Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4722 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 7.2 HIGH |
| Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-40723 | 1 Pingidentity | 3 Pingfederate, Pingid Integration Kit, Radius Pcv | 2024-11-21 | N/A | 6.5 MEDIUM |
| The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | |||||
| CVE-2022-39245 | 1 Makedeb | 1 Mist | 2024-11-21 | N/A | 8.4 HIGH |
| Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist. | |||||
| CVE-2022-38700 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 8.8 HIGH |
| OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. | |||||
| CVE-2022-38081 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 6.2 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. | |||||
| CVE-2022-38064 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 6.2 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. | |||||
| CVE-2022-2651 | 1 Joinbookwyrm | 1 Bookwyrm | 2024-11-21 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. | |||||
| CVE-2022-23729 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. | |||||
| CVE-2022-0451 | 1 Dart | 1 Dart Software Development Kit | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond. | |||||
| CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2024-11-21 | 7.5 HIGH | 7.7 HIGH |
| A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | |||||
| CVE-2021-43175 | 1 Goautodial | 2 Goautodial, Goautodial Api | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C | |||||
| CVE-2021-3850 | 2 Adodb Project, Debian | 2 Adodb, Debian Linux | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | |||||
| CVE-2021-3547 | 1 Openvpn | 1 Openvpn | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. | |||||
| CVE-2021-28503 | 1 Arista | 1 Eos | 2024-11-21 | 6.8 MEDIUM | 7.4 HIGH |
| The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. | |||||
| CVE-2021-26726 | 1 Valmet | 1 Dna | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021. | |||||
| CVE-2021-21403 | 1 Kongchuanhujiao Project | 1 Kongchuanhujiao | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21. | |||||
| CVE-2020-24683 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application. | |||||
| CVE-2020-15787 | 1 Siemens | 2 Simatic Hmi United Comfort Panels, Simatic Hmi United Comfort Panels Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | |||||
| CVE-2020-15078 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | |||||
| CVE-2020-15077 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
| OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | |||||