modified OMACP message. The LG ID is LVE-SMP-190006 (August 2019). | |||||
| CVE-2020-13304 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions. | |||||
| CVE-2020-27523 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service. | |||||
| CVE-2018-8171 | 1 Microsoft | 3 Asp.net Core, Asp.net Model View Controller, Asp.net Webpages | 2021-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka "ASP.NET Security Feature Bypass Vulnerability." This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2. | |||||
| CVE-2021-32693 | 1 Sensiolabs | 1 Symfony | 2021-06-24 | 6.5 MEDIUM | 8.8 HIGH |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the firewalls was available for all other firewalls. This could be abused when the application defines different providers for each part of the application, in such a situation, a user authenticated on a part of the application could be considered authenticated on the rest of the application. Starting in version 5.3.2, a patch ensures that the authenticated token is only available for the firewall that generates it. | |||||
| CVE-2021-0570 | 1 Google | 1 Android | 2021-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| In sendBugreportNotification of BugreportProgressService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-178803845 | |||||
| CVE-2021-0571 | 1 Google | 1 Android | 2021-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137395936 | |||||
| CVE-2021-1541 | 1 Cisco | 18 Sf220-24, Sf220-24 Firmware, Sf220-24p and 15 more | 2021-06-23 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-25424 | 1 Samsung | 18 Galaxy Watch, Galaxy Watch 3, Galaxy Watch 3 Firmware and 15 more | 2021-06-17 | 5.8 MEDIUM | 8.8 HIGH |
| Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. | |||||
| CVE-2020-14380 | 1 Redhat | 1 Satellite | 2021-06-16 | 6.0 MEDIUM | 7.5 HIGH |
| An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite. | |||||
| CVE-2016-4953 | 5 Ntp, Opensuse, Oracle and 2 more | 15 Ntp, Leap, Opensuse and 12 more | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | |||||
| CVE-2014-0097 | 1 Vmware | 1 Spring Security | 2021-06-08 | 7.5 HIGH | 7.3 HIGH |
| The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password. | |||||
| CVE-2020-10709 | 1 Redhat | 1 Ansible Tower | 2021-06-08 | 3.6 LOW | 7.1 HIGH |
| A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to Ansible Tower, which allows any user that can gain access to the token to be fully authenticated to Ansible Tower. This flaw affects Ansible Tower versions before 3.6.4 and Ansible Tower versions before 3.5.6. | |||||
| CVE-2021-20288 | 3 Fedoraproject, Linuxfoundation, Redhat | 3 Fedora, Ceph, Ceph Storage | 2021-06-03 | 6.5 MEDIUM | 7.2 HIGH |
| An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-29047 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer. | |||||
| CVE-2021-31520 | 1 Trendmicro | 1 Im Security | 2021-05-19 | 6.8 MEDIUM | 8.1 HIGH |
| A weak session token authentication bypass vulnerability in Trend Micro IM Security 1.6 and 1.6.5 could allow an remote attacker to guess currently logged-in administrators' session session token in order to gain access to the product's web management interface. | |||||
| CVE-2021-26077 | 1 Atlassian | 1 Connect Spring Boot | 2021-05-18 | 6.5 MEDIUM | 8.8 HIGH |
| Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Spring Boot app occurs with a server-to-server JWT or a context JWT. Atlassian Connect Spring Boot versions 1.1.0 before 2.1.3 and versions 2.1.4 before 2.1.5 erroneously accept context JWTs in lifecycle endpoints (such as installation) where only server-to-server JWTs should be accepted, permitting an attacker to send authenticated re-installation events to an app. | |||||
| CVE-2020-36125 | 1 Paxtechnology | 1 Paxstore | 2021-05-13 | 5.5 MEDIUM | 7.1 HIGH |
| Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attacker through requesting the endpoint directly. | |||||
| CVE-2021-25147 | 1 Arubanetworks | 1 Airwave | 2021-05-08 | 6.8 MEDIUM | 8.1 HIGH |
| A remote authentication restriction bypass vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2015-7974 | 4 Debian, Netapp, Ntp and 1 more | 8 Debian Linux, Clustered Data Ontap, Oncommand Balance and 5 more | 2021-04-26 | 4.0 MEDIUM | 7.7 HIGH |
| NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |||||
| CVE-2017-8405 | 1 Dlink | 4 Dcs-1100, Dcs-1100 Firmware, Dcs-1130 and 1 more | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The binary rtspd in /sbin folder of the device handles all the rtsp connections received by the device. It seems that the binary loads at address 0x00012CF4 a flag called "Authenticate" that indicates whether a user should be authenticated or not before allowing access to the video feed. By default, the value for this flag is zero and can be set/unset using the HTTP interface and network settings tab as shown below. The device requires that a user logging to the HTTP management interface of the device to provide a valid username and password. However, the device does not enforce the same restriction by default on RTSP URL due to the checkbox unchecked by default, thereby allowing any attacker in possession of external IP address of the camera to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. | |||||
| CVE-2020-8863 | 1 Dlink | 6 Dir-867, Dir-867 Firmware, Dir-878 and 3 more | 2021-04-23 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.10B04. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-9470. | |||||
| CVE-2017-9100 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2021-04-23 | 8.3 HIGH | 8.8 HIGH |
| login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | |||||
