In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
Max CVSS
9.8
EPSS Score
1.40%
Published
2017-06-20
Updated
2021-06-06
NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors.
Max CVSS
9.3
EPSS Score
0.38%
Published
2017-02-07
Updated
2017-11-16
NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.20%
Published
2017-02-07
Updated
2017-02-24
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.
Max CVSS
8.1
EPSS Score
0.12%
Published
2017-08-07
Updated
2017-08-10

CVE-2015-7871

Public exploit
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.
Max CVSS
9.8
EPSS Score
97.02%
Published
2017-08-07
Updated
2021-04-13
NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8 in the volume language.
Max CVSS
9.8
EPSS Score
0.47%
Published
2017-09-01
Updated
2017-09-06
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!