Total
3803 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7746 | 1 Netapp | 1 Data Ontap | 2025-04-20 | N/A |
| NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | ||||
| CVE-2015-7871 | 3 Debian, Netapp, Ntp | 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more | 2025-04-20 | 9.8 Critical |
| Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | ||||
| CVE-2015-8308 | 1 Lxdm Project | 1 Lxdm | 2025-04-20 | N/A |
| LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | ||||
| CVE-2015-8332 | 1 Huawei | 4 Vcm5010, Vcm5010 Firmware, Vcm5020 and 1 more | 2025-04-20 | N/A |
| Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." | ||||
| CVE-2015-4464 | 1 Kguardsecurity | 4 Kg-sha104, Kg-sha104 Firmware, Kg-sha108 and 1 more | 2025-04-20 | N/A |
| Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. | ||||
| CVE-2015-6237 | 1 Tripwire | 1 Ip360 | 2025-04-20 | N/A |
| The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands." | ||||
| CVE-2015-6816 | 2 Fedoraproject, Ganglia | 2 Fedora, Ganglia-web | 2025-04-20 | N/A |
| ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | ||||
| CVE-2015-6817 | 1 Pgbouncer | 1 Pgbouncer | 2025-04-20 | N/A |
| PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username. | ||||
| CVE-2015-7224 | 1 Puppet | 1 Puppetlabs-mysql | 2025-04-20 | N/A |
| puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask. | ||||
| CVE-2015-1401 | 1 Ldap \/ Sso Authentication Project | 1 Ldap \/ Sso Authentication | 2025-04-20 | N/A |
| Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | ||||
| CVE-2015-1778 | 1 Opendaylight | 1 Opendaylight | 2025-04-20 | N/A |
| The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination. | ||||
| CVE-2015-2880 | 1 Trendnet | 1 Tv-ip743sic | 2025-04-20 | N/A |
| TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the backdoor root account. | ||||
| CVE-2015-3206 | 1 Apple | 1 Pykerberos | 2025-04-20 | N/A |
| The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other unspecified impact by performing a man-in-the-middle attack. | ||||
| CVE-2015-3442 | 1 Soreco | 1 Xpert.line | 2025-04-20 | N/A |
| Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. | ||||
| CVE-2014-9952 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | ||||
| CVE-2017-6869 | 1 Siemens | 1 Viewport For Web Office Portal | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens ViewPort for Web Office Portal before revision number 1453 that could allow an unauthenticated remote user to upload arbitrary code and execute it with the permissions of the operating-system user running the web server by sending specially crafted network packets to port 443/TCP or port 80/TCP. | ||||
| CVE-2017-14003 | 1 Lavalink | 2 Ether-serial Link, Ether-serial Link Firmware | 2025-04-20 | N/A |
| An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator. | ||||
| CVE-2017-14018 | 1 Ethicon | 2 Endo-surgery Generator Gen11, Endo-surgery Generator Gen11 Firmware | 2025-04-20 | N/A |
| An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability. | ||||
| CVE-2017-14032 | 1 Arm | 1 Mbed Tls | 2025-04-20 | N/A |
| ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. NOTE: although mbed TLS was formerly known as PolarSSL, the releases shipped with the PolarSSL name are not affected. | ||||
| CVE-2014-9618 | 1 Netsweeper | 1 Netsweeper | 2025-04-20 | N/A |
| The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. | ||||