Total
3841 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-11041 | 1 Google | 1 Android | 2024-11-21 | 4.6 Medium |
| An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016). | ||||
| CVE-2016-10983 | 1 Ghost | 1 Ghost | 2024-11-21 | 6.5 Medium |
| The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data. | ||||
| CVE-2016-10836 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 allows arbitrary file-read operations during authentication with caldav (SEC-108). | ||||
| CVE-2016-10835 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 allows a POP/IMAP cPHulk bypass via account name munging (SEC-107). | ||||
| CVE-2016-10833 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104). | ||||
| CVE-2016-10832 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 allows FTP cPHulk bypass via account name munging (SEC-102). | ||||
| CVE-2016-10831 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 does not perform as two-factor authentication check when possessing another account (SEC-101). | ||||
| CVE-2016-10826 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93). | ||||
| CVE-2016-10732 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
| ProjectSend (formerly cFTP) r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?file_id=1, or process-zip-download.php, or add_user_form_* parameters to users-add.php. | ||||
| CVE-2016-10532 | 1 Console-io Project | 1 Console-io | 2024-11-21 | N/A |
| console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response. | ||||
| CVE-2016-10525 | 1 Dwyl | 1 Hapi-auth-jwt2 | 2024-11-21 | N/A |
| When attempting to allow authentication mode `try` in hapi, hapi-auth-jwt2 version 5.1.1 introduced an issue whereby people could bypass authentication. | ||||
| CVE-2016-10434 | 1 Qualcomm | 4 Sd 820, Sd 820 Firmware, Sd 820a and 1 more | 2024-11-21 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 820 and SD 820A, the input to RPMB write response function is a buffer from HLOS that needs to be authenticated (using HMAC) and then processed. However, some of the processing occurs before the buffer is authenticated. The function will return various types of errors depending on the values of the `response` and `result` fields of the buffer before verifying the HMAC tag. | ||||
| CVE-2016-0796 | 1 Mb.miniaudioplayer Project | 1 Mb.miniaudioplayer | 2024-11-21 | 7.5 High |
| WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple vulnerabilities, including open proxy and security bypass vulnerabilities because it fails to properly verify user-supplied input. An attacker may leverage these issues to hide attacks directed at a target site from behind vulnerable website or to perform otherwise restricted actions and subsequently download files with the extension mp3, mp4a, wav and ogg from anywhere the web server application has read access to the system. WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files version 1.7.6 is vulnerable; prior versions may also be affected. | ||||
| CVE-2015-9235 | 1 Auth0 | 1 Jsonwebtoken | 2024-11-21 | N/A |
| In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). | ||||
| CVE-2015-7882 | 1 Mongodb | 1 Mongodb | 2024-11-21 | N/A |
| Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. | ||||
| CVE-2015-6926 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | 7.5 High |
| The OpenID Single Sign-On authentication functionality in OXID eShop before 4.5.0 allows remote attackers to impersonate users via the email address in a crafted authentication token. | ||||
| CVE-2015-6922 | 1 Kaseya | 1 Virtual System Administrator | 2024-11-21 | 9.8 Critical |
| Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx. | ||||
| CVE-2015-5298 | 1 Jenkins | 1 Google Login | 2024-11-21 | 6.5 Medium |
| The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification. | ||||
| CVE-2015-4987 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-11-21 | N/A |
| The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896. | ||||
| CVE-2015-10083 | 1 Harrys | 1 Dynosaur-rails | 2024-11-21 | 6.3 Medium |
| A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503. | ||||