Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-288 (使用候选路径或通道进行的认证绕过) — Vulnerability Class 435

435 vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-27453 Mesa Labs AmegaView authentication bypass — AmegaView 7.3 High2021-12-21
CVE-2021-43935 ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products — Welch Allyn Q-Stress Cardiac Stress Testing System 8.1 High2021-12-15
CVE-2021-36308 Dell Networking OS10 授权问题漏洞 — Networking OS 5.9 Medium2021-11-20
CVE-2021-41292 ECOA BAS controller - Broken Authentication — ECS Router Controller ECS (FLASH) 9.8 Critical2021-09-30
CVE-2021-33700 SAP Business One 授权问题漏洞 — SAP Business One 7.8 -2021-09-15
CVE-2021-32967 Delta Electronics DIAEnergie 授权问题漏洞 — Delta Electronics DIAEnergie 9.8 -2021-08-30
CVE-2021-28131 Impala logs contain secrets — Apache Impala 8.8 -2021-07-22
CVE-2020-27865 D-Link DAP-1860和TCP 授权问题漏洞 — DAP-1860 8.8 -2021-02-11
CVE-2020-27866 多款Netgear产品授权问题漏洞 — Multiple Routers 8.8 -2021-02-11
CVE-2020-27863 D-Link DVA-2800 and DSL-2888A 授权问题漏洞 — Multiple Routers 6.5 -2021-02-11
CVE-2020-13185 Teradici Cloud Access Connector 安全漏洞 — - Cloud Access Connector - Cloud Access Connector Legacy 7.5 -2021-02-11
CVE-2020-10048 SIMATIC PCS 7 和 SIMATIC WinCC 授权问题漏洞 — SIMATIC PCS 7 7.1 -2021-02-09
CVE-2020-10148 SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands — Orion Platform 9.8 -2020-12-29
CVE-2020-17409 mini_httpd 安全漏洞 — Multiple Routers 6.5 -2020-10-13
CVE-2020-10283 RVD#3317: MAVLink version handshaking allows for an attacker to bypass authentication — MAVLink 9.8 -2020-08-20
CVE-2020-5384 RSA MFA Agent 授权问题漏洞 — RSA Authentication Agent for Microsoft Windows 8.4 High2020-07-31
CVE-2020-15633 D-Link DIR-867和DIR-878 安全漏洞 — Multiple Routers 8.8 -2020-07-23
CVE-2020-14485 OpenClinic GA 授权问题漏洞 — OpenClinic GA 9.8 -2020-07-20
CVE-2020-14477 Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel — Ultrasound ClearVue 3.6 Low2020-06-26
CVE-2020-4050 set-screen-option filter misuse by plugins leading to privilege escalation in WordPress — wordpress-develop 3.5 Low2020-06-12
CVE-2020-6091 爱普生 EPSON EB-1470Ui 授权问题漏洞 — Epson 7.5 -2020-05-22
CVE-2020-11005 Internal NCryptDecrypt method could be used externally from WindowsHello library. — WindowsHello 5.1 Medium2020-04-14
CVE-2020-1637 Junos OS: SRX Series: Unified Access Control (UAC) bypass vulnerability — Junos OS 7.2 High2020-04-08
CVE-2020-1618 Junos OS: EX and QFX Series: Console port authentication bypass vulnerability — Junos OS 6.3 Medium2020-04-08
CVE-2019-5165 Moxa AWK-3131A 授权问题漏洞 — Moxa 7.2 -2020-02-25
CVE-2019-9510 Microsoft Windows RDP can bypass the Windows lock screen — Windows 10 or newer system using RDP 5.3 Medium2020-01-15
CVE-2019-5486 GitLab 授权问题漏洞 — GitLab CE/EE 9.8 -2019-12-18
CVE-2019-18250 ABB Power Generation Information Manager和Plant Connect 授权问题漏洞 — ABB Power Generation Information Manager (PGIM) and Plant Connect All Versions 8.1 -2019-11-25
CVE-2019-3758 Dell EMC RSA Archer 授权问题漏洞 — RSA Archer 9.8 -2019-09-18
CVE-2019-5473 GitLab 授权问题漏洞 — gitlab.com 7.2 -2019-09-09

Vulnerabilities classified as CWE-288 (使用候选路径或通道进行的认证绕过) represent 435 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.