Vulnerabilities (CVE)

CWE filter

CWE-287

Filter

1411 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-12242 1 Symantec 1 Messaging Gateway 2018-12-08 7.5
The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to...
CVE-2018-17176 1 Neatorobotics 3 Botvac D4 Connected Firmware, Botvac D6 Connected Firmware, Botvac D7 Connected Firmware 2018-12-07 5.0
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are...
CVE-2018-16225 2 Qbeecam, Swisscom 3 Qbeecam, Swisscom Home App, Qbee Multi-sensor Camera Firmware 2018-12-07 6.1
The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients (such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android), which results in an attacker...
CVE-2018-7989 1 Huawei 1 Mate 10 Pro Firmware 2018-12-06 2.1
Huawei Mate 10 pro smartphones with the versions before BLA-AL00B 8.1.0.326(C00) have an improper authentication vulnerability. App Lock is a function to prevent unauthorized use of apps on smartphones, an attacker could directly change the lock...
CVE-2016-10732 1 Projectsend 1 Projectsend 2018-12-06 7.5
ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php.
CVE-2018-11787 1 Apache 1 Karaf 2018-12-06 6.8
In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives...
CVE-2018-0435 1 Cisco 1 Umbrella 2018-12-04 6.5
A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API...
CVE-2018-18891 1 1234n 1 Minicms 2018-12-03 6.4
MiniCMS 1.10 allows file deletion via /mc-admin/post.php?state=delete&delete= because the authentication check occurs too late.
CVE-2018-7076 1 Hp 1 Intelligent Management Center 2018-12-03 10.0
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) prior to iMC PLAT 7.3 E0605P04.
CVE-2012-3408 1 Puppetlabs 1 Puppet 2018-12-03 2.6
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a...
CVE-2018-12455 1 Intelbras 1 Nplug Firmware 2018-11-28 9.3
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
CVE-2018-1738 1 Ibm 1 Security Key Lifecycle Manager 2018-11-28 5.5
IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0 could allow an authenticated user to obtain highly sensitive information or jeopardize system integrity due to improper authentication mechanisms. IBM X-Force ID: 147907.
CVE-2018-1745 1 Ibm 1 Security Key Lifecycle Manager 2018-11-28 7.8
IBM Security Key Lifecycle Manager 2.7 and 3.0 could allow an unauthenticated user to restart the SKLM server due to missing authentication. IBM X-Force ID: 148424.
CVE-2018-18061 1 Tecrail 1 Responsive Filemanager 2018-11-28 6.4
An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. Attackers can access the file manager interface that provides them with the ability to upload and delete files.
CVE-2017-7660 1 Apache 1 Solr 2018-11-28 5.0
Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick...
CVE-2018-7572 1 Pulsesecure 1 Pulse Secure Desktop 2018-11-27 7.2
Pulse Secure Client 9.0R1 and 5.3RX before 5.3R5, when configured to authenticate VPN users during Windows Logon, can allow attackers to bypass Windows authentication and execute commands on the system with the privileges of Pulse Secure Client....
CVE-2018-12472 1 Suse 1 Subscription Management Tool 2018-11-27 6.4
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
CVE-2018-15542 1 Telegram 1 Telegram 2018-11-26 4.4
** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words,...
CVE-2018-15543 1 Telegram 1 Telegram 2018-11-24 4.6
** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to...
CVE-2018-1539 1 Ibm 1 Rational Engineering Lifecycle Manager 2018-11-23 6.4
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.