Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13983 | 1 Hp | 1 Bsm Platform Application Performance Management System Health | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. | |||||
| CVE-2017-10815 | 1 Intercom | 1 Malion | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent. | |||||
| CVE-2017-5152 | 1 Advantech | 1 Webaccess | 2025-04-20 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS). | |||||
| CVE-2017-5640 | 1 Apache | 1 Impala | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| It was noticed that a malicious process impersonating an Impala daemon in Apache Impala (incubating) 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled (but TLS is not). If the malicious server responds with 'COMPLETE' before the SASL handshake has completed, the client will consider the handshake as completed even though no exchange of credentials has happened. | |||||
| CVE-2017-9100 | 1 Dlink | 2 Dir-600m, Dir-600m Firmware | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt. | |||||
| CVE-2016-4863 | 1 Toshiba | 1 Flashair | 2025-04-20 | 3.3 LOW | 4.3 MEDIUM |
| The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data. | |||||
| CVE-2017-3831 | 1 Cisco | 8 Aironet 1810, Aironet 1810w, Aironet 1815i and 5 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. This vulnerability affects Cisco Mobility Express 1800 Series Access Points running a software version prior to 8.2.110.0. Cisco Bug IDs: CSCuy68219. | |||||
| CVE-2016-10309 | 1 Ceragon | 2 Fibeair Ip-10, Fibeair Ip-10 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. | |||||
| CVE-2017-7660 | 1 Apache | 1 Solr | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Solr uses a PKI based mechanism to secure inter-node communication when security is enabled. It is possible to create a specially crafted node name that does not exist as part of the cluster and point it to a malicious node. This can trick the nodes in cluster to believe that the malicious node is a member of the cluster. So, if Solr users have enabled BasicAuth authentication mechanism using the BasicAuthPlugin or if the user has implemented a custom Authentication plugin, which does not implement either "HttpClientInterceptorPlugin" or "HttpClientBuilderPlugin", his/her servers are vulnerable to this attack. Users who only use SSL without basic authentication or those who use Kerberos are not affected. | |||||
| CVE-2015-8308 | 1 Lxdm Project | 1 Lxdm | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | |||||
| CVE-2017-12281 | 1 Cisco | 12 Aironet 1800 Firmware, Aironet 1830e, Aironet 1830i and 9 more | 2025-04-20 | 5.4 MEDIUM | 7.5 HIGH |
| A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314. | |||||
| CVE-2014-0097 | 1 Vmware | 1 Spring Security | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
| The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password. | |||||
| CVE-2017-3880 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 6.4 MEDIUM | 6.5 MEDIUM |
| An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge. | |||||
| CVE-2015-1778 | 1 Opendaylight | 1 Opendaylight | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. | |||||
| CVE-2017-6967 | 1 Neutrinolabs | 1 Xrdp | 2025-04-20 | 7.5 HIGH | 7.3 HIGH |
| xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. | |||||
| CVE-2014-9611 | 1 Netsweeper | 1 Netsweeper | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php. | |||||
| CVE-2014-7858 | 2 D-link, Dlink | 2 Dnr-326 Firmware, Dnr-326 | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | |||||
| CVE-2017-3795 | 1 Cisco | 1 Webex Meetings Server | 2025-04-20 | 6.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12. | |||||
| CVE-2012-0803 | 1 Apache | 1 Cxf | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. | |||||
| CVE-2017-7920 | 1 Abb | 4 Vsn300, Vsn300 Firmware, Vsn300 For React and 1 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access internal information about status and connected devices without authenticating. | |||||