Total
3634 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-13789 | 1 Descor | 1 Infocad Fm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers. | |||||
| CVE-2018-13446 | 1 Linecorp | 1 Line | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred | |||||
| CVE-2018-13435 | 1 Linecorp | 1 Line | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred | |||||
| CVE-2018-13434 | 1 Linecorp | 1 Line | 2024-11-21 | 4.4 MEDIUM | 6.3 MEDIUM |
| An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred | |||||
| CVE-2018-13060 | 1 Easyappointments | 1 Easy\!appointments | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. | |||||
| CVE-2018-12984 | 1 Hycus Cms Project | 1 Hycus Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials. | |||||
| CVE-2018-12804 | 1 Adobe | 1 Connect | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking. | |||||
| CVE-2018-12667 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) is affected by an improper authentication vulnerability that allows requests to be made to back-end CGI scripts without a valid session. This vulnerability could be used to read and modify the configuration. The vulnerability affects all versions. | |||||
| CVE-2018-12666 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SV3C L-SERIES HD CAMERA V2.3.4.2103-S50-NTD-B20170508B devices improperly identifies users only by the authentication level sent in the cookies, which allow remote attackers to bypass authentication and gain administrator access by setting the authLevel cookie to 255. | |||||
| CVE-2018-12613 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). | |||||
| CVE-2018-12575 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. | |||||
| CVE-2018-12551 | 1 Eclipse | 1 Mosquitto | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability. | |||||
| CVE-2018-12472 | 1 Suse | 1 Subscription Management Tool | 2024-11-21 | 6.4 MEDIUM | 7.3 HIGH |
| A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37. | |||||
| CVE-2018-12455 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie. | |||||
| CVE-2018-12446 | 1 Dropbox | 1 Dropbox | 2024-11-21 | 3.3 LOW | 3.6 LOW |
| An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred | |||||
| CVE-2018-12445 | 1 Dropbox | 1 Dropbox | 2024-11-21 | 3.3 LOW | 3.1 LOW |
| An issue was discovered in the com.dropbox.android application 98.2.2 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred | |||||
| CVE-2018-12399 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox < 63. | |||||
| CVE-2018-12271 | 1 Dropbox | 1 Dropbox | 2024-11-21 | 6.9 MEDIUM | 6.4 MEDIUM |
| An issue was discovered in the com.getdropbox.Dropbox app 100.2 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred | |||||
| CVE-2018-12242 | 1 Symantec | 1 Messaging Gateway | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. | |||||
| CVE-2018-12192 | 1 Intel | 2 Converged Security Management Engine Firmware, Server Platform Services Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access. | |||||