Total
102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2959 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2024-11-21 | N/A | 7.5 HIGH |
| Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2. | |||||
| CVE-2023-27582 | 1 Maddy Project | 1 Maddy | 2024-11-21 | N/A | 9.1 CRITICAL |
| maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds. | |||||
| CVE-2023-1833 | 1 Redline | 1 Router Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17. | |||||
| CVE-2023-1307 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | |||||
| CVE-2023-0777 | 1 Modoboa | 1 Modoboa | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2022-4722 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 7.2 HIGH |
| Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-40723 | 1 Pingidentity | 3 Pingfederate, Pingid Integration Kit, Radius Pcv | 2024-11-21 | N/A | 6.5 MEDIUM |
| The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | |||||
| CVE-2022-39245 | 1 Makedeb | 1 Mist | 2024-11-21 | N/A | 8.4 HIGH |
| Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist. | |||||
| CVE-2022-38700 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 8.8 HIGH |
| OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. | |||||
| CVE-2022-38081 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 6.2 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. | |||||
| CVE-2022-38064 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 6.2 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. | |||||
| CVE-2022-2651 | 1 Joinbookwyrm | 1 Bookwyrm | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. | |||||
| CVE-2022-23729 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. | |||||
| CVE-2022-0451 | 1 Dart | 1 Dart Software Development Kit | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond. | |||||
| CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2024-11-21 | 7.5 HIGH | 7.7 HIGH |
| A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | |||||
| CVE-2021-43175 | 1 Goautodial | 2 Goautodial, Goautodial Api | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C | |||||
| CVE-2021-3850 | 2 Adodb Project, Debian | 2 Adodb, Debian Linux | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | |||||
| CVE-2021-3547 | 1 Openvpn | 1 Openvpn | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. | |||||
| CVE-2021-28503 | 1 Arista | 1 Eos | 2024-11-21 | 6.8 MEDIUM | 7.4 HIGH |
| The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. | |||||
| CVE-2021-26726 | 1 Valmet | 1 Dna | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021. | |||||