Total
3862 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7067 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | N/A |
| A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web interface is required to exploit this vulnerability. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix. | ||||
| CVE-2018-7058 | 1 Hp | 1 Aruba Clearpass Policy Manager | 2024-11-21 | N/A |
| Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent. | ||||
| CVE-2018-7034 | 1 Trendnet | 6 Tew-751dr, Tew-751dr Firmware, Tew-752dru and 3 more | 2024-11-21 | N/A |
| TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 devices allow authentication bypass via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | ||||
| CVE-2018-6960 | 1 Vmware | 1 Horizon Daas | 2024-11-21 | N/A |
| VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. | ||||
| CVE-2018-6908 | 1 Rainmachine | 4 Mini-8, Mini-8 Firmware, Touch Hd 12 and 1 more | 2024-11-21 | N/A |
| An authentication bypass vulnerability exists in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allowing an unauthenticated attacker to perform authenticated actions on the device via a 127.0.0.1:port value in the HTTP 'Host' header, as demonstrated by retrieving credentials. | ||||
| CVE-2018-6873 | 1 Auth0 | 1 Auth0.js | 2024-11-21 | N/A |
| The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated. | ||||
| CVE-2018-6689 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-11-21 | 7.8 High |
| Authentication Bypass vulnerability in McAfee Data Loss Prevention Endpoint (DLPe) 10.0.x earlier than 10.0.510, and 11.0.x earlier than 11.0.600 allows attackers to bypass local security protection via specific conditions. | ||||
| CVE-2018-6686 | 1 Mcafee | 1 Drive Encryption | 2024-11-21 | 6.6 Medium |
| Authentication Bypass vulnerability in TPM autoboot in McAfee Drive Encryption (MDE) 7.1.0 and above allows physically proximate attackers to bypass local security protection via specific set of circumstances. | ||||
| CVE-2018-6667 | 1 Mcafee | 1 Mcafee Web Gateway | 2024-11-21 | N/A |
| Authentication Bypass vulnerability in the administrative user interface in McAfee Web Gateway 7.8.1.0 through 7.8.1.5 allows remote attackers to execute arbitrary code via Java management extensions (JMX). | ||||
| CVE-2018-6617 | 1 Ehcp | 1 Easy Hosting Control Panel | 2024-11-21 | N/A |
| Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL server, allows attackers to change passwords of arbitrary database users by leveraging failure to ask for the current password. | ||||
| CVE-2018-6569 | 1 West-wind | 1 Web Connection | 2024-11-21 | N/A |
| West Wind Web Server 6.x does not require authentication for /ADMIN.ASP. | ||||
| CVE-2018-6547 | 1 Plays.tv | 1 Plays.tv | 2024-11-21 | N/A |
| plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user. | ||||
| CVE-2018-6546 | 1 Plays.tv | 1 Plays.tv | 2024-11-21 | N/A |
| plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user. | ||||
| CVE-2018-6328 | 1 Kaseya | 1 Unitrends Backup | 2024-11-21 | N/A |
| It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes. | ||||
| CVE-2018-6299 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2024-11-21 | N/A |
| Authentication bypass in Hanwha Techwin Smartcams | ||||
| CVE-2018-6294 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2024-11-21 | N/A |
| Unsecured way of firmware update in Hanwha Techwin Smartcams | ||||
| CVE-2018-6180 | 1 Themashabrand | 1 Online Voting Platform | 2024-11-21 | 9.8 Critical |
| A flaw in the profile section of Online Voting System 1.0 allows an unauthenticated user to set an arbitrary password for other accounts. | ||||
| CVE-2018-6020 | 1 Silextechnology | 8 Geh-500, Geh-500 Firmware, Geh-sd-320an and 5 more | 2024-11-21 | N/A |
| In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings. | ||||
| CVE-2018-6011 | 1 Rainmachine | 2 Mini-8, Mini-8 Firmware | 2024-11-21 | N/A |
| The time-based one-time-password (TOTP) function in the application logic of the Green Electronics RainMachine Mini-8 (2nd generation) uses the administrator's password hash to generate a 6-digit temporary passcode that can be used for remote and local access, aka a "Use of Password Hash Instead of Password for Authentication" issue. This is exploitable by an attacker who discovers a hash value in the rainmachine-settings.sqlite file. | ||||
| CVE-2018-5794 | 1 Extremewireless | 1 Wing | 2024-11-21 | N/A |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet. | ||||