Vulnerabilities (CVE)

CWE filter

CWE-287

Filter

1512 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-11430 1 Omnitauth-saml Project 1 Omnitauth-saml 2019-04-18 7.5
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,...
CVE-2017-11429 1 Clever 1 Saml2-js 2019-04-18 7.5
Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing...
CVE-2019-9497 1 W1.fi 2 Hostapd, Wpa Supplicant 2019-04-18 6.8
The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the...
CVE-2018-7340 1 Cisco 1 Duo Network Gateway 2019-04-18 5.0
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,...
CVE-2017-11428 1 Onelogin 1 Ruby-saml 2019-04-18 7.5
OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,...
CVE-2017-11427 1 Onelogin 1 Pythonsaml 2019-04-18 7.5
OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,...
CVE-2019-9496 1 W1.fi 2 Hostapd, Wpa Supplicant 2019-04-18 5.0
An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An...
CVE-2019-1573 1 Paloaltonetworks 1 Globalprotect 2019-04-17 7.5
GlobalProtect Agent 4.1.0 for Windows and GlobalProtect Agent 4.1.10 and earlier for macOS may allow an attacker to access authentication and/or session tokens and replay them to spoof the VPN session and gain access as the user.
CVE-2019-3878 3 Canonical, Fedoraproject, Redhat 9 Ubuntu Linux, Fedora, Enterprise Linux and 6 more 2019-04-17 6.8
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers...
CVE-2019-3798 1 Cloudfoundry 1 Capi-release 2019-04-17 6.0
Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a...
CVE-2018-1312 5 Apache, Debian, Canonical and 2 more 8 Http Server, Debian Linux, Ubuntu Linux and 5 more 2019-04-17 6.8
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication...
CVE-2019-4061 1 Ibm 1 Bigfix Platform 2019-04-16 5.0
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.
CVE-2018-12613 1 Phpmyadmin 1 Phpmyadmin 2019-04-15 6.5
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin,...
CVE-2013-2067 1 Apache 1 Tomcat 2019-04-15 6.8
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and...
CVE-2019-4210 1 Ibm 1 Qradar Security Information And Event Manager 2019-04-15 5.5
IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986.
CVE-2019-1003049 1 Jenkins 1 Jenkins 2019-04-15 6.8
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in...
CVE-2018-16886 1 Redhat 1 Enterprise Linux Server 2019-04-15 6.8
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common...
CVE-2019-7644 2019-04-12 7.5
Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that...
CVE-2019-11196 1 Vpcsbd 1 Integrated University Management System 2019-04-12 10.0
An authentication bypass vulnerability in all versions of ValuePLUS Integrated University Management System (IUMS) allows unauthenticated, remote attackers to gain administrator privileges via the Teachers Web Panel (TWP) User ID or Password...
CVE-2019-3915 1 Verizon 1 Fios Quantum Gateway G1100 Firmware 2019-04-12 5.4
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to...