Search
Total
2785 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22171 | 1 Gitlab | 1 Gitlab | 2021-01-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link | |||||
| CVE-2020-5633 | 1 Nec | 7 Baseboard Management Controller, Express5800\/gt110j, Express5800\/t110j and 4 more | 2021-01-21 | 9.0 HIGH | 9.8 CRITICAL |
| Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors. | |||||
| CVE-2020-5686 | 1 Nec | 4 Univerge Sv8500, Univerge Sv8500 Firmware, Univerge Sv9500 and 1 more | 2021-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL. | |||||
| CVE-2020-27488 | 1 Loxone | 2 Miniserver Gen 1, Miniserver Gen 1 Firmware | 2021-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices (or attackers who are spoofing these devices) can continue to use an unauthenticated cloud service for an indeterminate time period (possibly forever). Once an individual device's firmware is updated, and authentication occurs once, the cloud service recategorizes the device so that authentication is subsequently always required, and spoofing cannot occur. | |||||
| CVE-2017-8028 | 2 Debian, Pivotal Software | 2 Debian Linux, Spring-ldap | 2021-01-20 | 5.1 MEDIUM | 8.1 HIGH |
| In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect. | |||||
| CVE-2015-6926 | 1 Oxid-esales | 1 Eshop | 2021-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token. | |||||
| CVE-2012-1123 | 1 Mantisbt | 1 Mantisbt | 2021-01-12 | 7.5 HIGH | N/A |
| The mci_check_login function in api/soap/mc_api.php in the SOAP API in MantisBT before 1.2.9 allows remote attackers to bypass authentication via a null password. | |||||
| CVE-2014-6387 | 1 Mantisbt | 1 Mantisbt | 2021-01-12 | 5.0 MEDIUM | N/A |
| gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind. | |||||
| CVE-2012-10001 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2021-01-08 | 5.0 MEDIUM | 9.8 CRITICAL |
| The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts. | |||||
| CVE-2018-16877 | 3 Canonical, Clusterlabs, Fedoraproject | 3 Ubuntu Linux, Pacemaker, Fedora | 2021-01-07 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. | |||||
| CVE-2019-20933 | 1 Influxdata | 1 Influxdb | 2021-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret). | |||||
| CVE-2020-10148 | 1 Solarwinds | 1 Orion Platform | 2020-12-31 | 7.5 HIGH | 9.8 CRITICAL |
| The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. | |||||
| CVE-2020-9207 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2020-12-31 | 6.8 MEDIUM | 7.8 HIGH |
| There is an improper authentication vulnerability in some verisons of Huawei CloudEngine product. A module does not verify the input file properly. Attackers can exploit this vulnerability by crafting malicious files to bypass current verification mechanism. This can compromise normal service. | |||||
| CVE-2020-35785 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2020-12-31 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). | |||||
| CVE-2020-26030 | 1 Zammad | 1 Zammad | 2020-12-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zammad before 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users. | |||||
| CVE-2020-27780 | 1 Linux-pam | 1 Linux-pam | 2020-12-28 | 10.0 HIGH | 9.8 CRITICAL |
| A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. | |||||
| CVE-2020-24579 | 1 D-link | 2 Dsl2888a, Dsl2888a Firmware | 2020-12-23 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. | |||||
| CVE-2020-27254 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2020-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. | |||||
| CVE-2020-27199 | 1 Magic Home Pro Project | 1 Magic Home Pro | 2020-12-22 | 5.0 MEDIUM | 7.5 HIGH |
| The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user. | |||||
| CVE-2019-5453 | 1 Nextcloud | 1 Nextcloud | 2020-12-18 | 3.6 LOW | 6.1 MEDIUM |
| Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. | |||||
| CVE-2020-4747 | 1 Ibm | 1 Connect\ | 2020-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods. IBM X-Force ID: 188516. | |||||
| CVE-2020-29669 | 1 Macally | 2 Wifisd2-2a82, Wifisd2-2a82 Firmware | 2020-12-15 | 9.0 HIGH | 8.8 HIGH |
| In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise. | |||||
| CVE-2020-29563 | 1 Westerndigital | 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more | 2020-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device. | |||||
| CVE-2020-35208 | 1 Logmein | 1 Lastpass | 2020-12-15 | 3.3 LOW | 5.7 MEDIUM |
| ** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary password. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices. | |||||
| CVE-2020-35207 | 1 Logmein | 1 Lastpass | 2020-12-15 | 3.3 LOW | 5.7 MEDIUM |
| ** DISPUTED ** An issue was discovered in the LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app 4.8.11.2403 for iOS. The PIN authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authenticate with an arbitrary PIN. NOTE: the vendor has indicated that this is not an attack of interest within the context of their threat model, which excludes jailbroken devices. | |||||
| CVE-2020-25183 | 1 Medtronic | 2 Mycarelink Smart Model 25000, Mycarelink Smart Model 25000 Firmware | 2020-12-15 | 5.8 MEDIUM | 8.8 HIGH |
| Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass. This vuln allows attacker to use other mobile device or malicious app on smartphone to auth to the patient’s Smart Reader, fools the device into thinking its communicating with the actual smart phone application when executed in range of Bluetooth. | |||||
| CVE-2020-7787 | 1 React-adal Project | 1 React-adal | 2020-12-11 | 5.0 MEDIUM | 8.2 HIGH |
