Vulnerabilities (CVE)

CWE filter

CWE-287

Filter

1770 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1320 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 4.6
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340.
CVE-2019-15018 1 Zingbox 1 Inspector 2019-10-11 5.0
A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant.
CVE-2019-1322 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 4.6
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1320, CVE-2019-1340.
CVE-2019-0193 1 Apache 1 Solr 2019-10-10 9.0
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH...
CVE-2019-17216 2019-10-10 7.5
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort.
CVE-2019-17219 2019-10-10 5.8
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. By default, the device does not enforce any authentication. An adjacent attacker is able to use the network interface without proper access control.
CVE-2019-17215 2019-10-10 5.0
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. There is no bruteforce protection (e.g., lockout) established. An attacker might be able to bruteforce the password to authenticate on the device.
CVE-2019-8990 1 Tibco 1 Activematrix Businessworks 2019-10-09 6.8
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is...
CVE-2019-7230 2019-10-09 5.8
The ABB IDAL FTP server mishandles format strings in a username during the authentication process. Attempting to authenticate with the username %s%p%x%d will crash the server. Sending %08x.AAAA.%08x.%08x will log memory content from the stack.
CVE-2019-7226 2019-10-09 5.8
The ABB IDAL HTTP server CGI interface contains a URL that allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. Specifically, /cgi/loginDefaultUser creates a session in an authenticated state and...
CVE-2019-6832 2019-10-09 6.8
A CWE-287: Authentication vulnerability exists in spaceLYnk (all versions before 2.4.0) and Wiser for KNX (all versions before 2.4.0 - formerly known as homeLYnk), which could cause loss of control when an attacker bypasses the authentication.
CVE-2019-6551 1 Pangea-comm 1 Fax Ata 2019-10-09 7.8
Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition.
CVE-2019-6527 2019-10-09 7.5
PR100088 Modbus gateway versions prior to Release R02 (or Software Version 1.1.13166) may allow an attacker to be able to change the password for an admin user who is currently or previously logged in, provided the device has not been restarted.
CVE-2019-6524 1 Moxa 4 Eds-405a Firmware, Eds-408a Firmware, Eds-510a Firmware and 1 more 2019-10-09 5.0
Moxa IKS and EDS do not implement sufficient measures to prevent multiple failed authentication attempts, which may allow an attacker to discover passwords via brute force attack.
CVE-2019-5473 1 Gitlab 1 Gitlab 2019-10-09 6.5
An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4.
CVE-2019-5455 1 Nextcloud 1 Nextcloud 2019-10-09 4.6
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.
CVE-2019-4422 1 Ibm 1 Security Guardium 2019-10-09 6.5
IBM Security Guardium 9.0, 9.5, and 10.6 are vulnerable to a privilege escalation which could allow an authenticated user to change the accessmgr password. IBM X-Force ID: 162768.
CVE-2019-4210 1 Ibm 1 Qradar Security Information And Event Manager 2019-10-09 5.5
IBM QRadar SIEM 7.3.2 could allow a user to bypass authentication exposing certain functionality which could lead to information disclosure or modification of application configuration. IBM X-Force ID: 158986.
CVE-2019-4061 1 Ibm 1 Bigfix Platform 2019-10-09 5.0
IBM BigFix Platform 9.2 and 9.5 could allow an attacker to query the relay remotely and gather information about the updates and fixlets deployed to the associated sites due to not enabling authenticated access. IBM X-Force ID: 156869.
CVE-2019-3935 1 Crestron 2 Am-100 Firmware, Am-101 Firmware 2019-10-09 6.4
Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated attacker can use this vulnerability to start,...