Total
3880 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24629 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.8 Critical |
| A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24612 | 1 Fedoraproject | 1 Selinux-policy | 2024-11-21 | 6.7 Medium |
| An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA. | ||||
| CVE-2020-24579 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. | ||||
| CVE-2020-24563 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.8 High |
| A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability. | ||||
| CVE-2020-24514 | 1 Intel | 4 Realsense Id F450, Realsense Id F450 Firmware, Realsense Id F455 and 1 more | 2024-11-21 | 6.8 Medium |
| Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | ||||
| CVE-2020-24029 | 1 Forlogic | 1 Qualiex | 2024-11-21 | 9.8 Critical |
| Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. | ||||
| CVE-2020-23139 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.5 Medium |
| Microweber 1.1.18 is affected by broken authentication and session management. Local session hijacking may occur, which could result in unauthorized access to system data or functionality, or a complete system compromise. | ||||
| CVE-2020-23058 | 1 File Explorer Project | 1 File Explorer | 2024-11-21 | 4.6 Medium |
| An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data. | ||||
| CVE-2020-22176 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 7.5 High |
| PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information. | ||||
| CVE-2020-21991 | 1 Ave | 13 53ab-wbs, 53ab-wbs Firmware, Dominaplus and 10 more | 2024-11-21 | 9.8 Critical |
| AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulnerability due to missing control check when directly calling the autologin GET parameter in changeparams.php script. Setting the autologin value to 1 allows an unauthenticated attacker to permanently disable the authentication security control and access the management interface with admin privileges without providing credentials. | ||||
| CVE-2020-21932 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 5.3 Medium |
| A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid. | ||||
| CVE-2020-1957 | 2 Apache, Debian | 2 Shiro, Debian Linux | 2024-11-21 | 9.8 Critical |
| Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | ||||
| CVE-2020-1878 | 1 Huawei | 2 Oxfords-an00a, Oxfords-an00a Firmware | 2024-11-21 | 5.5 Medium |
| Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D(C735E152R3P3),versions earlier than 10.0.1.160(C00E160R4P1) have an improper authentication vulnerability. Authentication to target component is improper when device performs an operation. Attackers exploit this vulnerability to obtain some information by loading malicious application, leading to information leak. | ||||
| CVE-2020-1864 | 1 Huawei | 2 Secospace Antiddos8000, Secospace Antiddos8000 Firmware | 2024-11-21 | 8.1 High |
| Some Huawei products have a security vulnerability due to improper authentication. A remote attacker needs to obtain some information and forge the peer device to send specific packets to the affected device. Due to the improper implementation of the authentication function, attackers can exploit the vulnerability to connect to affected devices and execute a series of commands.Affected product versions include:Secospace AntiDDoS8000 versions V500R001C00,V500R001C20,V500R001C60,V500R005C00. | ||||
| CVE-2020-1842 | 1 Huawei | 10 Hege-560, Hege-560 Firmware, Osca-550 and 7 more | 2024-11-21 | 6.8 Medium |
| Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege. | ||||
| CVE-2020-1840 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2024-11-21 | 6.0 Medium |
| HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8) | ||||
| CVE-2020-1838 | 1 Huawei | 2 Mate 30 Pro, Mate 30 Pro Firmware | 2024-11-21 | 5.5 Medium |
| HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) have is an improper authentication vulnerability. The device does not sufficiently validate certain credential of user's face, an attacker could craft the credential of the user, successful exploit could allow the attacker to pass the authentication with the crafted credential. | ||||
| CVE-2020-1833 | 1 Huawei | 2 Honor 9x, Honor 9x Firmware | 2024-11-21 | 2.4 Low |
| Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability. A logic error occurs when handling clock function, an attacker should do a series of crafted operations quickly before the phone is unlocked, successful exploit could allow the attacker to access clock information without unlock the phone. | ||||
| CVE-2020-1812 | 1 Huawei | 2 P30, P30 Firmware | 2024-11-21 | 7.8 High |
| HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P11) have an improper authentication vulnerability. Due to improperly validation of certain application, an attacker should trick the user into installing a malicious application to exploit this vulnerability. Successful exploit could allow the attacker to bypass the authentication to perform unauthorized operations. | ||||
| CVE-2020-1803 | 1 Huawei | 2 Honor V20, Honor V20 Firmware | 2024-11-21 | 5.3 Medium |
| Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C636E3R4P3),versions earlier than 10.0.0.180(C185E3R3P3),versions earlier than 10.0.0.180(C432E10R3P4) have an information disclosure vulnerability. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure. | ||||