Total
2926 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15585 | 1 Gitlab | 1 Gitlab | 2020-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account. | |||||
| CVE-2012-2714 | 1 Browserid Project | 1 Browserid | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier. | |||||
| CVE-2020-1788 | 1 Huawei | 2 Honor V30, Honor V30 Firmware | 2020-01-24 | 4.3 MEDIUM | 5.5 MEDIUM |
| Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure. | |||||
| CVE-2012-1258 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2020-01-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters. | |||||
| CVE-2014-2651 | 1 Atos | 28 Openscape Desk Phone Ip 35g, Openscape Desk Phone Ip 35g Eco, Openscape Desk Phone Ip 35g Eco Firmware and 25 more | 2020-01-21 | 10.0 HIGH | 9.8 CRITICAL |
| Unify OpenStage/OpenScape Desk Phone IP SIP before V3 R3.11.0 has an authentication bypass in the default mode of the Workpoint Interface | |||||
| CVE-2019-19518 | 1 Broadcom | 1 Ca Automic Sysload | 2020-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability, related to a lack of authentication on the File Server port, that potentially allows remote attackers to execute arbitrary commands. | |||||
| CVE-2013-3088 | 1 Belkin | 2 N900, N900 Firmware | 2020-01-16 | 9.3 HIGH | 9.8 CRITICAL |
| Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". | |||||
| CVE-2012-3824 | 1 Arialsoftware | 1 Campaign Enterprise | 2020-01-15 | 5.0 MEDIUM | 7.5 HIGH |
| In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. | |||||
| CVE-2020-1786 | 1 Huawei | 2 Mate 20 Pro, Mate 20 Pro Firmware | 2020-01-15 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function. | |||||
| CVE-2013-4982 | 1 Avtech | 2 Avn801 Dvr, Avn801 Dvr Firmware | 2020-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| AVTECH AVN801 DVR has a security bypass via the administration login captcha | |||||
| CVE-2018-19831 | 1 Cryptbond Network Project | 1 Cryptbond Network | 2020-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| The ToOwner() function of a smart contract implementation for Cryptbond Network (CBN), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | |||||
| CVE-2018-19833 | 1 Ddq Project | 1 Ddq | 2020-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| The owned function of a smart contract implementation for DDQ, an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | |||||
| CVE-2018-19834 | 1 Bombba Project | 1 Bombba | 2020-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| The quaker function of a smart contract implementation for BOMBBA (BOMB), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | |||||
| CVE-2018-19832 | 1 Newinteltechmedia Project | 1 Newinteltechmedia | 2020-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| The NETM() function of a smart contract implementation for NewIntelTechMedia (NETM), an tradable Ethereum ERC20 token, allows attackers to change the owner of the contract, because the function does not check the caller's identity. | |||||
| CVE-2013-4976 | 1 Hikvision | 2 Ds-2cd7153-e, Ds-2cd7153-e Firmware | 2020-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| Hikvision DS-2CD7153-E IP Camera has security bypass via hardcoded credentials | |||||
| CVE-2013-5122 | 1 Cisco | 8 Linksys E4200, Linksys E4200 Firmware, Linksys Ea2700 and 5 more | 2020-01-09 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access | |||||
| CVE-2013-3085 | 1 Belkin | 2 F5d8236-4, F5d8236-4 Firmware | 2020-01-09 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2. | |||||
| CVE-2019-16327 | 1 Dlink | 2 Dir-601, Dir-601 Firmware | 2020-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DIR-601 B1 2.00NA devices are vulnerable to authentication bypass. They do not check for authentication at the server side and rely on client-side validation, which is bypassable. NOTE: this is an end-of-life product. | |||||
| CVE-2018-20489 | 1 Gitlab | 1 Gitlab | 2020-01-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It has Incorrect Access Control. | |||||
| CVE-2013-4621 | 1 Magdevgroup | 1 Magnolia Cms | 2020-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities | |||||