| This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is caused by how the nonce, session and refresh values are stored in the browser local storage or session storage. Each key is automatically appended by ||. When the received nonce and session keys are generated, the list of values is stored in the browser storage, separated by ||, with || always appended to the end of the list. Since || will always be the last 2 characters of the stored values, an empty string ("") will always be in the list of the valid values. Therefore, if an empty session parameter is provided in the callback URL, and a specially-crafted JWT token contains an nonce value of "" (empty string), then adal.js will consider the JWT token as authentic. | |||||
| CVE-2020-26834 | 1 Sap | 1 Hana Database | 2020-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| SAP HANA Database, version - 2.0, does not correctly validate the username when performing SAML bearer token-based user authentication. It is possible to manipulate a valid existing SAML bearer token to authenticate as a user whose name is identical to the truncated username for whom the SAML bearer token was issued. | |||||
| CVE-2011-2766 | 2 Debian, Fast Cgi Project | 2 Debian Linux, Fast Cgi | 2020-12-08 | 7.5 HIGH | N/A |
| The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers. | |||||
| CVE-2008-1327 | 1 Gallarific | 1 Gallarific | 2020-12-08 | 7.5 HIGH | N/A |
| Gallarific does not require authentication for (1) users.php and (2) index.php, which allows remote attackers to add and edit tasks via a direct request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2020-7378 | 1 Opencrx | 1 Opencrx | 2020-12-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability. An attacker who is able to connect to the affected OpenCRX instance can change the password of any user, including admin-Standard, to any chosen value. This issue was resolved in version 5.0-20200904, released September 4, 2020. | |||||
| CVE-2020-7199 | 1 Hp | 1 Edgeline Infrastructure Manager | 2020-12-04 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. | |||||
| CVE-2020-26236 | 1 Scratchverifier | 1 Scratchverifier | 2020-12-04 | 5.1 MEDIUM | 7.5 HIGH |
| In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login. | |||||
| CVE-2020-9049 | 1 Johnsoncontrols | 2 C-cure Web, Victor Web | 2020-12-04 | 5.7 MEDIUM | 5.3 MEDIUM |
| A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack. | |||||
| CVE-2020-29127 | 1 Fujitsu | 2 Eternus Storage Dx200 S4, Eternus Storage Dx200 S4 Firmware | 2020-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser. | |||||
| CVE-2020-1778 | 1 Otrs | 1 Otrs | 2020-12-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions. | |||||
| CVE-2020-25165 | 1 Bd | 3 Alaris 8015 Pcu, Alaris 8015 Pcu Firmware, Alaris Systems Manager | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products are vulnerable to a network session authentication vulnerability within the authentication process between specified versions of the BD Alaris PC Unit and the BD Alaris Systems Manager. If exploited, an attacker could perform a denial-of-service attack on the BD Alaris PC Unit by modifying the configuration headers of data in transit. A denial-of-service attack could lead to a drop in the wireless capability of the BD Alaris PC Unit, resulting in manual operation of the PC Unit. | |||||
| CVE-2020-28638 | 1 Dyne | 1 Tomb | 2020-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key. | |||||
| CVE-2020-27558 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2020-12-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. | |||||
| CVE-2014-3552 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.0 MEDIUM | N/A |
| The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. | |||||
| CVE-2014-0214 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.8 MEDIUM | N/A |
| login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | |||||
| CVE-2013-2245 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. | |||||
| CVE-2010-1613 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.8 MEDIUM | N/A |
| Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. | |||||
| CVE-2011-4590 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | |||||
| CVE-2020-8272 | 1 Citrix | 1 Sd-wan | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | |||||
| CVE-2020-4771 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2020-11-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint. By using known tools to subscribe to the websocket event stream, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 188993. | |||||
| CVE-2019-14553 | 1 Tianocore | 1 Edk2 | 2020-11-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. | |||||
| CVE-2020-2050 | 1 Paloaltonetworks | 1 Pan-os | 2020-11-24 | 6.4 MEDIUM | 8.2 HIGH |
| An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to restricted VPN network resources when the gateway or portal is configured to rely entirely on certificate-based authentication. Impacted features that use SSL VPN with client certificate verification are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN In configurations where client certificate verification is used in conjunction with other authentication methods, the protections added by the certificate check are ignored as a result of this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17; PAN-OS 9.0 versions earlier than PAN-OS 9.0.11; PAN-OS 9.1 versions earlier than PAN-OS 9.1.5; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. | |||||
| CVE-2020-26542 | 1 Percona | 1 Percona Server | 2020-11-23 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the MongoDB Simple LDAP plugin through 2020-10-02 for Percona Server when using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account. | |||||
| CVE-2009-1122 | 1 Microsoft | 2 Internet Information Services, Windows 2000 | 2020-11-23 | 7.5 HIGH | N/A |
| The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535. | |||||