Vulnerabilities (CVE)

CWE filter

CWE-287

Filter

1778 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17382 1 Zabbix 1 Zabbix 2019-10-16 6.4
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any...
CVE-2019-17505 1 Dlink 1 Dap-1320 A2 Firmware 2019-10-16 5.0
D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or...
CVE-2019-13921 1 Siemens 1 Simatic Winac Rtx %28f%29 2010 2019-10-15 5.0
A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability...
CVE-2019-1314 1 Microsoft 1 Windows 10 Mobile 2019-10-15 4.6
A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vulnerability'.
CVE-2019-1166 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 4.3
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.
CVE-2019-17354 1 Zyxel 1 Nbg-418n V2 Firmware 2019-10-15 7.5
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.
CVE-2019-17353 1 Dlink 1 Dir-615 Firmware 2019-10-15 6.4
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to...
CVE-2019-17134 1 Canonical 1 Ubuntu Linux 2019-10-15 6.4
Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via...
CVE-2019-1320 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 4.6
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340.
CVE-2019-15018 1 Zingbox 1 Inspector 2019-10-11 5.0
A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.
CVE-2019-1322 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 4.6
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.
CVE-2019-0193 1 Apache 1 Solr 2019-10-10 9.0
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH...
CVE-2019-17216 2019-10-10 7.5
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
CVE-2019-17219 2019-10-10 5.8
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.
CVE-2019-17215 2019-10-10 5.0
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.
CVE-2019-8990 1 Tibco 1 Activematrix Businessworks 2019-10-09 6.8
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is...
CVE-2019-7230 2019-10-09 5.8
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
CVE-2019-7226 2019-10-09 5.8
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and...
CVE-2019-6832 2019-10-09 6.8
A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.
CVE-2019-6551 1 Pangea-comm 1 Fax Ata 2019-10-09 7.8
Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition.