Total
3455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000875 | 1 Berkeley | 1 Berkeley Open Infrastructure For Network Computing | 2019-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Berkeley Open Infrastructure for Network Computing BOINC Server and Website Code version 0.9-1.0.2 contains a CWE-302: Authentication Bypass by Assumed-Immutable Data vulnerability in Website Terms of Service Acceptance Page that can result in Access to any user account. This attack appear to be exploitable via Specially crafted URL. This vulnerability appears to have been fixed in 1.0.3. | |||||
| CVE-2012-6710 | 1 Extplorer | 1 Extplorer | 2019-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| ext_find_user in eXtplorer through 2.1.2 allows remote attackers to bypass authentication via a password[]= (aka an empty array) in an action=login request to index.php. | |||||
| CVE-2013-7465 | 1 Icecoldapps | 1 Servers Ultimate | 2019-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts. | |||||
| CVE-2018-9080 | 1 Lenovo | 40 Ez Media \& Backup Center, Ez Media \& Backup Center Firmware, Ix2 and 37 more | 2019-01-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise the user's session. | |||||
| CVE-2018-7108 | 1 Hpe | 1 Storageworks Xp7 Automation Director | 2019-01-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| HPE StorageWorks XP7 Automation Director (AutoDir) version 8.5.2-02 to earlier than 8.6.1-00 has a local and remote authentication bypass vulnerability that exposed the user authentication information of the storage system. This problem sometimes occurred under specific conditions when running a service template. | |||||
| CVE-2018-3696 | 1 Intel | 1 Raid Web Console 3 | 2018-12-31 | 2.1 LOW | 5.5 MEDIUM |
| Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. | |||||
| CVE-2018-16160 | 2 Ftsafe, Microsoft | 3 Securecore, Windows 8, Windows 8.1 | 2018-12-20 | 4.6 MEDIUM | 7.8 HIGH |
| SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC. | |||||
| CVE-2015-3206 | 1 Apple | 1 Pykerberos | 2018-12-20 | 6.8 MEDIUM | 8.1 HIGH |
| The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. | |||||
| CVE-2018-7958 | 1 Huawei | 2 Espace 7950, Espace 7950 Firmware | 2018-12-20 | 5.8 MEDIUM | 7.4 HIGH |
| There is an anonymous TLS cipher suites supported vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to hijack the connection from a client when the user signs up to log in by TLS. Due to insufficient authentication, which may be exploited to intercept and tamper with the data information. | |||||
| CVE-2018-12169 | 2 Intel, Lenovo | 32 Core I3, Core I5, Core I7 and 29 more | 2018-12-20 | 4.6 MEDIUM | 7.6 HIGH |
| Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication. | |||||
| CVE-2018-19458 | 1 Php-proxy | 1 Php-proxy | 2018-12-18 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. | |||||
| CVE-2018-7910 | 1 Huawei | 10 Alp-al00b, Alp-al00b Firmware, Alp-tl00b and 7 more | 2018-12-12 | 4.6 MEDIUM | 6.8 MEDIUM |
| Some Huawei smartphones ALP-AL00B 8.0.0.118D(C00), ALP-TL00B 8.0.0.118D(C01), BLA-AL00B 8.0.0.118D(C00), BLA-L09C 8.0.0.127(C432), 8.0.0.128(C432), 8.0.0.137(C432), BLA-L29C 8.0.0.129(C432), 8.0.0.137(C432) have an authentication bypass vulnerability. When the attacker obtains the user's smartphone, the vulnerability can be used to replace the start-up program so that the attacker can obtain the information in the smartphone and achieve the purpose of controlling the smartphone. | |||||
| CVE-2014-0643 | 1 Emc | 2 Rsa Netwitness, Rsa Security Analytics | 2018-12-12 | 7.6 HIGH | N/A |
| EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name. | |||||
| CVE-2018-19076 | 2 Foscam, Opticam | 6 C2, C2 Application Firmware, C2 System Firmware and 3 more | 2018-12-11 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application Firmware 2.72.1.32, and Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The FTP and RTSP services make it easier for attackers to conduct brute-force authentication attacks, because failed-authentication limits apply only to HTTP (not FTP or RTSP). | |||||
| CVE-2017-15297 | 1 Sap | 1 Host Agent | 2018-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993. | |||||
| CVE-2013-7093 | 1 Sap | 1 Network Interface Router | 2018-12-10 | 5.0 MEDIUM | N/A |
| SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. | |||||
| CVE-2018-12242 | 1 Symantec | 1 Messaging Gateway | 2018-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. | |||||
| CVE-2018-7989 | 1 Huawei | 2 Mate 10 Pro, Mate 10 Pro Firmware | 2018-12-06 | 2.1 LOW | 4.6 MEDIUM |
| Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock password after a series of operations. Successful exploit could allow the attacker to use the application which is locked. | |||||
| CVE-2016-10732 | 1 Projectsend | 1 Projectsend | 2018-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php. | |||||
| CVE-2018-18891 | 1 1234n | 1 Minicms | 2018-12-03 | 6.4 MEDIUM | 7.5 HIGH |
| MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late. | |||||