Total
3369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6474 | 1 Cisco | 1 Ios | 2024-11-21 | 5.8 MEDIUM | 7.3 HIGH |
| A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication on an affected system. More Information: CSCuv89417. Known Affected Releases: 15.5(2.25)T. Known Fixed Releases: 15.2(4)E1 15.2(4)E2 15.2(4)E3 15.2(4)EA4 15.2(4.0r)EB 15.2(4.1.27)EB 15.2(4.4.2)EA4 15.2(4.7.1)EC 15.2(4.7.2)EC 15.2(5.1.1)E 15.2(5.5.63)E 15.2(5.5.64)E 15.4(1)IA1.80 15.5(3)M1.1 15.5(3)M2 15.5(3)S1.4 15.5(3)S2 15.6(0.22)S0.12 15.6(1)T0.1 15.6(1)T1 15.6(1.15)T 15.6(1.17)S0.7 15.6(1.17)SP 15.6(1.22.1a)T0 15.6(2)S 15.6(2)SP 16.1(1.24) 16.1.2 16.2(0.247) 16.3(0.11) 3.8(1)E Denali-16.1.2. | |||||
| CVE-2016-6452 | 1 Cisco | 1 Prime Home | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2). | |||||
| CVE-2016-6434 | 1 Cisco | 1 Firepower Management Center | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | |||||
| CVE-2016-6397 | 1 Cisco | 1 Ip Interoperability And Collaboration System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2). | |||||
| CVE-2016-6377 | 1 Cisco | 1 Media Origination System Suite | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager (PAM) API calls via unspecified vectors, aka Bug ID CSCuz52110. | |||||
| CVE-2016-6159 | 1 Huawei | 2 Ws331a Router, Ws331a Router Firmware | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| The management interface of Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allows remote attackers to bypass authentication and obtain administrative access by sending "special packages" to the LAN interface. | |||||
| CVE-2016-5686 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol. | |||||
| CVE-2016-5133 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. | |||||
| CVE-2016-5086 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. | |||||
| CVE-2016-4966 | 1 Fortinet | 1 Fortiwan | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The diagnosis_control.php page in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote authenticated users to download PCAP files via vectors related to the UserName GET parameter. | |||||
| CVE-2016-4953 | 5 Ntp, Opensuse, Oracle and 2 more | 15 Ntp, Leap, Opensuse and 12 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. | |||||
| CVE-2016-4926 | 1 Juniper | 1 Junos Space | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. | |||||
| CVE-2016-4860 | 1 Yokogawa | 1 Stardom Fcn\/fcj | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of service via a (1) stop application program, (2) change value, or (3) modify application command. | |||||
| CVE-2016-4510 | 1 Trihedral | 1 Vtscada | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x before 11.2.02 allows remote attackers to bypass authentication and read arbitrary files via unspecified vectors. | |||||
| CVE-2016-4503 | 1 Moxa | 2 Device Server Web Console 5232-n, Device Server Web Console 5232-n Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value. | |||||
| CVE-2016-4484 | 1 Cryptsetup Project | 1 Cryptsetup | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. | |||||
| CVE-2016-4432 | 1 Apache | 1 Qpid Broker-j | 2024-11-21 | 5.0 MEDIUM | 9.1 CRITICAL |
| The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging. | |||||
| CVE-2016-4422 | 2 Debian, Libpam-sshauth Project | 2 Debian Linux, Libpam-sshauth | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account. | |||||
| CVE-2016-4322 | 1 Bmc | 1 Bladelogic Server Automation Console | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows remote attackers to bypass authentication and consequently read arbitrary files or possibly have unspecified other impact by leveraging a "logic flaw" in the authentication process. | |||||
| CVE-2016-3176 | 1 Saltstack | 1 Salt | 2024-11-21 | 4.3 MEDIUM | 5.6 MEDIUM |
| Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | |||||