Total
3369 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-1278 | 1 Juniper | 1 Junos | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. | |||||
CVE-2016-2245 | 1 Hp | 1 Support Assistant | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. | |||||
CVE-2016-1356 | 1 Cisco | 1 Firesight System Software | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. | |||||
CVE-2016-3094 | 1 Apache | 1 Qpid Broker-j | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception. | |||||
CVE-2016-6434 | 1 Cisco | 1 Firepower Management Center | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | |||||
CVE-2015-1772 | 2 Apache, Ibm | 2 Hive, Infosphere Biginsights | 2024-02-28 | 4.3 MEDIUM | 7.3 HIGH |
The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthenticated and anonymous bind configurations, which allows remote attackers to bypass authentication via a crafted LDAP request. | |||||
CVE-2016-6452 | 1 Cisco | 1 Prime Home | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2). | |||||
CVE-2016-4422 | 2 Debian, Libpam-sshauth Project | 2 Debian Linux, Libpam-sshauth | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. | |||||
CVE-2008-1683 | 2024-02-28 | N/A | N/A | ||
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-0887. Reason: This candidate is a duplicate of CVE-2008-0887. Notes: All CVE users should reference CVE-2008-0887 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage |