CWE:
 

Topic
Date
Author
Med.
HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover
06.06.2021
Nick Decker


CVEMAP Search Results

CVE
Details
Description
2022-08-04
Waiting for details
CVE-2022-2651

Updating...
 

 
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.

 
2022-01-25
Medium
CVE-2021-3850

Vendor: Adodb project
Software: Adodb
 

 
Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.

 
2021-03-26
Medium
CVE-2021-21403

Vendor: Kongchuanhujiao project
Software: Kongchuanhujiao
 

 
In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21.

 
2021-02-23
Medium
CVE-2020-14359

Vendor: Redhat
Software: Keycloak
 

 
A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.

 
2020-07-28
High
CVE-2020-10923

Updating...
 

 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top