Total
3944 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9952 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | |||||
| CVE-2017-2765 | 1 Emc | 1 Isilon Insightiq | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system. | |||||
| CVE-2017-14147 | 1 Fiberhome | 2 Adsl An1020-25, Adsl An1020-25 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password. | |||||
| CVE-2017-9314 | 1 Dahuasecurity | 44 Nvr5208-4ks2, Nvr5208-4ks2 Firmware, Nvr5208-8p-4ks2 and 41 more | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message. | |||||
| CVE-2017-9542 | 2 D-link, Dlink | 2 Dir-615 Firmware, Dir-615 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation of this issue allows an attacker to take control of the affected device. | |||||
| CVE-2016-7145 | 1 Nefarious2 Project | 1 Nefarious2 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | |||||
| CVE-2017-17435 | 1 Vaulteksafe | 2 Vt20i, Vt20i Firmware | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request, the safe does not check the PIN code, so an attacker can obtain authorization using any value. Once an attacker sees the Bluetooth Low Energy (BLE) advertisement for the safe, they need only to write a BLE characteristic to enable notifications, and send a crafted getAuthor packet that returns a temporary key, and an unlock packet including that temporary key. The safe then opens after the unlock packet is processed, with no verification of PIN or other credentials. | |||||
| CVE-2017-9946 | 1 Siemens | 8 Apogee Pxc, Apogee Pxc Firmware, Apogee Pxc Modular and 5 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. | |||||
| CVE-2016-9463 | 2 Nextcloud, Owncloud | 2 Nextcloud Server, Owncloud | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability. | |||||
| CVE-2017-1520 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2025-04-20 | 4.3 MEDIUM | 3.7 LOW |
| IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830. | |||||
| CVE-2017-14706 | 1 Denyall | 2 I-suite, Web Application Firewall | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. | |||||
| CVE-2017-5554 | 1 Oneplus | 3 Oneplus 3, Oneplus 3t, Oxygenos | 2025-04-20 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive. | |||||
| CVE-2016-8022 | 1 Mcafee | 1 Virusscan Enterprise | 2025-04-20 | 5.1 MEDIUM | 7.5 HIGH |
| Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie. | |||||
| CVE-2017-14080 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | |||||
| CVE-2016-1908 | 4 Debian, Openbsd, Oracle and 1 more | 9 Debian Linux, Openssh, Linux and 6 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | |||||
| CVE-2016-4926 | 1 Juniper | 1 Junos Space | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. | |||||
| CVE-2017-8195 | 1 Huawei | 1 Fusionsphere Openstack | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message. | |||||
| CVE-2017-12316 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit enforcement. An attacker could exploit this vulnerability by sending modified login attempts to the Guest Portal login page. An exploit could allow the attacker to perform brute-force password attacks on the ISE Guest Portal. Cisco Bug IDs: CSCve98518. | |||||
| CVE-2007-6760 | 1 Dataprobe | 2 Ibootbar, Ibootbar Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie. | |||||
| CVE-2017-7934 | 1 Osisoft | 1 Pi Data Archive | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Network Manager using older protocol versions contains a flaw that could allow a malicious user to authenticate with a server and then cause PI Network Manager to behave in an undefined manner. | |||||