Total
3373 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12213 | 1 Cisco | 2 Catalyst 4000, Ios Xe | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in the dynamic access control list (ACL) feature of Cisco IOS XE Software running on Cisco Catalyst 4000 Series Switches could allow an unauthenticated, adjacent attacker to cause dynamic ACL assignment to fail and the port to fail open. This could allow the attacker to pass traffic to the default VLAN of the affected port. The vulnerability is due to an uncaught error condition that may occur during the reassignment of the auth-default-ACL dynamic ACL to a switch port after 802.1x authentication fails. A successful exploit of this issue could allow a physically adjacent attacker to bypass 802.1x authentication and cause the affected port to fail open, allowing the attacker to pass traffic to the default VLAN of the affected switch port. Cisco Bug IDs: CSCvc72751. | |||||
| CVE-2017-12195 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices. | |||||
| CVE-2017-12160 | 1 Redhat | 1 Keycloak | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks. | |||||
| CVE-2017-11645 | 1 Netcomm | 2 4gt101w Bootloader, 4gt101w Software | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 do not require authentication for logfile.html, status.html, or system_config.html. | |||||
| CVE-2017-11430 | 1 Omniauth | 1 Omniauth Saml | 2024-11-21 | 7.5 HIGH | 7.7 HIGH |
| OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | |||||
| CVE-2017-11429 | 1 Clever | 1 Saml2-js | 2024-11-21 | 7.5 HIGH | 7.7 HIGH |
| Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | |||||
| CVE-2017-11428 | 1 Onelogin | 1 Ruby-saml | 2024-11-21 | 7.5 HIGH | 7.7 HIGH |
| OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | |||||
| CVE-2017-11427 | 1 Onelogin | 1 Pythonsaml | 2024-11-21 | 7.5 HIGH | 7.7 HIGH |
| OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | |||||
| CVE-2017-11151 | 1 Synology | 1 Photo Station | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action. | |||||
| CVE-2017-10903 | 1 Princeton | 2 Ptw-wms1, Ptw-wms1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. | |||||
| CVE-2017-10873 | 1 Osstech | 1 Openam | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider. | |||||
| CVE-2017-10817 | 1 Intercom | 1 Malion | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server. | |||||
| CVE-2017-10815 | 1 Intercom | 1 Malion | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authentication to execute arbitrary commands or operations on Terminal Agent. | |||||
| CVE-2017-10807 | 1 Jabberd2 | 1 Jabberd2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled. | |||||
| CVE-2017-10796 | 1 Tp-link | 2 Nc250, Nc250 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL. | |||||
| CVE-2017-10784 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. | |||||
| CVE-2017-10709 | 2 Elephone, Google | 2 P9000, Android | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess. | |||||
| CVE-2017-10623 | 1 Juniper | 1 Junos Space | 2024-11-21 | 6.8 MEDIUM | 7.1 HIGH |
| Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1. | |||||
| CVE-2017-10622 | 1 Juniper | 1 Junos Space | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote unauthenticated network based attacker to login as any privileged user. This issue only affects Junos Space Network Management Platform 17.1R1 without Patch v1 and 16.1 releases prior to 16.1R3. This issue was found by an external security researcher. | |||||
| CVE-2017-10601 | 1 Juniper | 1 Junos | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A specific device configuration can result in a commit failure condition. When this occurs, a user is logged in without being prompted for a password while trying to login through console, ssh, ftp, telnet or su, etc., This issue relies upon a device configuration precondition to occur. Typically, device configurations are the result of a trusted administrative change to the system's running configuration. The following error messages may be seen when this failure occurs: mgd: error: commit failed: (statements constraint check failed) Warning: Commit failed, activating partial configuration. Warning: Edit the router configuration to fix these errors. If the administrative changes are not made that result in such a failure, then this issue is not seen. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R10, 12.3R11; 12.3X48 prior to 12.3X48-D20; 13.2 prior to 13.2R8; 13.3 prior to 13.3R7; 14.1 prior to 14.1R4-S12, 14.1R5, 14.1R6; 14.1X53 prior to 14.1X53-D30; 14.2 prior to 14.2R4; 15.1 prior to 15.1F2, 15.1F3, 15.1R2. | |||||