Filtered by CWE-287
Filtered by vendor Subscriptions
Total 3889 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-3884 1 Redhat 1 Openshift 2024-11-21 5.4 Medium
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
CVE-2019-3878 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more 11 Ubuntu Linux, Fedora, Mod Auth Mellon and 8 more 2024-11-21 N/A
A vulnerability was found in mod_auth_mellon before v0.14.2. If Apache is configured as a reverse proxy and mod_auth_mellon is configured to only let through authenticated users (with the require valid-user directive), adding special HTTP headers that are normally used to start the special SAML ECP (non-browser based) can be used to bypass authentication.
CVE-2019-3825 3 Canonical, Gnome, Redhat 3 Ubuntu Linux, Gnome Display Manager, Enterprise Linux 2024-11-21 N/A
A vulnerability was discovered in gdm before 3.31.4. When timed login is enabled in configuration, an attacker could bypass the lock screen by selecting the timed login user and waiting for the timer to expire, at which time they would gain access to the logged-in user's session.
CVE-2019-3820 4 Canonical, Gnome, Opensuse and 1 more 5 Ubuntu Linux, Gnome-shell, Leap and 2 more 2024-11-21 4.3 Medium
It was discovered that the gnome-shell lock screen since version 3.15.91 did not properly restrict all contextual actions. An attacker with physical access to a locked workstation could invoke certain keyboard shortcuts, and potentially other actions.
CVE-2019-3798 1 Cloudfoundry 1 Capi-release 2024-11-21 N/A
Cloud Foundry Cloud Controller API Release, versions prior to 1.79.0, contains improper authentication when validating user permissions. A remote authenticated malicious user with the ability to create UAA clients and knowledge of the email of a victim in the foundation may escalate their privileges to that of the victim by creating a client with a name equal to the guid of their victim.
CVE-2019-3775 1 Cloudfoundry 1 Uaa Release 2024-11-21 N/A
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
CVE-2019-3654 2 Mcafee, Microsoft 2 Client Proxy, Windows 2024-11-21 5.3 Medium
Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for a short period of time via generating an authorization key on the client which should only be generated by the network administrator.
CVE-2019-3584 1 Mcafee 1 Mvision Endpoint 2024-11-21 N/A
Exploitation of Authentication vulnerability in MVision Endpoint in McAfee MVision Endpoint Prior to 1811 Update 1 (18.11.31.62) allows authenticated administrator users --> administrators to Remove MVision Endpoint via unspecified vectors.
CVE-2019-2018 1 Google 1 Android 2024-11-21 N/A
In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Remote user interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID: A-110172241
CVE-2019-20933 2 Debian, Influxdata 2 Debian Linux, Influxdb 2024-11-21 9.8 Critical
InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).
CVE-2019-20879 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 Medium
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.
CVE-2019-20875 1 Mattermost 1 Mattermost Server 2024-11-21 5.3 Medium
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.
CVE-2019-20833 1 Foxitsoftware 1 Phantompdf 2024-11-21 7.5 High
An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mishandling of cloud credentials, as demonstrated by Google Drive.
CVE-2019-20786 1 Pion 1 Dtls 2024-11-21 9.8 Critical
handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion.
CVE-2019-20620 1 Google 1 Android 2024-11-21 7.5 High
An issue was discovered on Samsung mobile devices with P(9.0) software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 (March 2019).
CVE-2019-20618 1 Google 1 Android 2024-11-21 7.5 High
An issue was discovered on Samsung mobile devices with P(9.0) software. The Pin Window feature allows unauthenticated unpinning of an app. The Samsung ID is SVE-2018-13765 (March 2019).
CVE-2019-20565 1 Google 1 Android 2024-11-21 7.5 High
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019).
CVE-2019-20533 1 Google 1 Android 2024-11-21 3.3 Low
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (released in China or India) software. The S Secure app can launch masked apps without a password. The Samsung ID is SVE-2019-13996 (December 2019).
CVE-2019-20489 1 Netgear 2 Wnr1000, Wnr1000 Firmware 2024-11-21 9.8 Critical
An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web management interface (setup.cgi) has an authentication bypass and other problems that ultimately allow an attacker to remotely compromise the device from a malicious webpage. The attacker sends an FW_remote.htm&todo=cfg_init request without a cookie, reads the Set-Cookie header in the 401 Unauthorized response, and then repeats the FW_remote.htm&todo=cfg_init request with the specified cookie.
CVE-2019-20481 1 Miele 2 Xgw 3000 Zigbee Gateway, Xgw 3000 Zigbee Gateway Firmware 2024-11-21 9.8 Critical
In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password. This can be exploited in conjunction with CVE-2019-20480.