Total
3676 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8861 | 1 Cohuhd | 2 3960hd, 3960hd Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Missing authentication for the remote configuration port 1236/tcp on the Cohu 3960HD allows an attacker to change configuration parameters such as IP address and username/password via specially crafted XML SOAP packets. | |||||
| CVE-2017-12477 | 1 Kaseya | 1 Unitrends Backup | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. | |||||
| CVE-2016-8022 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
| Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie. | |||||
| CVE-2017-2721 | 1 Huawei | 22 Berlin-l21, Berlin-l21 Firmware, Berlin-l21hn and 19 more | 2025-04-20 | 2.1 LOW | 4.6 MEDIUM |
| Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | |||||
| CVE-2017-5640 | 1 Apache | 1 Impala | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened. | |||||
| CVE-2017-12213 | 1 Cisco | 2 Catalyst 4000, Ios Xe | 2025-04-20 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751. | |||||
| CVE-2017-15293 | 1 Sap | 1 Point Of Sale Xpress Server | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064. | |||||
| CVE-2017-2738 | 1 Huawei | 2 Vcm5010, Vcm5010 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by sending a crafted HTTP request. 5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system. | |||||
| CVE-2017-1000154 | 1 Mahara | 1 Mahara | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended. | |||||
| CVE-2017-6104 | 1 Zen Mobile App Native Project | 1 Zen Mobile App Native | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0. | |||||
| CVE-2017-17560 | 1 Westerndigital | 2 My Cloud Pr4100, My Cloud Pr4100 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root. | |||||
| CVE-2016-9729 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-20 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545. | |||||
| CVE-2017-2768 | 1 Emc | 1 Smarts Network Configuration Manager | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-3167 | 6 Apache, Apple, Debian and 3 more | 15 Http Server, Mac Os X, Debian Linux and 12 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | |||||
| CVE-2017-0910 | 1 Zulip | 1 Zulip Server | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
| In Zulip Server before 1.7.1, on a server with multiple realms, a vulnerability in the invitation system lets an authorized user of one realm on the server create a user account on any other realm. | |||||
| CVE-2017-6413 | 1 Openidc | 1 Mod Auth Openidc | 2025-04-20 | 5.0 MEDIUM | 8.6 HIGH |
| The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | |||||
| CVE-2016-8362 | 1 Moxa | 28 Awk-1121, Awk-1121 Firmware, Awk-1127 and 25 more | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. | |||||
| CVE-2017-10807 | 1 Jabberd2 | 1 Jabberd2 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | |||||
| CVE-2017-14972 | 1 Infocus | 1 Mondopad | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when accessing uploaded files by entering Control-Alt-Delete, and then using Task Manager to reach a file. | |||||
| CVE-2017-16634 | 1 Joomla | 1 Joomla\! | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method. | |||||