CVE Daily
← All tags

Tag: Unauthenticated/Unauthorized Access

All CVEs associated with "Unauthenticated/Unauthorized Access". Page 116/128 • 15319 CVEs.

Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access”  ·  RSS (High+Critical only)

About “Unauthenticated/Unauthorized Access”

A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15319 CVEs for this tag (all time). In the last 365 days, 3827 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.

In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2017-08-08
Medium

CVE-2017-10084

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Report Generator). Supported versions that are affected are 11.3.0, 11.4.0, 1…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-10083

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2017-10082

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2017-10081

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131.…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2017-10080

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerabil…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2017-10079

Vulnerability in the Oracle Hospitality Suites Management component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 3.7. Easily exploitable vulnerab…

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2017-10078

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged at…

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2017-10075

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Eas…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-10074

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131.…

CVSS: 8.3 CWE: N/A View on NVD
Medium

CVE-2017-10071

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: All Modules). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2017-10070

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Maintenance Folders). The supported version that is affected is 9.1.0. Easily ex…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2017-10069

Vulnerability in the Oracle Payment Interface component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 6.1.1. Difficult to exploit vulnerability al…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2017-10067

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2017-10064

Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploi…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2017-10063

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Dif…

CVSS: 4.8 CWE: N/A View on NVD
High

CVE-2017-10061

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily explo…

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2017-10059

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Mobile Service). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows l…

CVSS: 7.6 CWE: N/A View on NVD
Medium

CVE-2017-10056

Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospitality Applications (subcomponent: Property Management Systems). The supported version that is affected is 4.0. Easily exploitabl…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2017-10053

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u1…

CVSS: 5.3 CWE: N/A View on NVD
Medium

CVE-2017-10052

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: PCMServlet). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerab…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2017-10049

Vulnerability in the Siebel Core CRM component of Oracle Siebel CRM (subcomponent: Search). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthentic…

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2017-10048

Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Web Interface). Supported versions that are affected are 11.1.1.7.0 and 12.1.3.0.0. Easily explo…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2017-10047

Vulnerability in the MICROS BellaVita component of Oracle Hospitality Applications (subcomponent: Interface). The supported version that is affected is 2.7.x. Easily exploitable vulnerability allows…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2017-10045

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Difficult to…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2017-10043

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable v…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-10042

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenti…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2017-10041

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable…

CVSS: 7.6 CWE: N/A View on NVD
High

CVE-2017-10040

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.1.0. Easily exploita…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2017-10039

Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerab…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2017-10038

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2,…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2017-10036

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthen…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2017-10035

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Easily exploitable vulnerabilit…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-10031

Vulnerability in the Oracle Communications Convergence component of Oracle Communications Applications (subcomponent: Mail Proxy (dojo)). Supported versions that are affected are 3.0 and 3.0.1. Easil…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2017-10030

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unaut…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-10029

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unaut…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-10028

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unaut…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-10025

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability a…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2017-10024

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows una…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2017-10023

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Operations). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 1…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2017-10021

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search). Supported versions that are affected are 8.54 and 8.55. Easily exploitable v…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2017-10020

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Diffic…

CVSS: 4.7 CWE: N/A View on NVD
High

CVE-2017-10019

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily explo…

CVSS: 7.4 CWE: N/A View on NVD
Medium

CVE-2017-10017

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workcenter). Supported versions that are affected are 8.54 and 8.55. Easily exploitable v…

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2017-10016

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is AK 2013. Difficult to…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2017-10015

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Designer). Supported versions that are affected are 8.54 and 8.55. Difficult…

CVSS: 4.7 CWE: N/A View on NVD
High

CVE-2017-10013

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is AK 2013. Difficult to…

CVSS: 8.3 CWE: N/A View on NVD
Medium

CVE-2017-10011

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2017-10005

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 an…

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2017-10001

Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 1.7.1. Easily exploitable v…

CVSS: 7.6 CWE: N/A View on NVD
2017-08-07
Critical

CVE-2015-7871

Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2017-12478

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2017-08-04
Critical

CVE-2017-10817

MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to alter settings in Relay Service Server.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2017-10815

MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is installed) and MaLion for Mac 4.0.1 to 5.2.1 (only when "Remote Control" is installed) allow remote attackers to bypass authenticat…

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
2017-08-02
High

CVE-2017-11387

Authentication Bypass in Trend Micro Control Manager 6.0 causes Information Disclosure when authentication validation is not done for functionality that can change debug logging level. Formerly ZDI-C…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-1467

A network layer security vulnerability in InfoSphere Information Server 9.1, 11.3, and 11.5 can lead to privilege escalation or unauthorized access. IBM X-Force ID: 128466.

