Total
3455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3775 | 1 Nextcloud | 1 Nextcloud Server | 2023-02-27 | 4.0 MEDIUM | 8.8 HIGH |
| Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | |||||
| CVE-2023-23460 | 1 Priority-software | 1 Priority | 2023-02-24 | N/A | 9.8 CRITICAL |
| Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass. | |||||
| CVE-2022-47508 | 1 Solarwinds | 1 Server And Application Monitor | 2023-02-24 | N/A | 7.5 HIGH |
| Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos. | |||||
| CVE-2019-5473 | 1 Gitlab | 1 Gitlab | 2023-02-23 | 6.5 MEDIUM | 7.2 HIGH |
| An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. | |||||
| CVE-2019-9564 | 1 Wyze | 6 Cam Pan V2, Cam Pan V2 Firmware, Cam V2 and 3 more | 2023-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | |||||
| CVE-2023-21437 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. | |||||
| CVE-2023-21425 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. | |||||
| CVE-2022-48294 | 1 Huawei | 2 Emui, Harmonyos | 2023-02-17 | N/A | 7.5 HIGH |
| The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2021-39296 | 1 Openbmc-project | 1 Openbmc | 2023-02-14 | 10.0 HIGH | 10.0 CRITICAL |
| In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system. | |||||
| CVE-2022-2503 | 1 Linux | 1 Linux Kernel | 2023-02-14 | N/A | 6.7 MEDIUM |
| Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 | |||||
| CVE-2013-6439 | 1 Redhat | 1 Subscription Asset Manager | 2023-02-13 | 9.3 HIGH | N/A |
| Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors. | |||||
| CVE-2013-0239 | 1 Apache | 1 Cxf | 2023-02-13 | 5.0 MEDIUM | N/A |
| Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. | |||||
| CVE-2012-4456 | 1 Openstack | 1 Keystone | 2023-02-13 | 7.5 HIGH | N/A |
| The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services. | |||||
| CVE-2012-3520 | 1 Linux | 1 Linux Kernel | 2023-02-13 | 1.9 LOW | N/A |
| The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) Avahi or (2) NetworkManager. | |||||
| CVE-2012-3416 | 1 Condor Project | 1 Condor | 2023-02-13 | 10.0 HIGH | N/A |
| Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname. | |||||
| CVE-2012-3356 | 1 Viewvc | 1 Viewvc | 2023-02-13 | 5.0 MEDIUM | N/A |
| The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2011-4091 | 3 Armin Burgmeier, Opensuse, Oracle | 3 Net6, Opensuse, Solaris | 2023-02-13 | 5.0 MEDIUM | N/A |
| The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. | |||||
| CVE-2011-1758 | 1 Fedoraproject | 1 Sssd | 2023-02-13 | 3.7 LOW | N/A |
| The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. | |||||
| CVE-2010-4252 | 1 Openssl | 1 Openssl | 2023-02-13 | 7.5 HIGH | N/A |
| OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol. | |||||
| CVE-2010-3852 | 1 Redhat | 2 Conga, Luci | 2023-02-13 | 6.4 MEDIUM | N/A |
| The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie. | |||||