Vulnerabilities (CVE)

Filtered by CWE-592
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3899 2 Heketi Project, Redhat 2 Heketi, Openshift Container Platform 2024-11-21 7.5 HIGH 9.8 CRITICAL
It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift Container Platform 3.11.
CVE-2018-14643 1 Theforeman 1 Foreman 2024-11-21 10.0 HIGH 9.8 CRITICAL
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.
CVE-2017-7537 2 Dogtagpki, Redhat 4 Dogtagpki, Enterprise Linux Desktop, Enterprise Linux Server and 1 more 2024-11-21 5.0 MEDIUM 5.9 MEDIUM
It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates.
CVE-2024-42759 2024-09-10 N/A 6.3 MEDIUM
An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint.
CVE-2024-38884 2024-08-07 N/A 7.8 HIGH
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms