Total
4061 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-7930 | 1 Osisoft | 1 Pi Data Archive | 2025-04-20 | N/A |
| An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server within a collective. | ||||
| CVE-2017-1000020 | 3 Ecos, Greatek, Totolink | 3 Embedded Web Servers, Soho, Soho | 2025-04-20 | N/A |
| SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others." | ||||
| CVE-2015-7224 | 1 Puppet | 1 Puppetlabs-mysql | 2025-04-20 | N/A |
| puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask. | ||||
| CVE-2017-1000106 | 1 Jenkins | 1 Blue Ocean | 2025-04-20 | N/A |
| Blue Ocean allows the creation of GitHub organization folders that are set up to scan a GitHub organization for repositories and branches containing a Jenkinsfile, and create corresponding pipelines in Jenkins. Its SCM content REST API supports the pipeline creation and editing feature in Blue Ocean. The SCM content REST API did not check the current user's authentication or credentials. If the GitHub organization folder was created via Blue Ocean, it retained a reference to its creator's GitHub credentials. This allowed users with read access to the GitHub organization folder to create arbitrary commits in the repositories inside the GitHub organization corresponding to the GitHub organization folder with the GitHub credentials of the creator of the organization folder. Additionally, users with read access to the GitHub organization folder could read arbitrary file contents from the repositories inside the GitHub organization corresponding to the GitHub organization folder if the branch contained a Jenkinsfile (which could be created using the other part of this vulnerability), and they could provide the organization folder name, repository name, branch name, and file name. | ||||
| CVE-2017-14032 | 1 Arm | 1 Mbed Tls | 2025-04-20 | N/A |
| ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. | ||||
| CVE-2017-8214 | 1 Huawei | 18 Honor 8, Honor 8 Firmware, Honor 9 and 15 more | 2025-04-20 | N/A |
| Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toronto Huawei smart phones with software of versions earlier than FRD-AL00C00B391, versions earlier than FRD-DL00C00B391, versions earlier than KNT-AL10C00B391, versions earlier than KNT-AL20C00B391, versions earlier than KNT-UL10C00B391, versions earlier than KNT-TL10C00B391, versions earlier than Stanford-AL00C00B175, versions earlier than Stanford-AL10C00B175, versions earlier than Stanford-TL00C01B175, versions earlier than Duke-AL20C00B191, versions earlier than Duke-TL30C01B191, versions earlier than Picasso-AL00C00B162, versions earlier than Picasso-TL00C01B162 , versions earlier than Barca-AL00C00B162, versions earlier than Barca-TL00C00B162, versions earlier than EVA-AL10C00B396SP03, versions earlier than EVA-CL00C92B396, versions earlier than EVA-DL00C17B396, versions earlier than EVA-TL00C01B396 , versions earlier than Vicky-AL00AC00B172, versions earlier than Toronto-AL00AC00B191, versions earlier than Toronto-TL10C01B191 have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. | ||||
| CVE-2017-6413 | 2 Openidc, Redhat | 2 Mod Auth Openidc, Enterprise Linux | 2025-04-20 | N/A |
| The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "AuthType oauth20" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic. | ||||
| CVE-2017-6526 | 1 Dnatools | 1 Dnalims | 2025-04-20 | N/A |
| An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests). | ||||
| CVE-2017-14000 | 1 Ctekproducts | 4 Skyrouter Z4200, Skyrouter Z4200 Firmware, Skyrouter Z4400 and 1 more | 2025-04-20 | N/A |
| An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating. | ||||
| CVE-2016-8362 | 1 Moxa | 28 Awk-1121, Awk-1121 Firmware, Awk-1127 and 25 more | 2025-04-20 | N/A |
| An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL. | ||||
| CVE-2016-8638 | 2 Ipsilon Project, Redhat | 2 Ipsilon, Enterprise Linux | 2025-04-20 | N/A |
| A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also called a "SAML2 multi-session vulnerability." | ||||
| CVE-2017-13995 | 1 Spidercontrol | 1 Ininet Webserver | 2025-04-20 | N/A |
| An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables. | ||||
| CVE-2016-4863 | 1 Toshiba | 1 Flashair | 2025-04-20 | N/A |
| The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data. | ||||
| CVE-2016-8951 | 1 Ibm | 1 Emptoris Strategic Supply Management | 2025-04-20 | N/A |
| IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to a denial of service attack. An attacker can exploit a vulnerability in the authentication features that could log out users and flood user accounts with emails. IBM X-Force ID: 118838. | ||||
| CVE-2016-9369 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2025-04-20 | N/A |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. Firmware can be updated over the network without authentication, which may allow remote code execution. | ||||
| CVE-2016-2379 | 1 Pidgin | 1 Mxit | 2025-04-20 | N/A |
| The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | ||||
| CVE-2017-0100 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | N/A |
| A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation of Privilege Vulnerability." | ||||
| CVE-2017-14018 | 1 Ethicon | 2 Endo-surgery Generator Gen11, Endo-surgery Generator Gen11 Firmware | 2025-04-20 | N/A |
| An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability. | ||||
| CVE-2017-6781 | 1 Cisco | 1 Policy Suite | 2025-04-20 | N/A |
| A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affected system. The affected privilege level is not at the root level. The vulnerability is due to incorrect role-based access control (RBAC) for shell user accounts. An attacker could exploit this vulnerability by authenticating to an affected appliance and providing crafted user input via the CLI. A successful exploit could allow the attacker to acquire a higher privilege level than should have been granted. To exploit this vulnerability, the attacker must log in to the appliance with valid credentials. Cisco Bug IDs: CSCve37724. Known Affected Releases: 9.0.0, 9.1.0, 10.0.0, 11.0.0, 12.0.0. | ||||
| CVE-2007-6760 | 1 Dataprobe | 2 Ibootbar, Ibootbar Firmware | 2025-04-20 | N/A |
| Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie. | ||||