Falhas do tipo CWE-287
1.838 resultadosCVE-2021-36346MEDIUMDell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially expEPSS 4.2%CVE-2017-6868—An Improper Authentication issue was discovered in Siemens SIMATIC CP 44x-1 RNA, all versions prior to 1.4.1. An unauthenticated remote attaEPSS 4.2%CVE-2023-22893HIGHStrapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for auEPSS 4.2%CVE-2017-3791—A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and executEPSS 4.1%CVE-2018-16886MEDIUMetcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control EPSS 4.0%CVE-2017-2628—curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it didEPSS 4.0%CVE-2024-47533CRITICALCobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changesEPSS 3.9%CVE-2017-15135—It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly EPSS 3.9%CVE-2025-25205HIGHRemote Authentication-Bypass can lead to server crash or limited information disclosure due to faulty pattern matchingEPSS 3.8%CVE-2002-2438—TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded byEPSS 3.7%CVE-2021-20020—A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.EPSS 3.7%CVE-2022-47003CRITICALA vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web requestEPSS 3.6%CVE-2018-0321—A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the Java Remote MeEPSS 3.6%CVE-2021-36306HIGHNetworking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unautheEPSS 3.6%CVE-2023-4568MEDIUMPaperCut NG Unauthenticated XMLRPCEPSS 3.6%CVE-2022-3477CRITICALtagDiv Composer < 3.5 - Unauthenticated Account TakeoverEPSS 3.5%CVE-2021-37624HIGHFreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofingEPSS 3.5%CVE-2022-0730—Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.EPSS 3.5%CVE-2021-24148—MStore API < 3.2.0 - Authentication Bypass With Sign In With AppleEPSS 3.4%CVE-2019-16028CRITICALCisco Firepower Management Center Lightweight Directory Access Protocol Authentication Bypass VulnerabilityEPSS 3.4%