Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10835 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | |||||
| CVE-2018-20937 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 68.0.27 does not validate database and dbuser names during renames (SEC-321). | |||||
| CVE-2016-10831 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 6.5 MEDIUM | 7.2 HIGH |
| cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | |||||
| CVE-2019-7163 | 1 Tcl | 2 Alcatel Linkzone, Alcatel Linkzone Firmware | 2019-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| The web interface of Alcatel LINKZONE MW40-V-V1.0 MW40_LU_02.00_02 devices is vulnerable to an authentication bypass that allows an unauthenticated user to have access to the web interface without knowing the administrator's password. | |||||
| CVE-2018-20924 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 7.5 HIGH | 5.5 MEDIUM |
| cPanel before 70.0.23 allows arbitrary file-read and file-unlink operations via WHM style uploads (SEC-378). | |||||
| CVE-2013-2157 | 1 Openstack | 1 Keystone | 2019-08-08 | 4.3 MEDIUM | N/A |
| OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. | |||||
| CVE-2012-3424 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 5.0 MEDIUM | N/A |
| The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method. | |||||
| CVE-2018-20888 | 1 Cpanel | 1 Cpanel | 2019-08-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| cPanel before 74.0.0 allows file modification in the context of the root account because of incorrect HTTP authentication (SEC-424). | |||||
| CVE-2016-10826 | 1 Cpanel | 1 Cpanel | 2019-08-06 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | |||||
| CVE-2018-17213 | 1 Printeron | 1 Central Print Services | 2019-08-05 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform other attacks. | |||||
| CVE-2005-4851 | 1 Ez | 1 Ez Publish | 2019-07-31 | 4.0 MEDIUM | N/A |
| eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects. | |||||
| CVE-2018-13927 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2019-07-24 | 7.2 HIGH | 7.8 HIGH |
| Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130 | |||||
| CVE-2005-3979 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2019-07-16 | 5.0 MEDIUM | N/A |
| relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request. | |||||
| CVE-2014-1984 | 1 Cybozu | 1 Remote Service Manager | 2019-07-16 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2013-4958 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 6.9 MEDIUM | N/A |
| Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. | |||||
| CVE-2013-4965 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 5.0 MEDIUM | N/A |
| Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack. | |||||
| CVE-2013-4966 | 1 Puppet | 1 Puppet Enterprise | 2019-07-10 | 6.4 MEDIUM | N/A |
| The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console. | |||||
| CVE-2012-5158 | 2 Puppet, Puppetlabs | 2 Puppet Enterprise, Puppet | 2019-07-10 | 4.0 MEDIUM | N/A |
| Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors. | |||||
| CVE-2018-11426 | 1 Moxa | 4 Oncell G3150-hspa, Oncell G3150-hspa-t, Oncell G3150-hspa-t Firmware and 1 more | 2019-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| A weak Cookie parameter is used in the web application of Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. An attacker can brute force parameters required to bypass authentication and access the web interface to use all its functions except for password change. | |||||
| CVE-2019-5964 | 1 Idoors | 1 Idoors Reader | 2019-07-10 | 5.8 MEDIUM | 8.8 HIGH |
| iDoors Reader 2.10.17 and earlier allows an attacker on the same network segment to bypass authentication to access the management console and operate the product via unspecified vectors. | |||||