Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6814 | 1 Schneider-electric | 14 Net5500, Net5500 Firmware, Net5501 and 11 more | 2022-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI. | |||||
| CVE-2019-6832 | 1 Schneider-electric | 4 Lss100100, Lss100200, Spacelynk Firmware and 1 more | 2022-09-02 | 6.8 MEDIUM | 8.3 HIGH |
| A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication. | |||||
| CVE-2021-21955 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Generic network sniffing can lead to password recovery. An attacker can sniff network traffic to trigger this vulnerability. | |||||
| CVE-2021-45389 | 1 Starwind | 2 Command Center, San\&nas | 2022-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864. | |||||
| CVE-2022-24551 | 1 Starwindsoftware | 2 Nas, San | 2022-08-31 | 9.0 HIGH | 8.8 HIGH |
| A flaw was found in StarWind Stack. The endpoint for setting a new password doesn’t check the current username and old password. An attacker could reset any local user password (including system/administrator user) using any available user This affects StarWind SAN and NAS v0.2 build 1633. | |||||
| CVE-2021-21902 | 1 Garrett | 1 Ic Module Cma | 2022-08-31 | 9.3 HIGH | 8.1 HIGH |
| An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-2031 | 1 Samba | 1 Samba | 2022-08-31 | N/A | 8.8 HIGH |
| A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. | |||||
| CVE-2021-23196 | 1 Fresenius-kabi | 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more | 2022-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently. | |||||
| CVE-2021-23857 | 1 Bosch | 24 Rexroth Indramotion Mlc L20, Rexroth Indramotion Mlc L20 Firmware, Rexroth Indramotion Mlc L25 and 21 more | 2022-08-30 | 10.0 HIGH | 9.8 CRITICAL |
| Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system. | |||||
| CVE-2022-31461 | 1 Owllabs | 2 Meeting Owl Pro, Meeting Owl Pro Firmware | 2022-08-29 | 3.3 LOW | 6.5 MEDIUM |
| Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. | |||||
| CVE-2022-32282 | 1 Wwbn | 1 Avideo | 2022-08-26 | N/A | 8.8 HIGH |
| An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges. | |||||
| CVE-2022-35726 | 1 Yotuwp | 1 Video Gallery | 2022-08-25 | N/A | 9.8 CRITICAL |
| Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. | |||||
| CVE-2022-34919 | 1 Zengenti | 1 Contensis | 2022-08-25 | N/A | 9.8 CRITICAL |
| The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands. | |||||
| CVE-2022-34149 | 1 Miniorange | 1 Wp Oauth Server | 2022-08-23 | N/A | 9.8 CRITICAL |
| Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | |||||
| CVE-2022-2336 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2022-08-22 | N/A | 9.8 CRITICAL |
| Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required. | |||||
| CVE-2022-22730 | 1 Intel | 1 Edge Insights For Industrial | 2022-08-19 | N/A | 9.8 CRITICAL |
| Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-35147 | 1 Html-js | 1 Doracms | 2022-08-18 | N/A | 9.8 CRITICAL |
| DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. | |||||
| CVE-2022-35122 | 1 Ecowitt | 2 Gw1100, Gw1100 Firmware | 2022-08-18 | N/A | 9.1 CRITICAL |
| An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords. | |||||
| CVE-2022-2662 | 1 Sequi | 2 Portbloque S, Portbloque S Firmware | 2022-08-18 | N/A | 9.8 CRITICAL |
| Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device. | |||||
| CVE-2022-36526 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2022-08-18 | N/A | 7.5 HIGH |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. | |||||