Vulnerabilities (CVE)

CWE filter

CWE-287

Filter

1478 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3825 1 Gnome 1 Gnome Display Manager 2019-02-21 6.9
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain...
CVE-2017-9803 1 Apache 1 Solr 2019-02-20 6.0
Apache Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using...
CVE-2018-17926 1 Abb 2 Eth-fw Firmware, Fw Firmware 2019-02-20 3.3
The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism.
CVE-2016-0916 1 Emc 1 Networker 2019-02-20 10.0
EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance.
CVE-2018-1312 2 Apache, Debian 2 Http Server, Debian Linux 2019-02-19 6.8
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication...
CVE-2018-10561 1 Dasannetworks 1 Gpon Router Firmware 2019-02-19 7.5
An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device that requires authentication, as demonstrated by the /menu.html?images/ or...
CVE-2019-0015 1 Juniper 1 Junos 2019-02-15 5.5
A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immediately disallowed from establishing new VPN...
CVE-2018-17957 2019-02-15 2.1
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
CVE-2018-19505 1 Bmc 1 Remedy Action Request System Server 2019-02-15 4.0
Remedy AR System Server in BMC Remedy 7.1 may fail to set the correct user context in certain impersonation scenarios, which can allow a user to act with the identity of a different user, because userdata.js in the WOI:WorkOrderConsole component...
CVE-2018-5403 1 Imperva 1 Securesphere 2019-02-14 6.8
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the...
CVE-2018-16886 1 Redhat 1 Enterprise Linux Server 2019-02-14 6.8
etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common...
CVE-2019-7675 1 Mobotix 1 S14 Firmware 2019-02-13 5.0
An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. The default management application is delivered over cleartext HTTP with Basic Authentication, as demonstrated by the /admin/index.html URI.
CVE-2018-19645 2019-02-13 7.5
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
CVE-2019-7736 1 Dlink 1 Dir-600m Firmware 2019-02-12 7.5
D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm page.
CVE-2018-0670 1 Mnc 1 Inplc-rt 2019-02-11 7.5
INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0669.
CVE-2018-0669 1 Mnc 1 Inplc-rt 2019-02-11 7.5
INplc-RT 3.08 and earlier allows remote attackers to bypass authentication to execute an arbitrary command through the protocol-compliant traffic. This is a different vulnerability than CVE-2018-0670.
CVE-2018-0676 1 Panasonic 1 Bn-sdwbp3 Firmware 2019-02-11 5.8
BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors.
CVE-2018-18814 1 Tibco 2 Spotfire Analytics Platform For Aws, Spotfire Server 2019-02-07 7.5
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an...
CVE-2018-17777 1 Dlink 1 Dva-5592 Firmware 2019-02-07 7.5
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by...
CVE-2017-3167 1 Apache 2 Httpd, Http Server 2019-02-07 7.5
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.