Total
3455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3317 | 1 Netgear | 2 Wnr1000, Wnr1000 Firmware | 2020-02-01 | 10.0 HIGH | 9.8 CRITICAL |
| Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. | |||||
| CVE-2013-3215 | 1 Vtiger | 1 Vtiger Crm | 2020-01-31 | 7.5 HIGH | 9.8 CRITICAL |
| vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function. | |||||
| CVE-2013-1596 | 1 Vivotek | 2 Pt7135, Pt7135 Firmware | 2020-01-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554. | |||||
| CVE-2013-4462 | 1 Portable Phpmyadmin Project | 1 Portable Phpmyadmin | 2020-01-31 | 6.4 MEDIUM | 9.1 CRITICAL |
| WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability | |||||
| CVE-2012-6451 | 1 Lorextechnology | 4 Lnc104, Lnc104 Firmware, Lnc116 and 1 more | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability | |||||
| CVE-2013-3071 | 1 Netgear | 2 Wndr4700, Wndr4700 Firmware | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authentication bypass. | |||||
| CVE-2020-1787 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2020-01-29 | 7.2 HIGH | 6.6 MEDIUM |
| HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an instant, without unlocking the screen lock of the host user. | |||||
| CVE-2020-5224 | 1 Django-user-sessions Project | 1 Django-user-sessions | 2020-01-29 | 4.0 MEDIUM | 8.8 HIGH |
| In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen. | |||||
| CVE-2020-1840 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2020-01-29 | 3.6 LOW | 6.0 MEDIUM |
| HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8) | |||||
| CVE-2020-7222 | 1 Amcrest | 1 Web Server | 2020-01-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them). | |||||
| CVE-2019-15585 | 1 Gitlab | 1 Gitlab | 2020-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. | |||||
| CVE-2012-2714 | 1 Browserid Project | 1 Browserid | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier. | |||||
| CVE-2020-1788 | 1 Huawei | 2 Honor V30, Honor V30 Firmware | 2020-01-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure. | |||||
| CVE-2012-1258 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2020-01-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters. | |||||
| CVE-2014-2651 | 1 Atos | 28 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 25 more | 2020-01-21 | 10.0 HIGH | 9.8 CRITICAL |
| Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | |||||
| CVE-2019-19518 | 1 Broadcom | 1 Ca Automic Sysload | 2020-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands. | |||||
| CVE-2013-3088 | 1 Belkin | 2 N900, N900 Firmware | 2020-01-16 | 9.3 HIGH | 9.8 CRITICAL |
| Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". | |||||
| CVE-2012-3824 | 1 Arialsoftware | 1 Campaign Enterprise | 2020-01-15 | 5.0 MEDIUM | 7.5 HIGH |
| In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. | |||||
| CVE-2020-1786 | 1 Huawei | 2 Mate 20 Pro, Mate 20 Pro Firmware | 2020-01-15 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function. | |||||
| CVE-2013-4982 | 1 Avtech | 2 Avn801 Dvr, Avn801 Dvr Firmware | 2020-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| AVTECH AVN801 DVR has a security bypass via the administration login captcha | |||||