Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-305 (使用基本弱点进行的认证绕过) — Vulnerability Class 115

115 vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks — mist 8.4 High2022-09-26
CVE-2022-38064 windowmanager in window subsystem has a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. — OpenHarmony 6.2 Medium2022-09-09
CVE-2022-38081 Tokensync in security subsystem has a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. — OpenHarmony 6.2 Medium2022-09-09
CVE-2022-38700 multimedia subsystem has a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. — OpenHarmony 8.8 High2022-09-09
CVE-2022-2651 Authentication Bypass by Primary Weakness in bookwyrm-social/bookwyrm — bookwyrm-social/bookwyrm 9.8 -2022-08-04
CVE-2021-45031 Weak Authentication in Login Function of USC+ — USC+ 7.7 High2022-03-30
CVE-2022-0547 OpenVPN 授权问题漏洞 — OpenVPN 9.8 -2022-03-18
CVE-2022-23729 LG mobile 授权问题漏洞 — LG mobile devices 7.8 -2022-03-04
CVE-2022-0451 Auth bypass in Dark SDK — Dart SDK 6.5 Medium2022-02-18
CVE-2021-26726 Remote code execution in Valmet DNA before Collection 2021 — Valmet DNA 8.8 High2022-02-16
CVE-2021-28503 In Arista's EOS software affected releases, eAPI might skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. — Arista EOS 7.4 High2022-02-04
CVE-2021-3850 Authentication Bypass by Primary Weakness in adodb/adodb — adodb/adodb 9.8 -2022-01-25
CVE-2021-43175 GOautodial 授权问题漏洞 — GOautodial API 7.5 -2021-12-07
CVE-2021-3547 OpenVPN 信任管理问题漏洞 — OpenVPN 3 Core Library 7.4 -2021-07-12
CVE-2020-15077 OpenVPN 授权问题漏洞 — OpenVPN Access Server 5.9 -2021-06-04
CVE-2020-15078 OpenVPN 访问控制错误漏洞 — OpenVPN 5.9 -2021-04-26
CVE-2021-21403 Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server — server 7.5 High2021-03-26
CVE-2020-14359 Red Hat Keycloak 安全漏洞 — keycloak 8.2 -2021-02-23
CVE-2020-15787 Siemens Simatic Hmi 授权问题漏洞 — SIMATIC HMI Unified Comfort Panels 9.8 -2020-09-09
CVE-2020-10126 NCR SelfServ ATMs APTRA XFS 授权问题漏洞 — SelfServ ATM 7.6 -2020-08-21
CVE-2020-10123 NCR SelfServ ATMs APTRA XFS 授权问题漏洞 — SelfServ ATM 7.3 -2020-08-21
CVE-2020-10923 NETGEAR R6700 安全漏洞 — R6700 8.8 -2020-07-28
CVE-2020-11012 Authentication bypass MinIO Admin API — minio 9.3 Critical2020-04-23
CVE-2019-14833 Samba 安全漏洞 — samba 7.1 -2019-11-06
CVE-2019-3878 mod_auth_mellon 授权问题漏洞 — mod_auth_mellon 9.8 -2019-03-26

Vulnerabilities classified as CWE-305 (使用基本弱点进行的认证绕过) represent 115 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.