365 matches found
CVE-2025-49195
CVE-2025-49195 describes a vulnerability where an FTP server login mechanism does not limit authentication attempts, enabling brute-force password guessing. Connected sources associate this issue with SICK Field Analytics and SICK Media Server products. The CVE is tracked in NVD/Red Hat/CVE recor...
CVE-2024-5684
An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...
CVE-2024-35143
IBM Planning Analytics Local 2.0 and 2.1 connects to a MongoDB server. MongoDB, a document-oriented database system, is listening on the remote port, and it is configured to allow connections without password authentication. A remote attacker can gain unauthorized access to the database. IBM...
CVE-2020-35208
An issue was discovered in the LogMein LastPass Password Manager aka com.lastpass.ilastpass app 4.8.11.2403 for iOS. The password authentication for unlocking can be bypassed by forcing the authentication result to be true through runtime manipulation. In other words, an attacker could authentica...
CVE-2020-35221
The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers with access to a network capture to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original...
CVE-2020-23036
MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the password authentication parameter of the wifi photo transfer module. This vulnerability allows attackers with network access privileges or on public wifi networks to re...
CVE-2019-17216
An issue was discovered on V-Zug Combi-Steam MSLQ devices before Ethernet R07 and before WLAN R05. Password authentication uses MD5 to hash passwords. Cracking is possible with minimal effort...
CVE-2012-5975
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session...
CVE-2013-5163
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors...
CVE-2005-4767
BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password...
CVE-2025-46750
SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set...
redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients see client-output-buffer-limit...
redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients see client-output-buffer-limit...
CVE-2025-46750
SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with no password set...
redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients see client-output-buffer-limit...
PT-2025-20722 · Sel Bios · Sel Bios
Name of the Vulnerable Software and Affected Versions: SEL BIOS packages versions prior to 1.3.49152.117 SEL BIOS packages versions prior to 2.6.49152.98 Description: A local attacker can bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file...
Configure a Proper SSH Service Authentication Mode
A proper authentication mode helps ensure user and system data security. Typically, the user/password authentication mode is suitable for human-machine users. In non-interactive login scenarios, the public and private keys are suitable for authentication. In high-risk scenarios, only the public a...
Configure a Proper SSH Service Authentication Mode
A proper authentication mode helps ensure user and system data security. Typically, the user/password authentication mode is suitable for human-machine users. In non-interactive login scenarios, the public and private keys are suitable for authentication. In high-risk scenarios, only the public a...
redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients see client-output-buffer-limit...
redis,valkey -- DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
Axel Mierczuk reports: By default, the Redis configuration does not limit the output buffer of normal clients see client-output-buffer-limit. Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted and the memory is unavailable. When password...