Total
4065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24612 | 1 Fedoraproject | 1 Selinux-policy | 2024-11-21 | 1.9 LOW | 6.7 MEDIUM |
|
An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing ...
Show More |
|||||
| CVE-2020-24579 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.
|
|||||
| CVE-2020-24563 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability.
|
|||||
| CVE-2020-24514 | 1 Intel | 4 Realsense Id F450, Realsense Id F450 Firmware, Realsense Id F455 and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
|
|||||
| CVE-2020-23139 | 1 Microweber | 1 Microweber | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise.
|
|||||
| CVE-2020-23058 | 1 File Explorer Project | 1 File Explorer | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.
|
|||||
| CVE-2020-22176 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information.
|
|||||
| CVE-2020-21991 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials.
|
|||||
| CVE-2020-21932 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid.
|
|||||
| CVE-2020-1878 | 1 Huawei | 2 Oxfords-an00a, Oxfords-an00a Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak.
|
|||||
| CVE-2020-1864 | 1 Huawei | 2 Secospace Antiddos8000, Secospace Antiddos8000 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00.
|
|||||
| CVE-2020-1842 | 1 Huawei | 10 Hege-560, Hege-560 Firmware, Osca-550 and 7 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege.
|
|||||
| CVE-2020-1840 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
|
HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8)
|
|||||
| CVE-2020-1838 | 1 Huawei | 2 Mate 30 Pro, Mate 30 Pro Firmware | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential.
|
|||||
| CVE-2020-1833 | 1 Huawei | 2 Honor 9x, Honor 9x Firmware | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without unlock the phone.
|
|||||
| CVE-2020-1812 | 1 Huawei | 2 P30, P30 Firmware | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations.
|
|||||
| CVE-2020-1803 | 1 Huawei | 2 Honor V20, Honor V20 Firmware | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
|
Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure.
|
|||||
| CVE-2020-1801 | 1 Huawei | 4 Mate 30, Mate 30 Firmware, Mate 30 Pro and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There is an improper authentication vulnerability in several smartphones. Certain function interface in the system does not sufficiently validate the caller's identity in certain share scenario, successful exploit could cause information disclosure. Affected product versions include:Mate 30 Pro versions Versions earlier than 10.0.0.205(C00E202R7P2);Mate 30 versions Versions earlier than 10.0.0.205(C00E201R7P2).
|
|||||
| CVE-2020-1798 | 1 Huawei | 2 P30, P30 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege.
|
|||||
| CVE-2020-1794 | 1 Huawei | 4 Mate 20, Mate 20 Firmware, Mate 30 Pro and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).
|
|||||
| CVE-2020-1793 | 1 Huawei | 4 Mate 20, Mate 20 Firmware, Mate 30 Pro and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
There is an improper authentication vulnerability in several smartphones. The applock does not perform a sufficient authentication in certain scenarios, successful exploit could allow the attacker to gain certain data of the application which is locked. Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2).
|
|||||
| CVE-2020-1789 | 1 Huawei | 8 Osca-550, Osca-550 Firmware, Osca-550a and 5 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with version 1.0.1.21(SP3) have an insufficient authentication vulnerability. The software does not require a strong credential when the user trying to do certain operations. Successful exploit could allow an attacker to pass the authentication and do certain operations by a weak credential.
|
|||||
| CVE-2020-1788 | 1 Huawei | 2 Honor V30, Honor V30 Firmware | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure.
|
|||||
| CVE-2020-1787 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2024-11-21 | 7.2 HIGH | 6.6 MEDIUM |
|
HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could allow the attacker who gains the privilege of guest user to access to the host user's desktop in an instant, without unlocking the screen lock of the host user.
|
|||||
| CVE-2020-1786 | 1 Huawei | 2 Mate 20 Pro, Mate 20 Pro Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function.
|
|||||
| CVE-2020-1778 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.0 MEDIUM | 4.1 MEDIUM |
|
When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid. This issue affects OTRS; 8.0.9 and prior versions.
|
|||||
| CVE-2020-1718 | 1 Redhat | 3 Jboss Fuse, Keycloak, Openshift Application Runtimes | 2024-11-21 | 6.5 MEDIUM | 7.1 HIGH |
|
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.
|
|||||
| CVE-2020-1637 | 1 Juniper | 1 Junos | 2024-11-21 | 5.8 MEDIUM | 7.2 HIGH |
|
A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy. This issue might occur when the IP address range configured in the Infranet Controller (IC) is configured as an IP address range instead of an IP address/netmask. See the Workaround section for more detail. The Junos OS Enforcer CLI settings are disabled by default. This issue affects Juniper Networks Junos OS on SRX S ...
Show More |
|||||
| CVE-2020-1618 | 1 Juniper | 16 Ex2300, Ex2300-c, Ex3400 and 13 more | 2024-11-21 | 6.9 MEDIUM | 6.3 MEDIUM |
|
On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password. This issue might only occur in certain scenarios: • At the first reboot after performing device factory reset using the command “request system zeroize”; or • A temporary moment during the first reboot after the software upgrade when the device configured in Virtual Chassis mode. This issue affects Juniper Networks Junos OS on EX and ...
Show More |
|||||
| CVE-2020-19888 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
DBHcms v1.2.0 has an unauthorized operation vulnerability because there's no access control at line 175 of dbhcms\page.php for empty cache operation. This vulnerability can be exploited to empty a table.
|
|||||
| CVE-2020-19111 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
|
|||||
| CVE-2020-19037 | 1 Halo | 1 Halo | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
|
|||||
| CVE-2020-17523 | 1 Apache | 1 Shiro | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
|
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
|
|||||
| CVE-2020-17510 | 2 Apache, Debian | 2 Shiro, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
|
|||||
| CVE-2020-16839 | 1 Crestron | 6 Dm-nvx-dir-160, Dm-nvx-dir-160 Firmware, Dm-nvx-dir-80 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before the DM-XIO/1-0-3-802 patch, the password can be changed by sending an unauthenticated WebSocket request.
|
|||||
| CVE-2020-16251 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 HIGH | 8.2 HIGH |
|
HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.
|
|||||
| CVE-2020-16169 | 1 Robotemi | 1 Robox Os | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified vectors.
|
|||||
| CVE-2020-16102 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 6.4 MEDIUM | 7.1 HIGH |
|
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.
|
|||||
| CVE-2020-16098 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.
|
|||||
| CVE-2020-16088 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has the wrong logic for checking whether a public key matches.
|
|||||