CVSS: 8.1 CWE: N/A View on NVD
2017-07-31
High

CVE-2017-1227

IBM Tivoli Endpoint Manager could allow a unauthorized user to consume all resources and crash the system. IBM X-Force ID: 123906.

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2017-07-25
High

CVE-2015-8013

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentic…

CVSS: 7.5 CWE: CWE-310 View on NVD
2017-07-22
Critical

CVE-2017-2126

WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2017-07-21
Medium

CVE-2017-1374

Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-07-20
Critical

CVE-2017-11495

PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticated remote code execution via a request to an unspecified ASP script; alternatively, the attacker can leverage unauthenticated acc…

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
2017-07-19
Critical

CVE-2017-11435

The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authentication bypass vulnerability via specially crafted requests to the management console. The bug is exploitable remotely when the route…

CVSS: 9.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-07-17
Medium

CVE-2017-10604

When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the r…

CVSS: 5.3 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
High

CVE-2017-1000071

Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2017-1000030

Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain te…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2017-1000020

SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending S…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2016-10398

Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by…

CVSS: 6.2 CWE: CWE-264 View on NVD
2017-07-12
Critical

CVE-2017-4052

Authentication Bypass vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to change or update any con…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Critical

CVE-2016-8638

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related…

CVSS: 9.1 CWE: CWE-384 - Session Fixation View on NVD
2017-07-11
Critical

CVE-2017-7728

On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography.

CVSS: 9.8 CWE: N/A View on NVD
2017-07-07
High

CVE-2017-2186

HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass authentication to load malicious firmware via WebUI.

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
Medium

CVE-2017-4999

EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an authorization bypass through user-controlled key vulnerability in Discussion Forum Messages. A remote low privile…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-07-06
Critical

CVE-2017-6711

A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted device. The vulne…

CVSS: 9.1 CWE: CWE-287 - Improper Authentication View on NVD
2017-07-04
Critical

CVE-2017-10804

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00 c…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2017-07-03
Critical

CVE-2017-7919

An Improper Authentication issue was discovered in Newport XPS-Cx and XPS-Qx. An attacker may bypass authentication by accessing a specific uniform resource locator (URL).

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2017-07-02
Medium

CVE-2017-10796

On TP-Link NC250 devices with firmware through 1.2.1 build 170515, anyone can view video and audio without authentication via an rtsp://admin@yourip:554/h264_hd.sdp URL.

CVSS: 6.5 CWE: CWE-287 - Improper Authentication View on NVD
2017-06-30
Critical

CVE-2017-6044

An Improper Authorization issue was discovered in Sierra Wireless AirLink Raven XE, all versions prior to 4.0.14, and AirLink Raven XT, all versions prior to 4.0.11. Several files and directories can…

CVSS: 9.8 CWE: CWE-285 - Improper Authorization View on NVD
Critical

CVE-2017-6034

An Authentication Bypass by Capture-Replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which…

CVSS: 9.8 CWE: CWE-294 - Authentication Bypass by Capture-replay View on NVD
2017-06-29
High

CVE-2017-8613

Azure AD Connect Password writeback, if misconfigured during enablement, allows an attacker to reset passwords and gain unauthorized access to arbitrary on-premises AD privileged user accounts aka "A…

CVSS: 8.1 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD
High

CVE-2016-10042

Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticat…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2017-06-27
Medium

CVE-2016-6083

IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. IBM X-Force ID: 117696.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-06-22
Critical

CVE-2015-9098

In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitor…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2017-06-21
Critical

CVE-2017-4990

In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously…

CVSS: 9.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2017-6050

A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remot…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2017-06-20
Critical

CVE-2017-3216

WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2017-06-16
Critical

CVE-2017-9602

KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and delet…

CVSS: 9.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2017-06-15
Medium

CVE-2017-8515

Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system,…

CVSS: 5.5 CWE: N/A View on NVD
2017-06-14
Medium

CVE-2017-4986

EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-06-13
High

CVE-2015-9030

In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.

