| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables. |
| An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating. |
| An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot. |
| An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator. |
| An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. |
| An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges. |
| Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. |
| An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability. |
| An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root. |
| Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. |
| rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. |
| net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. |
| The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. |
| An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request, the safe does not check the PIN code, so an attacker can obtain authorization using any value. Once an attacker sees the Bluetooth Low Energy (BLE) advertisement for the safe, they need only to write a BLE characteristic to enable notifications, and send a crafted getAuthor packet that returns a temporary key, and an unlock packet including that temporary key. The safe then opens after the unlock packet is processed, with no verification of PIN or other credentials. |
| The UserPro plugin before 4.9.17.1 for WordPress, when used on a site with the "admin" username, allows remote attackers to bypass authentication and obtain administrative access via a "true" value for the up_auto_log parameter in the QUERY_STRING to the default URI. |
| On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not require authentication, which allows remote attackers to read or replace core system files including those used for authentication (such as passwd and shadow). This can be abused to take full root level control of the device. |
| The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. |
| An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team. |
| In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. |
| SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. |
