Total
3530 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3442 | 1 Soreco | 1 Xpert.line | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. | |||||
| CVE-2016-1219 | 1 Cybozu | 1 Garoon | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | |||||
| CVE-2017-8078 | 1 Tp-link | 2 Tl-sg108e, Tl-sg108e Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication (httpupg.cgi with a parameter called cmd). This affects the 1.1.2 Build 20141017 Rel.50749 firmware. | |||||
| CVE-2017-12160 | 1 Redhat | 1 Keycloak | 2025-04-20 | 6.5 MEDIUM | 7.2 HIGH |
| It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. | |||||
| CVE-2017-3745 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | 2.1 LOW | 7.8 HIGH |
| In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including administrative accounts and service accounts with administrative privileges. This is an issue only for users who have used local authentication with LXCA and not remote authentication against external LDAP or ADFS servers. | |||||
| CVE-2016-4484 | 1 Cryptsetup Project | 1 Cryptsetup | 2025-04-20 | 7.2 HIGH | 6.8 MEDIUM |
| The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. | |||||
| CVE-2015-6816 | 2 Fedoraproject, Ganglia | 2 Fedora, Ganglia-web | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | |||||
| CVE-2017-6703 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 4.0 MEDIUM | 5.9 MEDIUM |
| A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1. | |||||
| CVE-2017-13995 | 1 Spidercontrol | 1 Ininet Webserver | 2025-04-20 | 7.5 HIGH | 10.0 CRITICAL |
| An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables. | |||||
| CVE-2017-2319 | 1 Juniper | 1 Northstar Controller | 2025-04-20 | 7.5 HIGH | 8.3 HIGH |
| A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity without authentication, leading to managed systems being compromised or services being denied to authentic end users and systems as a result. | |||||
| CVE-2017-12281 | 1 Cisco | 12 Aironet 1800 Firmware, Aironet 1830e, Aironet 1830i and 9 more | 2025-04-20 | 5.4 MEDIUM | 7.5 HIGH |
| A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314. | |||||
| CVE-2017-12478 | 1 Kaseya | 1 Unitrends Backup | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. | |||||
| CVE-2017-16684 | 1 Sap | 1 Business Intelligence Promotion Management Application | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity. | |||||
| CVE-2017-10817 | 1 Intercom | 1 Malion | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server. | |||||
| CVE-2014-9952 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | |||||
| CVE-2016-1888 | 1 Freebsd | 1 Freebsd | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." | |||||
| CVE-2017-10601 | 1 Juniper | 1 Junos | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2. | |||||
| CVE-2017-5237 | 1 Eviewgps | 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!" | |||||
| CVE-2017-16689 | 1 Sap | 1 Sap Kernel | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same system, although no explicit Trusted/Trusting Relation to the same system has been defined. | |||||
| CVE-2017-6530 | 1 Televes | 2 Coaxdata Gateway 1gbps, Coaxdata Gateway 1gbps Firmware | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. | |||||