Total
3532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9124 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress. | |||||
| CVE-2017-9370 | 1 Blackberry | 1 Workspaces | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login requests to the server. | |||||
| CVE-2017-2186 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI. | |||||
| CVE-2017-9542 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. | |||||
| CVE-2016-5791 | 1 Jantek | 2 Jtc-200, Jtc-200 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication. | |||||
| CVE-2017-14003 | 1 Lavalink | 2 Ether-serial Link, Ether-serial Link Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator. | |||||
| CVE-2017-10623 | 1 Juniper | 1 Junos Space | 2025-04-20 | 6.8 MEDIUM | 7.1 HIGH |
| Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. | |||||
| CVE-2017-14080 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | |||||
| CVE-2017-9946 | 1 Siemens | 8 Apogee Pxc, Apogee Pxc Firmware, Apogee Pxc Modular and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. | |||||
| CVE-2017-8827 | 1 Genixcms | 1 Genixcms | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests. | |||||
| CVE-2017-8028 | 2 Debian, Pivotal Software | 2 Debian Linux, Spring-ldap | 2025-04-20 | 5.1 MEDIUM | 8.1 HIGH |
| In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy as the authentication strategy, and setting userSearch, authentication is allowed with an arbitrary password when the username is correct. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect. | |||||
| CVE-2017-8194 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. | |||||
| CVE-2017-12819 | 1 Sentinel | 1 Sentinel Ldk Rte Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55. | |||||
| CVE-2017-6617 | 1 Cisco | 1 Integrated Management Controller Supervisor | 2025-04-20 | 4.3 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583. | |||||
| CVE-2017-10815 | 1 Intercom | 1 Malion | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent. | |||||
| CVE-2016-1502 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
| NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | |||||
| CVE-2017-8861 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets. | |||||
| CVE-2017-12477 | 1 Kaseya | 1 Unitrends Backup | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. | |||||
| CVE-2016-8022 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
| Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie. | |||||
| CVE-2017-2721 | 1 Huawei | 22 Berlin-l21, Berlin-l21 Firmware, Berlin-l21hn and 19 more | 2025-04-20 | 2.1 LOW | 4.6 MEDIUM |
| Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | |||||