Total
4027 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1888 | 1 Freebsd | 1 Freebsd | 2025-04-20 | N/A |
| The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." | ||||
| CVE-2017-6034 | 1 Schneider-electric | 2 Modbus, Modbus Firmware | 2025-04-20 | N/A |
| An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download. | ||||
| CVE-2016-1502 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | N/A |
| NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | ||||
| CVE-2017-17435 | 1 Vaulteksafe | 2 Vt20i, Vt20i Firmware | 2025-04-20 | N/A |
| An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request, the safe does not check the PIN code, so an attacker can obtain authorization using any value. Once an attacker sees the Bluetooth Low Energy (BLE) advertisement for the safe, they need only to write a BLE characteristic to enable notifications, and send a crafted getAuthor packet that returns a temporary key, and an unlock packet including that temporary key. The safe then opens after the unlock packet is processed, with no verification of PIN or other credentials. | ||||
| CVE-2017-17434 | 2 Debian, Samba | 2 Debian Linux, Rsync | 2025-04-20 | N/A |
| The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in "xname follows" strings (in the read_ndx_and_attrs function in rsync.c), which allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2017-10873 | 1 Osstech | 1 Openam | 2025-04-20 | 8.1 High |
| OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. | ||||
| CVE-2017-17433 | 2 Debian, Samba | 2 Debian Linux, Rsync | 2025-04-20 | N/A |
| The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2017-16953 | 1 Zte | 2 Zxdsl 831cii, Zxdsl 831cii Firmware | 2025-04-20 | N/A |
| connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request. | ||||
| CVE-2015-3206 | 1 Apple | 1 Pykerberos | 2025-04-20 | N/A |
| The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. | ||||
| CVE-2016-2102 | 1 Haproxy | 1 Haproxy | 2025-04-20 | N/A |
| HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | ||||
| CVE-2015-7871 | 3 Debian, Netapp, Ntp | 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more | 2025-04-20 | 9.8 Critical |
| Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | ||||
| CVE-2007-6759 | 1 Dataprobe | 2 Ibootbar, Ibootbar Firmware | 2025-04-20 | N/A |
| Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCRABBIT cookie. | ||||
| CVE-2017-12251 | 1 Cisco | 1 Cloud Services Platform 2100 | 2025-04-20 | N/A |
| A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vulnerability is due to weaknesses in the generation of certain authentication mechanisms in the URL of the web console. An attacker could exploit this vulnerability by browsing to one of the hosted VMs' URLs in Cisco CSP and viewing specific patterns that control the web application's mechanisms for authentication control. An exploit could allow the attacker to access a specific VM on the CSP, which causes a complete loss of the system's confidentiality, integrity, and availability. This vulnerability affects Cisco Cloud Services Platform (CSP) 2100 running software release 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, or 2.2.2. Cisco Bug IDs: CSCve64690. | ||||
| CVE-2014-9952 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | ||||
| CVE-2012-0803 | 1 Apache | 1 Cxf | 2025-04-20 | N/A |
| The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. | ||||
| CVE-2017-5192 | 1 Saltstack | 1 Salt | 2025-04-20 | N/A |
| When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed. | ||||
| CVE-2017-8403 | 1 360fly | 2 4k Camera, 4k Camera Firmware | 2025-04-20 | N/A |
| 360fly 4K cameras allow unauthenticated Wi-Fi password changes and complete access with REST by using the Bluetooth Low Energy pairing procedure, which is available at any time and does not require a password. This affects firmware 2.1.4. Exploitation can use the 360fly Android or iOS application, or the BlueZ gatttool program. | ||||
| CVE-2015-1401 | 1 Ldap \/ Sso Authentication Project | 1 Ldap \/ Sso Authentication | 2025-04-20 | N/A |
| Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | ||||
| CVE-2015-1778 | 1 Opendaylight | 1 Opendaylight | 2025-04-20 | N/A |
| The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. | ||||
| CVE-2017-3167 | 6 Apache, Apple, Debian and 3 more | 17 Http Server, Mac Os X, Debian Linux and 14 more | 2025-04-20 | 9.8 Critical |
| In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | ||||