Total
3369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1402 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Active Directory (AD) integration component in Cisco Identity Service Engine (ISE) before 1.2.0.899 patch 7, when AD group-membership authorization is enabled, allows remote attackers to cause a denial of service (authentication outage) via a crafted Password Authentication Protocol (PAP) authentication request, aka Bug ID CSCun25815. | |||||
| CVE-2016-1387 | 1 Cisco | 1 Telepresence Tc Software | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
| The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935. | |||||
| CVE-2016-1356 | 1 Cisco | 1 Firesight System Software | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| Cisco FireSIGHT System Software 6.1.0 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to enumerate valid usernames by measuring timing differences, aka Bug ID CSCuy41615. | |||||
| CVE-2016-1329 | 5 Cisco, Samsung, Sun and 2 more | 10 Nexus 3048, Nexus 3064, Nexus 3064t and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800. | |||||
| CVE-2016-1307 | 2 Zyxel, Zzinc | 2 Gs1900-10hp Firmware, Keymouse Firmware | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. | |||||
| CVE-2016-1279 | 1 Juniper | 1 Junos | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors. | |||||
| CVE-2016-1278 | 1 Juniper | 1 Junos | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. | |||||
| CVE-2016-0916 | 1 Emc | 1 Networker | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before 9.0.0.6 mishandles authentication, which allows remote attackers to execute arbitrary commands by leveraging access to a different NetWorker instance. | |||||
| CVE-2016-0883 | 1 Pivotal Software | 1 Operations Manager | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation. | |||||
| CVE-2016-0755 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Curl | 2024-11-21 | 5.0 MEDIUM | 7.3 HIGH |
| The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015. | |||||
| CVE-2016-0733 | 1 Apache | 1 Ranger | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid username. | |||||
| CVE-2015-8269 | 1 Fisher-price | 1 Smart Toy Bear | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number. | |||||
| CVE-2015-7974 | 4 Debian, Netapp, Ntp and 1 more | 8 Debian Linux, Clustered Data Ontap, Oncommand Balance and 5 more | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a "skeleton key." | |||||
| CVE-2015-7938 | 1 Advantech | 4 Eki-1321, Eki-1321 Series Firmware, Eki-1322 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2015-7914 | 1 Sauter | 1 Moduweb Vision | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. | |||||
| CVE-2015-7755 | 1 Juniper | 1 Screenos | 2024-11-21 | 10.0 HIGH | N/A |
| Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 before 6.3.0r16b, 6.3.0r17 before 6.3.0r17b, 6.3.0r18 before 6.3.0r18b, 6.3.0r19 before 6.3.0r19b, and 6.3.0r20 before 6.3.0r21 allows remote attackers to obtain administrative access by entering an unspecified password during a (1) SSH or (2) TELNET session. | |||||
| CVE-2015-7521 | 1 Apache | 1 Hive | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations. | |||||
| CVE-2015-7361 | 1 Fortinet | 1 Fortios | 2024-11-21 | 9.3 HIGH | N/A |
| FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors. | |||||
| CVE-2015-7285 | 1 Csl Dualcom | 2 Gprs, Gprs Cs2300-r Firmware | 2024-11-21 | 5.8 MEDIUM | N/A |
| CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response. | |||||
| CVE-2015-6480 | 1 Moxa | 1 Oncell Central Manager | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. | |||||