Falhas do tipo CWE-592

24 resultados
CVE-2018-10933CRITICALA vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels wiEPSS 91.8%CVE-2016-8371The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.EPSS 11.2%CVE-2018-14643CRITICALAn authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remoEPSS 6.0%CVE-2016-8616LOWA flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and passEPSS 3.5%CVE-2014-5432Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible viaEPSS 2.6%CVE-2018-1085CRITICALopenshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to EPSS 2.2%CVE-2017-2684Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network accessEPSS 2.0%CVE-2018-10847MEDIUMprosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated wiEPSS 1.7%CVE-2012-4688I-GEN opLYNX Central Authentication BypassEPSS 1.6%CVE-2019-10198MEDIUMAn authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_reEPSS 1.6%CVE-2014-2367Advantech WebAccess Authentication Bypass IssuesEPSS 1.5%CVE-2017-7537MEDIUMIt was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package beforEPSS 1.5%CVE-2019-3899HIGHIt was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misusEPSS 1.4%CVE-2019-14843HIGHA flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be usedEPSS 1.2%CVE-2017-2650It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commEPSS 1.1%CVE-2019-14909CRITICALA vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or vEPSS 1.1%CVE-2019-14910CRITICALA vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS froEPSS 1.1%CVE-2026-43512CRITICALApache Tomcat: Digest authenticator will authenticate any unknown userEPSS 0.9%CVE-2019-10201HIGHIt was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML EPSS 0.7%CVE-2017-7536In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, whiEPSS 0.5%