Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4198 | 1 Bssys | 1 Rbs Bs-client. Retail Client | 2020-02-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user access privileged function. | |||||
| CVE-2013-5582 | 1 Ammyy | 1 Ammyy Admin | 2020-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file. | |||||
| CVE-2018-8715 | 1 Embedthis | 1 Appweb | 2020-02-17 | 6.8 MEDIUM | 8.1 HIGH |
| The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. | |||||
| CVE-2012-6603 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | N/A |
| The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034. | |||||
| CVE-2013-1359 | 1 Sonicwall | 4 Analyzer, Global Management System, Universal Management Appliance and 1 more | 2020-02-14 | 10.0 HIGH | 9.8 CRITICAL |
| An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. | |||||
| CVE-2019-15615 | 1 Nextcloud | 1 Nextcloud | 2020-02-13 | 3.6 LOW | 6.1 MEDIUM |
| A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. | |||||
| CVE-2014-8347 | 1 Claris | 2 Filemaker Pro, Filemaker Pro Advanced | 2020-02-13 | 4.6 MEDIUM | 7.8 HIGH |
| An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. | |||||
| CVE-2013-1360 | 1 Sonicwall | 4 Analyzer, Global Management System, Universal Management Appliance and 1 more | 2020-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. | |||||
| CVE-2014-9753 | 1 Atutor | 1 Atutor | 2020-02-12 | 7.5 HIGH | 9.8 CRITICAL |
| confirm.php in ATutor 2.2 and earlier allows remote attackers to bypass authentication and gain access as an existing user via the auto_login parameter. | |||||
| CVE-2017-18641 | 1 Linuxcontainers | 1 Lxc | 2020-02-12 | 9.3 HIGH | 8.1 HIGH |
| In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers. | |||||
| CVE-2012-6340 | 1 Netgear | 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more | 2020-02-11 | 2.1 LOW | 4.6 MEDIUM |
| An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. | |||||
| CVE-2020-8771 | 1 Wptimecapsule | 1 Wp Time Capsule | 2020-02-11 | 7.5 HIGH | 9.8 CRITICAL |
| The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. | |||||
| CVE-2013-3367 | 1 Trendnet | 4 Tew-691gr, Tew-691gr Firmware, Tew-692gr and 1 more | 2020-02-10 | 10.0 HIGH | 9.8 CRITICAL |
| Undocumented TELNET service in TRENDnet TEW-691GR and TEW-692GR when a web page named backdoor contains an HTML parameter of password and a value of j78G¬DFdg_24Mhw3. | |||||
| CVE-2013-3091 | 1 Belkin | 2 N300, N300 Firmware | 2020-02-10 | 10.0 HIGH | 9.8 CRITICAL |
| An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging." | |||||
| CVE-2013-3096 | 1 Dlink | 2 Dir865l, Dir865l Firmware | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability. | |||||
| CVE-2013-5112 | 1 Evernote | 1 Evernote | 2020-02-10 | 2.1 LOW | 4.6 MEDIUM |
| Evernote before 5.5.1 has insecure PIN storage | |||||
| CVE-2013-6920 | 1 Siemens | 14 Sinamics G110, Sinamics G110d, Sinamics G120 and 11 more | 2020-02-10 | 10.0 HIGH | N/A |
| Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not require authentication for FTP and TELNET sessions, which allows remote attackers to bypass intended access restrictions via TCP traffic to port (1) 21 or (2) 23. | |||||
| CVE-2013-5944 | 1 Siemens | 3 Scalance X-200, Scalance X-200 Series Firmware, Scalance X-200irt | 2020-02-10 | 10.0 HIGH | N/A |
| The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface. | |||||
| CVE-2015-0102 | 1 Ibm | 1 Workflow | 2020-02-07 | 5.8 MEDIUM | 8.1 HIGH |
| IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2013-2681 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2020-02-07 | 4.3 MEDIUM | 9.8 CRITICAL |
| Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass Vulnerability which could allow remote attackers to gain unauthorized access. | |||||