access:pre-auth — CVE vulnerabilities tagged 19704

19704 CVE security advisories tagged "access:pre-auth" with AI Chinese analysis, CVSS, references and POCs.

The tag "access:pre-auth" identifies vulnerabilities that allow unauthenticated attackers to gain unauthorized access to a system, application, or network resource before legitimate credentials are verified. This classification is critical because it represents the lowest barrier to entry for exploitation, enabling remote code execution, data exfiltration, or full system compromise without prior authentication. Typical scenarios involve flaws in authentication mechanisms, such as broken access controls, insecure direct object references, or logic errors in session management that bypass login requirements. Attackers frequently target these weaknesses via exposed APIs, administrative interfaces, or default configurations. Because no user interaction or valid credentials are needed, pre-authentication flaws are among the most severe and widely exploited security issues, often leading to immediate breach of confidentiality, integrity, and availability across affected infrastructure.

CVE ID	Title	CVSS	Severity	Published
CVE-2016-6429	Cisco IP Interoperability and Collaboration System 跨站脚本漏洞 — Cisco IP Interoperability and Collaboration System 4.10(1)	6.1	-	2016-11-03
CVE-2016-6441	Cisco ASR 900 Series 缓冲区溢出漏洞 — Cisco IOS XE 3.17 and 3.18	9.8	-	2016-11-03
CVE-2016-6447	多款Cisco产品缓冲区溢出漏洞 — Cisco Meeting Server before 2.0.1, Acano Server before 1.9.3, Cisco Meeting App before 1.9.8, Acano Meeting Apps before 1.8.35	9.8	-	2016-11-03
CVE-2016-6448	Cisco Meeting Server和Acano Server 缓冲区溢出漏洞 — Cisco Meeting Server before 2.0.3 and Acano Server before 1.9.5	9.8	-	2016-11-03
CVE-2016-6451	Cisco Prime Collaboration Provisioning 跨站脚本漏洞 — Cisco Prime Collaboration Provisioning 10.6	6.1	-	2016-11-03
CVE-2016-6452	Cisco Prime Home 身份验证绕过漏洞 — Cisco Prime Home before 6.0	9.8	-	2016-11-03
CVE-2016-6454	Cisco Hosted Collaboration Mediation Fulfillment 跨站请求伪造漏洞 — Cisco Hosted Collaboration Mediation Fulfillment before 11.5(0.98000.216)	6.5	-	2016-11-03
CVE-2016-6455	Cisco ASR 5500 Series routers 拒绝服务漏洞 — Cisco StarOS 18.x through 21.x	5.3	-	2016-11-03
CVE-2016-7965	DokuWiki 安全漏洞 — n/a	6.5	-	2016-10-31
CVE-2016-1423	Cisco AsyncOS for Cisco Email Security Appliances 安全漏洞 — Cisco AsyncOS 8.0.2-069	6.1	-	2016-10-28
CVE-2016-1480	Cisco AsyncOS for Cisco Email Security Appliances和Web Security Appliances 安全漏洞 — Cisco AsyncOS through WSA10.0.0-000	-	-	2016-10-28
CVE-2016-1481	Cisco AsyncOS for Cisco Email Security Appliances 拒绝服务漏洞 — Cisco AsyncOS through 9.7.0-125	7.5	-	2016-10-28
CVE-2016-1486	Cisco AsyncOS for Cisco Email Security Appliances 拒绝服务漏洞 — Cisco AsyncOS through 9.7.1-066	7.5	-	2016-10-28
CVE-2016-6356	Cisco AsyncOS for Cisco Email Security Appliances 拒绝服务漏洞 — Cisco AsyncOS through 9.7.0-125	7.5	-	2016-10-28
CVE-2016-6357	Cisco Email Security Appliance 安全漏洞 — Cisco AsyncOS through 9.9.6-026	5.3	-	2016-10-28
CVE-2016-6358	Cisco Email Security Appliance 拒绝服务漏洞 — Cisco Email Security Appliance (ESA) through 9.7.1-000	5.3	-	2016-10-28
CVE-2016-6360	Cisco Email Security Appliance和Cisco Web Security Appliance 拒绝服务漏洞 — Cisco AsyncOS through WSA10.0.0-000	5.3	-	2016-10-28
CVE-2016-6372	Cisco AsyncOS for Cisco Email Security Appliances和Web Security Appliances 安全绕过漏洞 — Cisco AsyncOS through WSA10.0.0-000	8.2	-	2016-10-28
CVE-2016-6397	Cisco IP Interoperability and Collaboration System 身份验证绕过漏洞 — Cisco IPICS 4.8(1) to 4.10(1)	9.1	-	2016-10-28
CVE-2016-6431	Cisco Adaptive Security Appliance 拒绝服务漏洞 — Cisco ASA Software before 9.6(1.5)	7.5	-	2016-10-27
CVE-2016-6432	Cisco Adaptive Security Appliance Software 缓冲区错误漏洞 — Cisco ASA Software before 9.6(2.1)	8.1	-	2016-10-27
CVE-2016-6437	Cisco Wide Area Application Services 拒绝服务漏洞 — Cisco Wide Area Application Services (WAAS) before 5.3(5g)1 and 6.x before 6.2(2.32)	5.9	-	2016-10-27
CVE-2016-6438	Cisco IOS XE on cBR-8 Converged Broadband Router 安全漏洞 — Cisco IOS XE 3.16S, 3.17S, 3.18.0S, 3.18.1S, 3.18.0SP	5.9	-	2016-10-27
CVE-2016-6439	Cisco Firepower System Software 拒绝服务漏洞 — Cisco Firepower System Software before 6.0.1	7.5	-	2016-10-27
CVE-2016-6442	Cisco Finesse Agent and Supervisor Desktop Software 跨站请求伪造漏洞 — Cisco Finesse 11.0(1)	8.8	-	2016-10-27
CVE-2016-6444	Cisco Meeting Server 跨站请求伪造漏洞 — Cisco Meeting Server 1.8, 1.9, 2.0	8.8	-	2016-10-27
CVE-2016-6445	Cisco Meeting Server 身份验证绕过漏洞 — Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6	9.1	-	2016-10-27
CVE-2016-6446	Cisco Meeting Server 信息泄露漏洞 — Cisco Meeting Server 1.8, 1.9, 2.0	7.5	-	2016-10-27
CVE-2016-1000112	WordPress contus-video-comments插件远程文件上传漏洞 — n/a	9.1	-	2016-10-06
CVE-2016-1000123	Joomla! Huge-IT Video Gallery扩展SQL注入漏洞 — n/a	9.8	-	2016-10-06

Vulnerabilities classified as access:pre-auth represent 19704 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

access:pre-auth — CVE vulnerabilities tagged 19704