ReportizFlow
Filtered by vendor
Subscriptions
Total
4424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 9.8 Critical |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | ||||
| CVE-2011-4338 | 1 Shaman Project | 1 Shaman | 2024-11-21 | 7.8 High |
| Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password. | ||||
| CVE-2011-4068 | 1 Packetfence | 1 Packetfence | 2024-11-21 | N/A |
| The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | ||||
| CVE-2011-2054 | 1 Cisco | 24 Asa 5500, Asa 5500 Firmware, Asa 5510 and 21 more | 2024-11-21 | 4.3 Medium |
| A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. | ||||
| CVE-2010-2496 | 1 Clusterlabs | 2 Cluster Glue, Pacemaker | 2024-11-21 | 5.5 Medium |
| stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | ||||
| CVE-2002-2438 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 High |
| TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. | ||||
| CVE-2024-11209 | 1 Apereo | 2 Cas Server, Central Authentication Service | 2024-11-19 | 6.3 Medium |
| A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-49376 | 1 Autolabproject | 1 Autolab | 2024-11-15 | 8.8 High |
| Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist. | ||||
| CVE-2024-47768 | 1 Lifplatforms | 1 Lif Authentication Server | 2024-11-13 | 8.1 High |
| Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3. | ||||
| CVE-2023-29117 | 2 Enel X, Enelx | 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware | 2024-11-08 | 8.8 High |
| Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system. | ||||
| CVE-2024-31800 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2024-10-30 | 6.8 Medium |
| Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. | ||||
| CVE-2024-7763 | 1 Progress | 1 Whatsup Gold | 2024-10-30 | 9.8 Critical |
| In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | ||||
| CVE-2024-10173 | 2 Didi, Didiglobal | 2 Ddmq, Ddmq | 2024-10-22 | 7.3 High |
| A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Console Module. The manipulation with the input /;login leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-47127 | 1 Gotenna | 2 Gotenna Pro, Pro App | 2024-10-17 | 6.5 Medium |
| In the goTenna Pro App there is a vulnerability that makes it possible to inject any custom message with any GID and Callsign using a software defined radio in existing goTenna mesh networks. This vulnerability can be exploited if the device is being used in an unencrypted environment or if the cryptography has already been compromised. It is advised to share encryption keys via QR scanning for higher security operations and update your app to the current release for enhanced encryption protocols. | ||||
| CVE-2024-47125 | 1 Gotenna | 2 Gotenna Pro, Pro App | 2024-10-17 | 8.1 High |
| The goTenna Pro App does not authenticate public keys which allows an unauthenticated attacker to manipulate messages. It is advised to update your app to the current release for enhanced encryption protocols. | ||||
| CVE-2024-45148 | 1 Adobe | 4 Adobe Commerce, Commerce, Commerce B2b and 1 more | 2024-10-16 | 8.8 High |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45115 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2024-10-11 | 9.8 Critical |
| Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-45823 | 1 Rockwellautomation | 1 Factorytalk Batch View | 2024-10-02 | 8.1 High |
| CVE-2024-45823 IMPACT An authentication bypass vulnerability exists in the affected product. The vulnerability exists due to shared secrets across accounts and could allow a threat actor to impersonate a user if the threat actor is able to enumerate additional information required during authentication. | ||||
| CVE-2023-45038 | 1 Qnap | 1 Music Station | 2024-09-29 | 4.3 Medium |
| An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later | ||||
| CVE-2024-0002 | 1 Purestorage | 2 Flasharray, Purity\/\/fa | 2024-09-27 | 10 Critical |
| A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array. | ||||