Search Results (4545 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-1002024 1 Kindsoft 2 Kind Editor, Kindeditor 2025-04-20 N/A
Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/upload_json.php does not check authentication before allow users to upload files.
CVE-2016-4926 1 Juniper 1 Junos Space 2025-04-20 N/A
Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.
CVE-2017-10601 1 Juniper 1 Junos 2025-04-20 N/A
A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2.
CVE-2017-10709 2 Elephone, Google 2 P9000, Android 2025-04-20 N/A
The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.
CVE-2017-14018 1 Ethicon 2 Endo-surgery Generator Gen11, Endo-surgery Generator Gen11 Firmware 2025-04-20 N/A
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.
CVE-2017-12160 1 Redhat 3 Jboss Single Sign On, Keycloak, Red Hat Single Sign On 2025-04-20 7.2 High
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
CVE-2017-14003 1 Lavalink 2 Ether-serial Link, Ether-serial Link Firmware 2025-04-20 N/A
An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator.
CVE-2017-14000 1 Ctekproducts 4 Skyrouter Z4200, Skyrouter Z4200 Firmware, Skyrouter Z4400 and 1 more 2025-04-20 N/A
An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without authenticating.
CVE-2015-7224 1 Puppet 1 Puppetlabs-mysql 2025-04-20 N/A
puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.
CVE-2014-9952 1 Google 1 Android 2025-04-20 N/A
In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.
CVE-2014-0097 1 Vmware 1 Spring Security 2025-04-20 N/A
The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authenticate a user who supplies an empty password.
CVE-2017-13995 1 Spidercontrol 1 Ininet Webserver 2025-04-20 N/A
An Improper Authentication issue was discovered in iniNet Solutions iniNet Webserver, all versions prior to V2.02.0100. The webserver does not properly authenticate users, which may allow a malicious attacker to access sensitive information such as HMI pages or modify PLC variables.
CVE-2017-13984 1 Hp 1 Bsm Platform Application Performance Management System Health 2025-04-20 N/A
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.
CVE-2017-13983 1 Hp 1 Bsm Platform Application Performance Management System Health 2025-04-20 N/A
An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication.
CVE-2017-13872 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.
CVE-2016-4863 1 Toshiba 1 Flashair 2025-04-20 N/A
The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data.
CVE-2017-12819 1 Sentinel 1 Sentinel Ldk Rte Firmware 2025-04-20 N/A
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55.
CVE-2016-2102 1 Haproxy 1 Haproxy 2025-04-20 N/A
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.
CVE-2017-12281 1 Cisco 12 Aironet 1800 Firmware, Aironet 1830e, Aironet 1830i and 9 more 2025-04-20 N/A
A vulnerability in the implementation of Protected Extensible Authentication Protocol (PEAP) functionality for standalone configurations of Cisco Aironet 1800, 2800, and 3800 Series Access Points could allow an unauthenticated, adjacent attacker to bypass authentication and connect to an affected device. The vulnerability exists because the affected device uses an incorrect default configuration setting of fail open when running in standalone mode. An attacker could exploit this vulnerability by attempting to connect to an affected device. A successful exploit could allow the attacker to bypass authentication and connect to the affected device. This vulnerability affects Cisco Aironet 1800, 2800, and 3800 Series Access Points that are running a vulnerable software release and use WLAN configuration settings that include FlexConnect local switching and central authentication with MAC filtering. Cisco Bug IDs: CSCvd46314.
CVE-2017-12251 1 Cisco 1 Cloud Services Platform 2100 2025-04-20 N/A
A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vulnerability is due to weaknesses in the generation of certain authentication mechanisms in the URL of the web console. An attacker could exploit this vulnerability by browsing to one of the hosted VMs' URLs in Cisco CSP and viewing specific patterns that control the web application's mechanisms for authentication control. An exploit could allow the attacker to access a specific VM on the CSP, which causes a complete loss of the system's confidentiality, integrity, and availability. This vulnerability affects Cisco Cloud Services Platform (CSP) 2100 running software release 2.1.0, 2.1.1, 2.1.2, 2.2.0, 2.2.1, or 2.2.2. Cisco Bug IDs: CSCve64690.