Vulnerabilities (CVE)

CWE filter

CWE-287

Filter

1621 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-14432 1 Loom 1 Loom 2019-08-19 6.8
Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is...
CVE-2019-13565 2 Openldap, Canonical 2 Openldap, Ubuntu Linux 2019-08-19 5.0
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a...
CVE-2019-13057 2 Openldap, Canonical 2 Openldap, Ubuntu Linux 2019-08-19 3.5
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not...
CVE-2019-5223 1 Huawei 1 Pcmanager 2019-08-16 6.8
PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution.
CVE-2019-5396 2019-08-16 9.7
A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
CVE-2019-13101 1 Dlink 1 Dir-600m Firmware 2019-08-15 7.5
An issue was discovered on D-Link DIR-600M 3.02, 3.03, 3.04, and 3.06 devices. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify...
CVE-2019-1946 2019-08-15 6.4
A vulnerability in the web-based management interface of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to bypass authentication and get limited access to the web-based management interface....
CVE-2019-14537 1 Yourls 1 Yourls 2019-08-14 7.5
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass.
CVE-2019-14335 1 Dlink 2 6600-ap Firmware, Dwl-3600ap Firmware 2019-08-14 4.9
An issue was discovered on D-Link 6600-AP and DWL-3600AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated denial of service leading to the reboot of the AP via the admin.cgi?action=%s URI.
CVE-2019-3948 1 Amcrest 1 Ip2m-841b Firmware 2019-08-14 5.0
The Amcrest IP2M-841B V2.520.AC00.18.R, Dahua IPC-XXBXX V2.622.0000000.9.R, Dahua IPC HX5X3X and HX4X3X V2.800.0000008.0.R, Dahua DH-IPC HX883X and DH-IPC-HX863X V2.622.0000000.7.R, Dahua DH-SD4XXXXX V2.623.0000000.7.R, Dahua DH-SD5XXXXX...
CVE-2016-10836 1 Cpanel 1 Cpanel 2019-08-13 4.0
cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108).
CVE-2016-10832 1 Cpanel 1 Cpanel 2019-08-12 4.0
cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102).
CVE-2016-10833 1 Cpanel 1 Cpanel 2019-08-12 5.0
cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).
CVE-2016-10835 1 Cpanel 1 Cpanel 2019-08-12 4.0
cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107).
CVE-2018-20937 1 Cpanel 1 Cpanel 2019-08-12 4.0
cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321).
CVE-2016-10831 1 Cpanel 1 Cpanel 2019-08-12 6.5
cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101).
CVE-2019-7163 1 Tcl 1 Alcatel Linkzone Firmware 2019-08-12 7.5
The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password.
CVE-2019-13379 2019-08-09 9.0
On AVTECH Room Alert 3E devices before 2.2.5, an attacker with access to the device's web interface may escalate privileges from an unauthenticated user to administrator by performing a cmd.cgi?action=ResetDefaults&src=RA reset and using the...
CVE-2018-20924 1 Cpanel 1 Cpanel 2019-08-08 7.5
cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378).
CVE-2013-2157 1 Openstack 1 Keystone 2019-08-08 4.3
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.