Export limit exceeded: 349385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349385 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11607 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12281 | 1 Cisco | 12 Aironet 1800 Firmware, Aironet 1830e, Aironet 1830i and 9 more | 2025-04-20 | N/A |
| A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314. | ||||
| CVE-2017-12340 | 1 Cisco | 1 Nx-os | 2025-04-20 | N/A |
| A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash shell is disabled on the system. The vulnerability is due to insufficient sanitization of user-supplied parameters that are passed to certain functions of the Python scripting sandbox of the affected system. An attacker could exploit this vulnerability to escape the scripting sandbox and enter the Bash shell of the operating system with the privileges of the authenticated user for the affected system. To exploit this vulnerability, the attacker must have local access to the affected system and be authenticated to the affected system with administrative or Python execution privileges. Cisco Bug IDs: CSCvd86513. | ||||
| CVE-2017-13995 | 1 Spidercontrol | 1 Ininet Webserver | 2025-04-20 | N/A |
| An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables. | ||||
| CVE-2017-14000 | 1 Ctekproducts | 4 Skyrouter Z4200, Skyrouter Z4200 Firmware, Skyrouter Z4400 and 1 more | 2025-04-20 | N/A |
| An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating. | ||||
| CVE-2017-14003 | 1 Lavalink | 2 Ether-serial Link, Ether-serial Link Firmware | 2025-04-20 | N/A |
| An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator. | ||||
| CVE-2017-14080 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | N/A |
| Authentication bypass vulnerability in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allows attackers to access a specific part of the console using a blank password. | ||||
| CVE-2017-14243 | 1 Utstar | 2 Wa3002g4, Wa3002g4 Firmware | 2025-04-20 | N/A |
| An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi, backupsettings.cgi, pppoe.cgi, resetrouter.cgi, and password.cgi. | ||||
| CVE-2017-14337 | 1 Misp-project | 1 Misp | 2025-04-20 | N/A |
| When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. | ||||
| CVE-2017-14377 | 1 Rsa | 1 Authentication Agent For Web | 2025-04-20 | N/A |
| EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass. | ||||
| CVE-2015-8332 | 1 Huawei | 4 Vcm5010, Vcm5010 Firmware, Vcm5020 and 1 more | 2025-04-20 | N/A |
| Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." | ||||
| CVE-2015-6237 | 1 Tripwire | 1 Ip360 | 2025-04-20 | N/A |
| The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands." | ||||
| CVE-2015-6023 | 1 Netcommwireless | 2 Hspa 3g10wve, Hspa 3g10wve Firmware | 2025-04-20 | N/A |
| ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. | ||||
| CVE-2015-3840 | 1 Google | 1 Android | 2025-04-20 | N/A |
| The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. | ||||
| CVE-2015-2880 | 1 Trendnet | 1 Tv-ip743sic | 2025-04-20 | N/A |
| TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | ||||
| CVE-2015-2800 | 1 Huawei | 14 Campus S5300, Campus S5700, Campus S6300 and 11 more | 2025-04-20 | N/A |
| The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restart) via vectors involving authentication, which trigger an array access violation. | ||||
| CVE-2015-1401 | 1 Ldap \/ Sso Authentication Project | 1 Ldap \/ Sso Authentication | 2025-04-20 | N/A |
| Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | ||||
| CVE-2015-1336 | 3 Canonical, Debian, Man-db Project | 3 Ubuntu Linux, Debian Linux, Man-db | 2025-04-20 | N/A |
| The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | ||||
| CVE-2015-0104 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2025-04-20 | N/A |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. | ||||
| CVE-2014-9961 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | ||||
| CVE-2014-9952 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | ||||