CWE-592
22 CVEs classified under CWE-592. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-43512 | Critical | 9.8 | 2026-05-12 | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11… |
CVE-2018-14643 | Critical | 9.8 | 2018-09-21 | An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitr… |
CVE-2019-14910 | Critical | 9.3 | 2019-12-05 | A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (… |
CVE-2019-14909 | Critical | 9.3 | 2019-12-04 | A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accept… |
CVE-2018-10933 | Critical | 9.1 | 2018-10-17 | A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first perform… |
CVE-2018-1085 | Critical | 9.0 | 2018-06-15 | openshift-ansible before versions 3.9.23, 3.7.46 deploys a misconfigured etcd file that causes the SSL client certificate authentication to be disabled. Quotat… |
CVE-2017-2684 | Critical | 9.0 | 2017-02-22 | Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected sy… |
CVE-2019-10201 | High | 8.1 | 2019-08-14 | It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and remove… |
CVE-2019-14843 | High | 7.5 | 2020-01-07 | A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app… |
CVE-2019-3899 | High | 7.3 | 2019-04-22 | It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only a… |
CVE-2023-30971 | Medium | 6.8 | 2025-12-19 | Gotham Gaia application was found to be exposing multiple unauthenticated endpoints. |
CVE-2019-10198 | Medium | 6.5 | 2019-07-31 | An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which perfo… |
CVE-2017-7537 | Medium | 5.9 | 2018-07-26 | It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attack… |
CVE-2018-10847 | Medium | 4.2 | 2018-07-30 | prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session r… |
CVE-2017-12164 | Medium | 4.1 | 2018-07-26 | A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an at… |
CVE-2016-8616 | Low | 3.7 | 2018-08-01 | A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the exist… |
CVE-2014-5432 | | 2019-03-26 | Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH withou… | |
CVE-2017-2650 | | 2018-07-27 | It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well… | |
CVE-2016-8371 | | 2018-04-05 | The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled. | |
CVE-2017-7536 | | 2018-01-10 | In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to acc… |