Vulnerabilities (CVE)

CWE filter

CWE-287

Filter

1558 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-11334 1 Tzumi 2 Klic Lock, Klic Smart Padlock Model 5686 Firmware 2019-06-14 4.3
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay....
CVE-2019-12749 1 Canonical 1 Ubuntu Linux 2019-06-14 3.6
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the...
CVE-2019-10150 1 Redhat 1 Openshift Container Platform 2019-06-14 4.3
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the...
CVE-2019-10157 1 Redhat 1 Keycloak 2019-06-13 2.1
It was found that Keycloak's Node.js adapter before version 4.8.3 did not properly verify the web token received from the server in its backchannel logout . An attacker with local access could use this to construct a malicious web token setting...
CVE-2015-0653 1 Cisco 3 Telepresence Video Communication Server Software, Expressway Software, Telepresence Conductor 2019-06-11 10.0
The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote...
CVE-2018-19999 1 Solarwinds 1 Serv-u Ftp Server 2019-06-10 7.2
The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to...
CVE-2019-6451 1 Soyal 2 Ar-727h Firmware, Ar-829ev5 Firmware 2019-06-10 5.0
On SOYAL AR-727H and AR-829Ev5 devices, all CGI programs allow unauthenticated POST access.
CVE-2019-12300 1 Buildbot 1 Buildbot 2019-06-07 5.0
Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.
CVE-2019-5367 1 Hp 1 Intelligent Management Center 2019-06-06 10.0
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-11941 1 Hp 1 Intelligent Management Center 2019-06-06 9.0
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2018-7123 1 Hp 1 Intelligent Management Center 2019-06-06 7.8
A remote denial of service vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2018-7121 1 Hp 1 Intelligent Management Center 2019-06-06 10.0
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09.
CVE-2019-9158 2019-06-06 2.7
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
CVE-2019-12742 1 Bludit 1 Bludit 2019-06-06 6.5
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account, including admin. This occurs because of bl-kernel/admin/controllers/user-password.php Insecure Direct Object Reference (a modified username POST parameter).
CVE-2018-18571 1 Citrix 1 Xenmobile Server 2019-06-05 6.4
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management...
CVE-2019-5298 2019-06-05 4.6
There is an improper authentication vulnerability in some Huawei AP products before version V200R009C00SPC800. Due to the improper implementation of authentication for the serial port, an attacker could exploit this vulnerability by connecting to...
CVE-2019-11367 2019-06-05 7.5
An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW-Authenticate attribute. By using this account and password, anyone can login successfully.
CVE-2018-16886 2 Redhat, Fedoraproject 4 Enterprise Linux Server, Fedora, Enterprise Linux Desktop and 1 more 2019-06-04 6.8
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common...
CVE-2018-11271 1 Qualcomm 43 Mdm9206 Firmware, Mdm9607 Firmware, Mdm9650 Firmware and 40 more 2019-05-29 7.5
Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...
CVE-2019-12289 1 Vstracam 2 C38s Firmware, C7824wip Firmware 2019-05-29 10.0
An issue was discovered in upgrade_firmware.cgi on VStarcam 100T (C7824WIP) CH-sys-48.53.75.119~123 and 200V (C38S) CH-sys-48.53.203.119~123 devices. A remote command can be executed through a system firmware update without authentication. The...