Total
4061 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4432 | 1 Apache | 1 Qpid Broker-j | 2025-04-12 | 9.1 Critical |
| The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging. | ||||
| CVE-2016-4860 | 1 Yokogawa | 1 Stardom Fcn\/fcj | 2025-04-12 | N/A |
| Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command. | ||||
| CVE-2015-7285 | 1 Csl Dualcom | 2 Gprs, Gprs Cs2300-r Firmware | 2025-04-12 | N/A |
| CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response. | ||||
| CVE-2015-6389 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | N/A |
| Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account's password, aka Bug ID CSCus62707. | ||||
| CVE-2014-2341 | 1 Cubecart | 1 Cubecart | 2025-04-12 | N/A |
| Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | ||||
| CVE-2016-10012 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-12 | N/A |
| The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local users to gain privileges by leveraging access to a sandboxed privilege-separation process, related to the m_zback and m_zlib data structures. | ||||
| CVE-2014-2653 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-12 | N/A |
| The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. | ||||
| CVE-2016-1356 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | N/A |
| Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. | ||||
| CVE-2016-1307 | 2 Zyxel, Zzinc | 2 Gs1900-10hp Firmware, Keymouse Firmware | 2025-04-12 | N/A |
| The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | ||||
| CVE-2016-1402 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2025-04-12 | N/A |
| The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. | ||||
| CVE-2016-1278 | 1 Juniper | 1 Junos | 2025-04-12 | N/A |
| Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. | ||||
| CVE-2016-2012 | 1 Hp | 1 Network Node Manager I | 2025-04-12 | N/A |
| HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to bypass authentication via unspecified vectors. | ||||
| CVE-2015-7914 | 1 Sauter | 1 Moduweb Vision | 2025-04-12 | N/A |
| Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. | ||||
| CVE-2016-0883 | 1 Pivotal Software | 1 Operations Manager | 2025-04-12 | N/A |
| Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation. | ||||
| CVE-2014-8424 | 1 Arris | 1 Vap2500 Firmware | 2025-04-12 | N/A |
| ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | ||||
| CVE-2015-8269 | 1 Fisher-price | 1 Smart Toy Bear | 2025-04-12 | N/A |
| The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number. | ||||
| CVE-2016-1000214 | 1 Ruckus | 1 Wireless H500 | 2025-04-12 | N/A |
| Ruckus Wireless H500 web management interface authentication bypass | ||||
| CVE-2016-2286 | 1 Moxa | 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more | 2025-04-12 | N/A |
| Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2015-7521 | 1 Apache | 1 Hive | 2025-04-12 | N/A |
| The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations. | ||||
| CVE-2015-6266 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | N/A |
| The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. | ||||