CVSS: 7.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2017-06-11
Critical

CVE-2017-9542

D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a modified POST request to login.cgi. This issue occurs because it fails to validate the password field. Successful exploitation…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
2017-06-09
High

CVE-2016-7830

Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker o…

CVSS: 8.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2017-06-06
Medium

CVE-2014-8180

MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.

CVSS: 5.5 CWE: CWE-287 - Improper Authentication View on NVD
2017-06-02
Medium

CVE-2017-6039

A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.

CVSS: 5.3 CWE: CWE-259 - Use of Hard-coded Password View on NVD
2017-05-29
Critical

CVE-2017-9294

RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2017-9148

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session,…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2017-7915

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 0912…

CVSS: 9.8 CWE: CWE-307 - Improper Restriction of Excessive Authentication Attempts View on NVD
2017-05-26
Critical

CVE-2017-6862

NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1.0.0.66, and WNR2000v5 devices before 1.0.0.42 allow authentication bypass and remote code execution via a buffer overflow that us…

CVSS: 9.8 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
2017-05-22
Critical

CVE-2017-1092

IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.

CVSS: 9.8 CWE: N/A View on NVD
2017-05-21
High

CVE-2017-9100

login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote attackers to bypass authentication by entering more than 20 blank spaces in the password field during an admin login attempt.

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
2017-05-19
Medium

CVE-2017-7937

An Improper Authentication issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may be able to gain unauthorized access to the user firewall when RADIUS s…

CVSS: 4.0 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2017-6027

An Arbitrary File Upload issue was discovered in 3S-Smart Software Solutions GmbH CODESYS Web Server. The following versions of CODESYS Web Server, part of the CODESYS WebVisu web browser visualizati…

CVSS: 9.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
Critical

CVE-2017-5174

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architectu…

CVSS: 9.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2017-05-18
Critical

CVE-2017-6622

A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privil…

CVSS: 9.8 CWE: CWE-264 View on NVD
Medium

CVE-2017-7433

An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially cr…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2017-05-12
Critical

CVE-2017-7474

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information,…

CVSS: 9.8 CWE: CWE-253 - Incorrect Check of Function Return Value View on NVD
2017-05-10
Critical

CVE-2017-8895

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of ser…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2017-1137

IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker than expected security. A remote attacker could exploit this weakness to obtain sensitive information and gain unauthorized access…

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2016-9250

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.

CVSS: 7.5 CWE: CWE-264 View on NVD
2017-05-06
High

CVE-2017-7927

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH…

CVSS: 7.3 CWE: CWE-836 - Use of Password Hash Instead of Password for Authentication View on NVD
Critical

CVE-2017-7909

A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and red…

CVSS: 9.8 CWE: CWE-603 - Use of Client-Side Authentication View on NVD
2017-05-03
High

CVE-2016-2930

IBM BigFix Remote Control 9.1.3 could allow a remote attacker to perform actions reserved for an administrator without authentication. IBM X-Force ID: 5512.

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
2017-04-28
Critical

CVE-2016-8584

Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2017-2101

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to bypass authentication to perform arbitrary operations via unspecified vectors.

CVSS: 7.3 CWE: CWE-287 - Improper Authentication View on NVD
2017-04-27
High

CVE-2017-7415

Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass authentication and read any blog or page via the drafts diff REST resource.

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-04-25
Critical

CVE-2017-8225

On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and…

CVSS: 9.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2017-8223

On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0.

CVSS: 7.5 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2017-3434

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Audience workbench). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2017-3356

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2017-3355

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2017-3347

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and…

CVSS: 7.1 CWE: N/A View on NVD
High

CVE-2017-3345

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and…

CVSS: 7.1 CWE: N/A View on NVD