CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 237

237 vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-27349	Apache HugeGraph-Server: Bypass whitelist in Auth mode — Apache HugeGraph-Server	9.1	-	2024-04-22
CVE-2024-31863	Apache Zeppelin: Replacing other users notebook, bypassing any permissions — Apache Zeppelin	9.1^AI	Critical^AI	2024-04-09
CVE-2024-30191	Siemens SCALANCE W700产品系列安全漏洞 — SCALANCE W1748-1 M12	8.4	High	2024-04-09
CVE-2024-30190	Siemens SCALANCE W700产品系列安全漏洞 — SCALANCE W1748-1 M12	6.1	Medium	2024-04-09
CVE-2024-30189	Siemens SCALANCE W700产品系列安全漏洞 — SCALANCE W721-1 RJ45	6.1	Medium	2024-04-09
CVE-2024-29006	Apache CloudStack: x-forwarded-for HTTP header parsed by default — Apache CloudStack	8.1	-	2024-04-04
CVE-2024-22092	Bundlemanager has an authentication bypass vulnerability — OpenHarmony	7.7	High	2024-04-02
CVE-2024-28228	JetBrains YouTrack 安全漏洞 — YouTrack	5.3	Medium	2024-03-07
CVE-2024-22457	Dell Secure Connect Gateway 安全漏洞 — Secure Connect Gateway (SCG) 5.0 Appliance - SRS	7.1	High	2024-03-01
CVE-2024-21494	Caddy 安全漏洞 — github.com/greenpau/caddy-security	5.4	Medium	2024-02-17
CVE-2023-7169	Impersonate vendor signed Powershell scripts — Snow Inventory Agent	6.0	Medium	2024-02-08
CVE-2024-23832	Mastodon Remote user impersonation and takeover — mastodon	9.4	Critical	2024-02-01
CVE-2023-6044	Lenovo Vantage 安全漏洞 — Vantage	6.3	Medium	2024-01-19
CVE-2023-44117	Huawei HarmonyOS 安全漏洞 — HarmonyOS	7.5^AI	High^AI	2024-01-16
CVE-2023-4566	Huawei HarmonyOS 安全漏洞 — HarmonyOS	7.5^AI	High^AI	2024-01-16
CVE-2023-4001	Grub2: bypass the grub password protection feature — Red Hat Enterprise Linux 9	6.8	Medium	2024-01-15
CVE-2024-0454	Security Vulnerability on Match-on-Chip FPR Architecture — DELL Inspiron	6.0	Medium	2024-01-12
CVE-2023-49794	The logic of get apk path in KernelSU module can be bypassed — KernelSU	6.7	Medium	2024-01-02
CVE-2023-6263	Server Spoofing Vulnerability in NxCloud — NxCloud	8.3	High	2023-11-22
CVE-2023-3103	Authentication Bypass by Spoofing in Unitree Robotics A1 — A1	8.0	High	2023-11-22
CVE-2023-5801	Huawei HarmonyOS 安全漏洞 — HarmonyOS	9.1	-	2023-11-08
CVE-2023-20246	Cisco Catalys 和 Integrated Services Virtual Router 安全漏洞 — Cisco Firepower Threat Defense Software	5.8	Medium	2023-11-01
CVE-2023-20245	Cisco Firepower Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software	5.8	Medium	2023-11-01
CVE-2023-20256	Cisco Firepower Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software	5.0	Medium	2023-11-01
CVE-2023-28803	Traffic being bypassed by ZCC by configuring synthetic IP range as local network — Client Connector	5.9	Medium	2023-10-23
CVE-2023-30803	Sangfor Next-Gen Application Firewall Authentication Bypass — Net-Gen Application Firewall	9.8	Critical	2023-10-10
CVE-2023-41329	Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio — wiremock	3.9	Low	2023-09-06
CVE-2023-4178	Authentication Bypass in Neutron Smart VMS — Neutron Smart VMS	9.8	Critical	2023-09-05
CVE-2023-31424	Web authentication and authorization bypass — SANnav	8.1	High	2023-08-31
CVE-2023-30950	CVE-2023-30950 — com.palantir.campaigns:campaigns	6.5	Medium	2023-08-03

Vulnerabilities classified as CWE-290 (使用欺骗进行的认证绕过) represent 237 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-290 (使用欺骗进行的认证绕过) — Vulnerability Class 237