Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2959 | 1 Olivaekspertiz | 1 Oliva Ekspertiz | 2023-08-16 | N/A | 7.5 HIGH |
| Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2. | |||||
| CVE-2023-1833 | 1 Redline | 1 Router Firmware | 2023-08-02 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17. | |||||
| CVE-2023-34137 | 1 Sonicwall | 2 Analytics, Global Management System | 2023-07-25 | N/A | 9.8 CRITICAL |
| SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions. | |||||
| CVE-2022-4722 | 1 Ikus-soft | 1 Rdiffweb | 2023-07-17 | N/A | 7.2 HIGH |
| Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-39245 | 1 Makedeb | 1 Mist | 2023-07-13 | N/A | 7.8 HIGH |
| Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist. | |||||
| CVE-2021-26726 | 1 Valmet | 1 Dna | 2023-06-30 | 8.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021. | |||||
| CVE-2023-28126 | 1 Ivanti | 1 Avalanche | 2023-05-16 | N/A | 5.9 MEDIUM |
| An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message. | |||||
| CVE-2022-40723 | 1 Pingidentity | 3 Pingfederate, Pingid Integration Kit, Radius Pcv | 2023-05-04 | N/A | 6.5 MEDIUM |
| The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | |||||
| CVE-2023-0777 | 1 Modoboa | 1 Modoboa | 2023-04-06 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. | |||||
| CVE-2023-27582 | 1 Maddy Project | 1 Maddy | 2023-03-17 | N/A | 9.8 CRITICAL |
| maddy is a composable, all-in-one mail server. Starting with version 0.2.0 and prior to version 0.6.3, maddy allows a full authentication bypass if SASL authorization username is specified when using the PLAIN authentication mechanisms. Instead of validating the specified username, it is accepted as is after checking the credentials for the authentication username. maddy 0.6.3 includes the fix for the bug. There are no known workarounds. | |||||
| CVE-2023-1307 | 1 Froxlor | 1 Froxlor | 2023-03-15 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | |||||
| CVE-2022-3100 | 2 Openstack, Redhat | 5 Barbican, Enterprise Linux Eus, Openstack and 2 more | 2023-01-26 | N/A | 5.9 MEDIUM |
| A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. | |||||
| CVE-2022-38064 | 1 Openharmony | 1 Openharmony | 2022-10-28 | N/A | 5.5 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. | |||||
| CVE-2021-3547 | 1 Openvpn | 1 Openvpn | 2022-10-27 | 5.8 MEDIUM | 7.4 HIGH |
| OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. | |||||
| CVE-2021-3850 | 2 Adodb Project, Debian | 2 Adodb, Debian Linux | 2022-10-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | |||||
| CVE-2021-21403 | 1 Kongchuanhujiao Project | 1 Kongchuanhujiao | 2022-10-24 | 7.5 HIGH | 9.8 CRITICAL |
| In github.com/kongchuanhujiao/server before version 1.3.21 there is an authentication Bypass by Primary Weakness vulnerability. All users are impacted. This is fixed in version 1.3.21. | |||||
| CVE-2022-2651 | 1 Joinbookwyrm | 1 Bookwyrm | 2022-09-29 | N/A | 9.8 CRITICAL |
| Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. | |||||
| CVE-2022-38081 | 1 Openharmony | 1 Openharmony | 2022-09-14 | N/A | 5.5 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. | |||||
| CVE-2022-38700 | 1 Openharmony | 1 Openharmony | 2022-09-14 | N/A | 8.8 HIGH |
| OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. | |||||
| CVE-2020-14359 | 1 Redhat | 1 Louketo Proxy | 2022-08-10 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in all versions of Keycloak Gatekeeper, where on using lower case HTTP headers (via cURL) an attacker can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers. | |||||