CWE:
 

Tytuł
Data
Autor
Med.
Barco wePresent Authentication Bypass
21.11.2020
Jim Becher
Med.
ABUS Secvest Hybrid Module FUMO50110 Authentication Bypass
01.08.2020
Matthias Deeg
High
Seagate GoFlex Satellite Remote Telnet Default Password
19.12.2015
Matt Bergin
High
Linksys EA6100 Wireless Router Authentication Bypass
05.12.2015
Matt Bergin
Med.
Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
13.10.2015
Matthias Deeg
High
BullGuard Internet Security 15.0.297 Authentication Bypass
08.05.2015
Matthias Deeg
High
BullGuard Antivirus 15.0.297 Authentication Bypass
07.05.2015
Matthias Deeg
High
BullGuard Premium Protection 15.0.297 Authentication Bypass
07.05.2015
Matthias Deeg
High
InFocus IN3128HD Projector Missing Authentication
28.04.2015
CORE
High
Panda Internet Security 2015 15.0.1 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Gold Protection 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Global Protection 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
High
Panda Antivirus Pro 2015 15.1.0 Authentication Bypass
15.04.2015
Matthias Deeg
Med.
Linksys Access Bypass
17.08.2013
K Lovett & M Claunch


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-04-14
Waiting for details
CVE-2022-22189

Updating...
 

 
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0.

 
2022-02-18
Waiting for details
CVE-2022-24047

Updating...
 

 
This vulnerability allows remote attackers to bypass authentication on affected installations of BMC Track-It! 20.21.01.102. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-14618.

 
2021-12-27
Waiting for details
CVE-2021-33017

Updating...
 

 
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.

 
2021-12-23
Medium
CVE-2021-43985

Vendor: Myscada
Software: Mypro
 

 
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any form of authentication or authorization.

 
2021-12-21
Waiting for details
CVE-2021-27453

Updating...
 

 
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication to the web application, which may allow an attacker to gain access.

 
2021-12-15
Medium
CVE-2021-43935

Vendor: Baxter
Software: Welch allyn ...
 

 
The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.

 
2021-11-20
High
CVE-2021-36308

Vendor: DELL
Software: Networking os10
 

 
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system.

 
2021-09-30
Medium
CVE-2021-41292

Vendor: ECOA
Software: Riskterminator
 

 
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate HVAC.

 
2020-10-13
Low
CVE-2020-17409

Updating...
 

 
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6120, R6080, R6260, R6220, R6020, JNR3210, and WNR2020 routers with firmware 1.0.66. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-10754.

 
2020-07-23
Medium
CVE-2020-15633

Updating...
 

 
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top