Total
14 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-1202 | 2024-04-11 | N/A | 9.8 CRITICAL | ||
Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that the product is not supported. | |||||
CVE-2023-6153 | 2024-03-27 | N/A | 9.8 CRITICAL | ||
Authentication Bypass by Primary Weakness vulnerability in TeoSOFT Software TeoBASE allows Authentication Bypass.This issue affects TeoBASE: through 20240327. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2023-7103 | 2024-03-05 | N/A | 9.8 CRITICAL | ||
Authentication Bypass by Primary Weakness vulnerability in ZKSoftware Biometric Security Solutions UFace 5 allows Authentication Bypass.This issue affects UFace 5: through 12022024. | |||||
CVE-2024-1403 | 2024-02-28 | N/A | 10.0 CRITICAL | ||
In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication. | |||||
CVE-2023-2959 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2023-12-10 | N/A | 7.5 HIGH |
Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2. | |||||
CVE-2023-1833 | 1 Redline | 1 Router Firmware | 2023-12-10 | N/A | 9.8 CRITICAL |
Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17. | |||||
CVE-2023-0777 | 1 Modoboa | 1 Modoboa | 2023-12-10 | N/A | 9.8 CRITICAL |
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
CVE-2023-1307 | 1 Froxlor | 1 Froxlor | 2023-12-10 | N/A | 9.8 CRITICAL |
Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | |||||
CVE-2022-3100 | 2 Openstack, Redhat | 5 Barbican, Enterprise Linux Eus, Openstack and 2 more | 2023-12-10 | N/A | 5.9 MEDIUM |
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. | |||||
CVE-2022-2651 | 1 Joinbookwyrm | 1 Bookwyrm | 2023-12-10 | N/A | 9.8 CRITICAL |
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. | |||||
CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2023-12-10 | 7.5 HIGH | 7.7 HIGH |
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | |||||
CVE-2020-14359 | 1 Redhat | 1 Louketo Proxy | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. | |||||
CVE-2020-15787 | 1 Siemens | 2 Simatic Hmi United Comfort Panels, Simatic Hmi United Comfort Panels Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
A vulnerability has been identified in SIMATIC HMI Unified Comfort Panels (All versions <= V16). Affected devices insufficiently validate authentication attempts as the information given can be truncated to match only a set number of characters versus the whole provided string. This could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. | |||||
CVE-2020-10923 | 1 Netgear | 2 R6700, R6700 Firmware | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642. |