Weaknesses of type CWE-287
1,838 resultsCVE-2021-21378HIGHJWT authentication bypass with unknown issuer tokenEPSS 1.7%CVE-2021-43445CRITICALONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service oEPSS 1.7%CVE-2020-8253—Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10EPSS 1.7%CVE-2020-25165—BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4.33 and earlier The affected products arEPSS 1.7%CVE-2021-41157MEDIUMFreeSWITCH does not authenticate SIP SUBSCRIBE requests by defaultEPSS 1.7%CVE-2021-36368LOWAn issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=vEPSS 1.7%CVE-2022-31020HIGHRemote code execution in Indy's NODE_UPGRADE transactionEPSS 1.7%CVE-2020-25719—A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DCEPSS 1.7%CVE-2019-20464HIGHAn issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to strEPSS 1.7%CVE-2021-31349CRITICALSession Smart Router: Authentication Bypass VulnerabilityEPSS 1.7%CVE-2018-5387—Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be aEPSS 1.7%CVE-2021-21335MEDIUMBasic Authentication can be bypassed using a malformed usernameEPSS 1.7%CVE-2018-3761—Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowEPSS 1.7%CVE-2022-36436CRITICALOSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerabEPSS 1.7%CVE-2019-14856MEDIUMansible before versions 2.8.6, 2.7.14, 2.6.20 is vulnerable to a NoneEPSS 1.6%CVE-2020-15136MEDIUMImproper authentication in etcdEPSS 1.6%CVE-2019-15585—Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitEPSS 1.6%CVE-2019-18341MEDIUMA vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the CoEPSS 1.6%CVE-2022-45922HIGHAn issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdmEPSS 1.6%CVE-2018-3822—X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a user impersonation attack via incorrect XML canonicalization and DOM trEPSS 1.6%