Total
3884 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4460 | 1 Apache | 1 Pony Mail | 2025-04-20 | N/A |
| Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | ||||
| CVE-2016-4484 | 1 Cryptsetup Project | 1 Cryptsetup | 2025-04-20 | N/A |
| The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. | ||||
| CVE-2016-5068 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2025-04-20 | N/A |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | ||||
| CVE-2016-2403 | 1 Sensiolabs | 1 Symfony | 2025-04-20 | N/A |
| Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. | ||||
| CVE-2016-2379 | 1 Pidgin | 1 Mxit | 2025-04-20 | N/A |
| The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain login access by eavesdropping on login messages and re-using the hashed passwords. | ||||
| CVE-2016-2102 | 1 Haproxy | 1 Haproxy | 2025-04-20 | N/A |
| HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | ||||
| CVE-2016-1908 | 4 Debian, Openbsd, Oracle and 1 more | 10 Debian Linux, Openssh, Linux and 7 more | 2025-04-20 | 9.8 Critical |
| The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | ||||
| CVE-2016-1888 | 1 Freebsd | 1 Freebsd | 2025-04-20 | N/A |
| The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." | ||||
| CVE-2016-1502 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | N/A |
| NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors. | ||||
| CVE-2012-0803 | 1 Apache | 1 Cxf | 2025-04-20 | N/A |
| The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. | ||||
| CVE-2016-10309 | 1 Ceragon | 2 Fibeair Ip-10, Fibeair Ip-10 Firmware | 2025-04-20 | N/A |
| In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser. | ||||
| CVE-2016-3176 | 1 Saltstack | 1 Salt | 2025-04-20 | N/A |
| Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | ||||
| CVE-2016-1219 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | ||||
| CVE-2015-8308 | 1 Lxdm Project | 1 Lxdm | 2025-04-20 | N/A |
| LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | ||||
| CVE-2015-8332 | 1 Huawei | 4 Vcm5010, Vcm5010 Firmware, Vcm5020 and 1 more | 2025-04-20 | N/A |
| Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability." | ||||
| CVE-2015-7746 | 1 Netapp | 1 Data Ontap | 2025-04-20 | N/A |
| NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language. | ||||
| CVE-2015-7871 | 3 Debian, Netapp, Ntp | 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more | 2025-04-20 | 9.8 Critical |
| Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | ||||
| CVE-2015-6816 | 2 Fedoraproject, Ganglia | 2 Fedora, Ganglia-web | 2025-04-20 | N/A |
| ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | ||||
| CVE-2015-6817 | 1 Pgbouncer | 1 Pgbouncer | 2025-04-20 | N/A |
| PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username. | ||||
| CVE-2015-6237 | 1 Tripwire | 1 Ip360 | 2025-04-20 | N/A |
| The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands." | ||||