| CVE-2021-22497 | 1 Microfocus | 1 Netiq Advanced Authentication | 2021-04-21 | 6.5 MEDIUM | 7.2 HIGH |
| Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue. | |||||
| CVE-2021-27990 | 1 Appspace | 1 Appspace | 2021-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities. | |||||
| CVE-2019-20464 | 1 Sannce | 2 Smart Hd Wifi Security Camera Ean 2 950004 595317, Smart Hd Wifi Security Camera Ean 2 950004 595317 Firmware | 2021-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating. | |||||
| CVE-2020-29633 | 1 Apple | 2 Mac Os X, Macos | 2021-04-08 | 6.5 MEDIUM | 8.8 HIGH |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy. | |||||
| CVE-2021-23923 | 1 Devolutions | 1 Devolutions Server | 2021-04-06 | 4.9 MEDIUM | 8.1 HIGH |
| An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users. | |||||
| CVE-2021-25368 | 1 Samsung | 1 Cloud | 2021-03-30 | 5.0 MEDIUM | 7.5 HIGH |
| Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. | |||||
| CVE-2021-26070 | 1 Atlassian | 2 Data Center, Jira | 2021-03-26 | 6.4 MEDIUM | 7.2 HIGH |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. The affected versions are before version 8.13.3, and from version 8.14.0 before 8.14.1. | |||||
| CVE-2021-22496 | 1 Microfocus | 1 Access Manager | 2021-03-25 | 5.0 MEDIUM | 7.5 HIGH |
| Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. | |||||
| CVE-2021-21378 | 1 Envoyproxy | 1 Envoy | 2021-03-24 | 6.4 MEDIUM | 8.2 HIGH |
| Envoy is a cloud-native high-performance edge/middle/service proxy. In Envoy version 1.17.0 an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list when Envoy's JWT Authentication filter is configured with the `allow_missing` requirement under `requires_any` due to a mistake in implementation. Envoy's JWT Authentication filter can be configured with the `allow_missing` requirement that will be satisfied if JWT is missing (JwtMissed error) and fail if JWT is presented or invalid. Due to a mistake in implementation, a JwtUnknownIssuer error was mistakenly converted to JwtMissed when `requires_any` was configured. So if `allow_missing` was configured under `requires_any`, an attacker can bypass authentication by presenting a JWT token with an issuer that is not in the provider list. Integrity may be impacted depending on configuration if the JWT token is used to protect against writes or modifications. This regression was introduced on 2020/11/12 in PR 13839 which fixed handling `allow_missing` under RequiresAny in a JwtRequirement (see issue 13458). The AnyVerifier aggregates the children verifiers' results into a final status where JwtMissing is the default error. However, a JwtUnknownIssuer was mistakenly treated the same as a JwtMissing error and the resulting final aggregation was the default JwtMissing. As a result, `allow_missing` would allow a JWT token with an unknown issuer status. This is fixed in version 1.17.1 by PR 15194. The fix works by preferring JwtUnknownIssuer over a JwtMissing error, fixing the accidental conversion and bypass with `allow_missing`. A user could detect whether a bypass occurred if they have Envoy logs enabled with debug verbosity. Users can enable component level debug logs for JWT. The JWT filter logs will indicate that there is a request with a JWT token and a failure that the JWT token is missing. | |||||
| CVE-2020-35231 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2021-03-17 | 8.3 HIGH | 8.8 HIGH |
| The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was affected by an authentication issue that allows an attacker to bypass access controls and obtain full control of the device. | |||||
| CVE-2020-5148 | 1 Sonicwall | 1 Directory Services Connector | 2021-03-15 | 6.4 MEDIUM | 8.2 HIGH |
| SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls. | |||||
| CVE-2021-27876 | 1 Veritas | 1 Backup Exec | 2021-03-08 | 7.5 HIGH | 8.1 HIGH |
| An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges. | |||||
| CVE-2021-27878 | 1 Veritas | 1 Backup Exec | 2021-03-08 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges. | |||||
| CVE-2017-1000433 | 2 Debian, Pysaml2 Project | 2 Debian Linux, Pysaml2 | 2021-03-04 | 6.8 MEDIUM | 8.1 HIGH |
| pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. | |||||
| CVE-2021-22858 | 1 Changjia Property Management System Project | 1 Changjia Property Management System | 2021-02-23 | 6.5 MEDIUM | 8.8 HIGH |
| Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions. | |||||
| CVE-2021-3282 | 1 Hashicorp | 1 Vault | 2021-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Vault Enterprise 1.6.0 & 1.6.1 allowed the `remove-peer` raft operator command to be executed against DR secondaries without authentication. Fixed in 1.6.2. | |||||
| CVE-2021-3297 | 1 Zyxel | 2 Nbg2105, Nbg2105 Firmware | 2021-02-03 | 7.2 HIGH | 7.8 HIGH |
| On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | |||||
| CVE-2017-1000489 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2021-01-25 | 6.8 MEDIUM | 8.1 HIGH |
| Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address | |||||
| CVE-2020-5686 | 1 Nec | 4 Univerge Sv8500, Univerge Sv8500 Firmware, Univerge Sv9500 and 1 more | 2021-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL. | |||||
| CVE-2017-8028 | 2 Debian, Pivotal Software | 2 Debian Linux, Spring-ldap | 2021-01-20 | 5.1 MEDIUM | 8.1 HIGH |
| In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect. | |||||
| CVE-2015-6926 | 1 Oxid-esales | 1 Eshop | 2021-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token. | |||||
| CVE-2018-16877 | 3 Canonical, Clusterlabs, Fedoraproject | 3 Ubuntu Linux, Pacemaker, Fedora | 2021-01-07 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. | |||||