Total
281 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9510 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2024-11-21 | 5.3 Medium |
| A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later. | ||||
| CVE-2019-6551 | 1 Pangea-comm | 1 Fax Ata | 2024-11-21 | 7.5 High |
| Pangea Communications Internet FAX ATA all Versions 3.1.8 and prior allow an attacker to bypass user authentication using a specially crafted URL to cause the device to reboot, which may be used to cause a continual denial-of-service condition. | ||||
| CVE-2019-5486 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.8 High |
| A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements. | ||||
| CVE-2019-5473 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.2 High |
| An authentication issue was discovered in GitLab that allowed a bypass of email verification. This was addressed in GitLab 12.1.2 and 12.0.4. | ||||
| CVE-2019-5455 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 6.8 Medium |
| Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. | ||||
| CVE-2019-5453 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 6.1 Medium |
| Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. | ||||
| CVE-2019-5451 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.6 Medium |
| Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. | ||||
| CVE-2019-5165 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 7.2 High |
| An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. | ||||
| CVE-2019-3758 | 1 Rsa | 1 Archer | 2024-11-21 | 9.8 Critical |
| RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts. | ||||
| CVE-2019-18250 | 1 Abb | 2 Plant Connect, Power Generation Information Manager | 2024-11-21 | 9.8 Critical |
| In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authentication and extract credentials from the affected device. | ||||
| CVE-2019-13526 | 1 Datalogic | 2 Av7000, Av7000 Firmware | 2024-11-21 | N/A |
| Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to authentication bypass, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2018-8859 | 1 Echelon | 8 I.lon 100, I.lon 100 Firmware, I.lon 600 and 5 more | 2024-11-21 | N/A |
| Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product. | ||||
| CVE-2018-5386 | 1 Navarino | 1 Infinity | 2024-11-21 | N/A |
| Some Navarino Infinity functions, up to version 2.2, placed in the URL can bypass any authentication mechanism leading to an information leak. | ||||
| CVE-2018-4852 | 1 Siemens | 4 Siclock Tc100, Siclock Tc100 Firmware, Siclock Tc400 and 1 more | 2024-11-21 | N/A |
| A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mechanism if he/she is able to obtain certain knowledge specific to the attacked device. | ||||
| CVE-2018-19000 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | N/A |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows an authentication bypass, which may allow an attacker access to sensitive data. | ||||
| CVE-2018-17918 | 1 Circontrol | 2 Circarlife, Circarlife Firmware | 2024-11-21 | N/A |
| Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page. | ||||
| CVE-2018-10841 | 3 Debian, Gluster, Redhat | 4 Debian Linux, Glusterfs, Enterprise Linux and 1 more | 2024-11-21 | 8.8 High |
| glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes. | ||||
| CVE-2016-9497 | 1 Hughes | 8 Dw7000, Dw7000 Firmware, Hn7000s and 5 more | 2024-11-21 | N/A |
| Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, is vulnerable to an authentication bypass using an alternate path or channel. By default, port 1953 is accessible via telnet and does not require authentication. An unauthenticated remote user can access many administrative commands via this interface, including rebooting the modem. | ||||
| CVE-2024-10924 | 1 Really-simple-plugins | 1 Really Simple Security | 2024-11-20 | 9.8 Critical |
| The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default). | ||||
| CVE-2024-10311 | 2 Cmorillas1, Wordpress | 2 External Database Based Actions, External Database Based Actions | 2024-11-19 | 7.5 High |
| The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator. | ||||