Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

access:pre-auth — CVE vulnerabilities tagged 19402

19402 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE IDTitleCVSSSeverityPublished
CVE-2022-1070 CHANNEL ACCESSIBLE BY NON-ENDPOINT CWE-300 — TUG Home Base Server 8.2 High2022-10-21
CVE-2022-1059 CROSS-SITE SCRIPTING CWE-79 — TUG Home Base Server 8.2 High2022-10-21
CVE-2022-26423 MISSING AUTHORIZATION CWE-862 — TUG Home Base Server 8.2 High2022-10-21
CVE-2022-1066 MISSING AUTHORIZATION CWE-862 — TUG Home Base Server 8.2 High2022-10-21
CVE-2022-43400 Siemens Siveillance Video Mobile Server 授权问题漏洞 — Siveillance Video Mobile Server V2022 R2CWE-1390 9.8 -2022-10-21
CVE-2022-43421 Jenkins Tuleap Git Branch Source Plugin 安全漏洞 — Jenkins Tuleap Git Branch Source Plugin 7.5 -2022-10-19
CVE-2016-20016 MV POWER CCTV DVR 安全漏洞 — n/a 9.8 -2022-10-19
CVE-2016-20017 D-Link DSL-2750B 命令注入漏洞 — n/a 9.8 -2022-10-19
CVE-2022-39058 Changing Information Technology Inc. RAVA certificate validation system - Path Traversal — RAVA certificate validation systemCWE-22 7.5 High2022-10-18
CVE-2022-39056 Changing Information Technology Inc. RAVA certificate validation system - SQL Injection — RAVA certificate validation systemCWE-89 9.8 Critical2022-10-18
CVE-2022-39055 Changing Information Technology Inc. RAVA certificate validation system - Server-Side Request Forgery (SSRF) — RAVA certificate validation systemCWE-918 5.3 Medium2022-10-18
CVE-2022-22250 Junos OS and Junos OS Evolved: An FPC crash might be seen due to an EVPN MAC entry moving from local to remote — Junos OS 6.5 Medium2022-10-18
CVE-2022-22249 Junos OS: MX Series: An FPC crash might be seen due to mac-moves within the same bridge domain — Junos OS 6.5 Medium2022-10-18
CVE-2022-22247 Junos OS Evolved: Kernel processing of unvalidated TCP segments could lead to a Denial of Service (DoS) — Junos OS EvolvedCWE-20 7.5 High2022-10-18
CVE-2022-22244 Junos OS: Unauthenticated XPath Injection vulnerability in J-Web — Junos OSCWE-91 5.3 Medium2022-10-18
CVE-2022-22242 Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web — Junos OSCWE-79 6.1 Medium2022-10-18
CVE-2022-22241 Junos OS: Vulnerability in J-Web may allow deserialization without authentication — Junos OSCWE-20 8.1 High2022-10-18
CVE-2022-22238 Junos OS and Junos OS Evolved: The rpd process will crash when a malformed incoming RESV message is processed — Junos OSCWE-754 5.3 Medium2022-10-18
CVE-2022-22237 Junos OS: Peers not configured for TCP-AO can establish a BGP or LDP session even if authentication is configured locally — Junos OSCWE-287 6.5 Medium2022-10-18
CVE-2022-22236 Junos OS: SRX Series and MX Series: When specific valid SIP packets are received the PFE will crash — Junos OSCWE-824 7.5 High2022-10-18
CVE-2022-22235 Junos OS: SRX Series: A flowd core will be observed when malformed GPRS traffic is processed — Junos OSCWE-754 5.9 Medium2022-10-18
CVE-2022-22232 SRX Series: If Unified Threat Management (UTM) Enhanced Content Filtering (CF) is enabled and specific traffic is processed the PFE will crash — Junos OSCWE-476 7.5 High2022-10-18
CVE-2022-22231 SRX Series: If UTM Enhanced Content Filtering and AntiVirus are enabled, and specific traffic is processed the PFE will crash — Junos OSCWE-690 7.5 High2022-10-18
CVE-2022-22230 Junos OS and Junos OS Evolved: RPD crash upon receipt of specific OSPFv3 LSAs — Junos OSCWE-20 6.5 Medium2022-10-18
CVE-2022-22227 Junos OS Evolved: ACX7000 Series: Specific IPv6 transit traffic gets exceptioned to the routing-engine which causes increased CPU utilization — Junos OS EvolvedCWE-754 5.3 Medium2022-10-18
CVE-2022-22226 Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash — Junos OSCWE-789 6.5 Medium2022-10-18
CVE-2022-22225 Junos OS and Junos OS Evolved: In a BGP multipath scenario, when one of the contributing routes is flapping often and rapidly, rpd may crash — Junos OS 5.9 Medium2022-10-18
CVE-2022-22224 Junos OS and Junos OS Evolved: PPMD goes into infinite loop upon receipt of malformed OSPF TLV — Junos OSCWE-703 6.5 Medium2022-10-18
CVE-2022-22220 Junos OS and Junos OS Evolved: Due to a race condition the rpd process can crash upon receipt of a BGP update message containing flow spec route — Junos OSCWE-367 5.9 Medium2022-10-18
CVE-2022-22218 Junos OS: SRX Series: Upon processing of a genuine packet the pkid process will crash during CMPv2 auto-re-enrollment — Junos OS 7.5 High2022-10-18

Vulnerabilities classified as access:pre-auth represent 19402 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.