Total
3565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7145 | 1 Nefarious2 Project | 1 Nefarious2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | |||||
| CVE-2016-7144 | 1 Unrealircd | 1 Unrealircd | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter. | |||||
| CVE-2016-6549 | 1 Nutspace | 1 Nut Mobile | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute. | |||||
| CVE-2016-6544 | 1 Ieasytec | 1 Itrack Easy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device. | |||||
| CVE-2016-6541 | 1 Thetrackr | 2 Trackr Bravo, Trackr Bravo Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in CVE-2016-6538, CVE-2016-6539, CVE-2016-6540 and CVE-2016-6541. | |||||
| CVE-2016-5791 | 1 Jantek | 2 Jtc-200, Jtc-200 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication. | |||||
| CVE-2016-5410 | 2 Firewalld, Redhat | 5 Firewalld, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. | |||||
| CVE-2016-5068 | 1 Sierrawireless | 2 Aleos Firmware, Gx 440 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_Ace_Get_Task.cgi requests. | |||||
| CVE-2016-4926 | 1 Juniper | 1 Junos Space | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication. | |||||
| CVE-2016-4863 | 1 Toshiba | 1 Flashair | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir II Class 10 model W-02 series with firmware version 2.00.02 and later, FlashAir III Class 10 model W-03 series, FlashAir Class 6 model with firmware version 1.00.04 and later, FlashAir W-02 series Class 10 model with firmware version 2.00.02 and later, FlashAir W-03 series Class 10 model does not require authentication on accepting a connection from STA side LAN when "Internet pass-thru Mode" is enabled, which allows attackers with access to STA side LAN can obtain files or data. | |||||
| CVE-2016-4484 | 1 Cryptsetup Project | 1 Cryptsetup | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password. | |||||
| CVE-2016-4460 | 1 Apache | 1 Pony Mail | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication. | |||||
| CVE-2016-3176 | 1 Saltstack | 1 Salt | 2024-11-21 | 4.3 MEDIUM | 5.6 MEDIUM |
| Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient. | |||||
| CVE-2016-2403 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. | |||||
| CVE-2016-2359 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Milesight IP security cameras through 2016-11-14 allow remote attackers to bypass authentication and access a protected resource by simultaneously making a request for the unprotected vb.htm resource. | |||||
| CVE-2016-2124 | 5 Canonical, Debian, Fedoraproject and 2 more | 24 Ubuntu Linux, Debian Linux, Fedora and 21 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. | |||||
| CVE-2016-2102 | 1 Haproxy | 1 Haproxy | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network. | |||||
| CVE-2016-2032 | 1 Arubanetworks | 3 Airwave, Aruba Instant, Arubaos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability exists in the Aruba AirWave Management Platform 8.x prior to 8.2 in the management interface of an underlying system component called RabbitMQ, which could let a malicious user obtain sensitive information. This interface listens on TCP port 15672 and 55672 | |||||
| CVE-2016-1908 | 4 Debian, Openbsd, Oracle and 1 more | 9 Debian Linux, Openssh, Linux and 6 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows remote X11 clients to trigger a fallback and obtain trusted X11 forwarding privileges by leveraging configuration issues on this X11 server, as demonstrated by lack of the SECURITY extension on this X11 server. | |||||
| CVE-2016-1888 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a "sequence of memory allocation failures." | |||||