Total
3419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7112 | 1 Siemens | 2 En100 Ethernet Module, En100 Ethernet Module Firmware | 2018-03-23 | N/A |
| A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Attackers with network access to the device's web interface (port 80/tcp) could possibly circumvent authentication and perform certain administrative operations. | ||||
| CVE-2013-6171 | 1 Dovecot | 1 Dovecot | 2018-03-16 | N/A |
| checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server. | ||||
| CVE-2011-4973 | 1 Mod Nss Project | 1 Mod Nss | 2018-03-15 | N/A |
| Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. | ||||
| CVE-2017-6199 | 1 Sandstorm | 1 Sandstorm | 2018-03-13 | N/A |
| A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field. | ||||
| CVE-2018-6569 | 1 West-wind | 1 Web Connection | 2018-03-13 | N/A |
| West Wind Web Server 6.x does not require authentication for /ADMIN.ASP. | ||||
| CVE-2017-12549 | 3 Hp, Linux, Microsoft | 3 System Management Homepage, Linux Kernel, Windows | 2018-03-02 | N/A |
| A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found. | ||||
| CVE-2018-3601 | 1 Trendmicro | 1 Control Manager | 2018-02-27 | N/A |
| A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. | ||||
| CVE-2017-15351 | 1 Huawei | 2 Honor V9 Play, Honor V9 Play Firmware | 2018-02-26 | N/A |
| The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally. | ||||
| CVE-2018-5794 | 1 Extremewireless | 1 Wing | 2018-02-22 | N/A |
| An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is No Authentication for the AeroScout Service via a crafted UDP packet. | ||||
| CVE-2011-4068 | 1 Packetfence | 1 Packetfence | 2018-02-21 | N/A |
| The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | ||||
| CVE-2017-5791 | 1 Hp | 1 Intelligent Management Center Plat | 2018-02-17 | N/A |
| The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI. | ||||
| CVE-2017-1000354 | 1 Jenkins | 1 Jenkins | 2018-02-15 | N/A |
| Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance. | ||||
| CVE-2017-3765 | 2 Ibm, Lenovo | 30 1g L2-7 Slb Switch For Bladecenter, Bladecenter 1\, Bladecenter Layer 2\/3 Copper Ethernet Switch Module and 27 more | 2018-02-06 | N/A |
| In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted. | ||||
| CVE-2017-15883 | 1 Progress | 1 Sitefinity | 2018-02-01 | N/A |
| Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography. | ||||
| CVE-2014-6435 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2018-01-31 | N/A |
| cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity reset) via a direct request. | ||||
| CVE-2017-15548 | 1 Emc | 3 Avamar Server, Integrated Data Protection Appliance, Networker | 2018-01-18 | N/A |
| An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. | ||||
| CVE-2018-3810 | 1 Oturia | 1 Smart Google Code Inserter | 2018-01-16 | N/A |
| Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code. | ||||
| CVE-2017-17777 | 1 Paid To Read Script Project | 1 Paid To Read Script | 2018-01-12 | N/A |
| Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter. | ||||
| CVE-2014-0121 | 2 Hawt, Redhat | 2 Hawtio, Jboss Fuse | 2018-01-11 | N/A |
| The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. | ||||
| CVE-2012-1840 | 1 Ajaxplorer | 1 Ajaxplorer | 2018-01-10 | N/A |
| AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly perform cookie authentication, which allows remote attackers to obtain login access by leveraging knowledge of a password hash. | ||||