When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
4,372 vulnerabilities with CWE-287
CVE-2017-18906
HIGH
Mattermost Server <4.0.0-3.9.2 - Auth Bypass
CVSS 8.1
CVE-2017-18862
MEDIUM
NETGEAR ProSAFE Web-Managed Switches < 2017-05-11 - Unauthenticated Authentication Bypass
CVSS 6.5
CVE-2017-18720
HIGH
NETGEAR D6200/R6700/R6800/R6900 Firmware - Unauthenticated Authentication Bypass
CVSS 8.8
CVE-2017-18733
HIGH
NETGEAR D6220/D6400/D8500/R6250/R6400/R6400v2/R7100LG/R7300DST/R8300/R8500 - Authentication Bypass
CVSS 8.8
CVE-2017-18732
HIGH
NETGEAR R6300v2 PLW1000v2 PLW1010v2 - Authentication Bypass
CVSS 8.8
CVE-2017-18743
HIGH
NETGEAR Multiple Routers - Unauthenticated Authentication Bypass
CVSS 8.8
CVE-2017-18776
HIGH
NETGEAR Multiple Routers - Unauthenticated Authentication Bypass
CVSS 8.4
CVE-2017-18772
HIGH
NETGEAR Multiple Router Models Firmware - Unauthenticated Authentication Bypass
CVSS 8.8
CVE-2017-18850
HIGH
NETGEAR Multiple Routers - Unauthenticated Authentication Bypass
CVSS 8.4
CVE-2017-18646
MEDIUM
Android M(6.x) and N(7.x) - Unauthenticated User Switching Bypass via Magnetic Cover
CVSS 4.6
CVE-2017-18654
HIGH
Samsung Mobile <M(6.0),N(7.0,7.1) - Info Disclosure
CVSS 7.5
CVE-2017-18641
HIGH
LXC 2.0 - Unauthenticated Remote Code Execution via Unsigned HTTP Template Downloads
CVSS 8.1
CVE-2017-8405
HIGH
D-Link DCS-1100 and DCS-1130 Firmware - Unauthenticated RTSP Video Feed Access via Authentication Flag Bypass
CVSS 7.5
CVE-2017-9389
HIGH
VeraEdge and Veralite Firmware < 1.7.19 and < 1.7.481 - Unauthenticated Remote Code Execution via Lua Code Injection
CVSS 8.8
CVE-2017-9383
CRITICAL
Vera VeraEdge <1.7.19, Veralite <1.7.481 - Info Disclosure
CVSS 9.9
CVE-2017-12778
HIGH
qBittorrent 3.3.15 - Authentication Bypass via Config File Tampering
CVSS 7.1
CVE-2017-11430
HIGH
omniauth/omniauth_saml < 1.9.0 - Authentication Bypass via SAML Signature Validation Flaw
CVSS 7.7
CVE-2017-11429
HIGH
saml2-js < 2.0 - Authentication Bypass via SAML Signature Validation Flaw
CVSS 7.7
CVE-2017-11428
HIGH
OneLogin ruby-saml < 1.6.0 - Authentication Bypass via SAML Signature Validation Flaw
CVSS 7.7
CVE-2017-11427
HIGH
OneLogin PythonSAML < 2.3.0 - Authentication Bypass via SAML Signature Validation Flaw
CVSS 7.7
CVE-2017-7912
CRITICAL
Hanwha Techwin SRN-4000 Firmware < 2.16_170401 - Unauthenticated Admin Access via Crafted HTTP Request
CVSS 9.8
CVE-2017-6049
HIGH
Detcon Sitewatch Gateway - Path Traversal
CVSS 7.5
CVE-2017-6047
CRITICAL
3M Detcon Sitewatch Gateway - Unauthenticated Sensitive Information Disclosure via Plaintext Password File
CVSS 9.8
CVE-2017-8023
CRITICAL
Dell EMC NetWorker 8.2.0.0-8.2.4.11 - Unauthenticated Remote Code Execution via RPC Service
CVSS 9.8
CVE-2017-18106
HIGH
Atlassian Crowd < 2.9.1 - Authenticated Session Hijacking via Identifier Hash Collision
CVSS 7.5
Details
Vulnerabilities
4,372
Exploit Likelihood
High