CVE-2025-29906

HIGH Year: 2025
CVSS v3 Score
8.6
High
Weakness Type
CWE-287
View all →

Vulnerability Description

Finit is a fast init for Linux systems. Versions starting from 3.0-rc1 and prior to version 4.11 bundle an implementation of getty for the `tty` configuration directive that can bypass `/bin/login`, i.e., a user can log in as any user without authentication. This issue has been patched in version 4.11.

Related Vulnerabilities

CVE-2017-6062

HIGH
CVSS:8.6(High)

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDC...

CWE-2872017

CVE-2017-6413

HIGH
CVSS:8.6(High)

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "Auth...

CWE-2872017

CVE-2018-2449

HIGH
CVSS:8.6(High)

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality t...

CWE-2872018

CVE-2019-3654

HIGH
CVSS:8.6(High)

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for...

CWE-2872019

CVE-2019-6521

HIGH
CVSS:8.6(High)

WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.

CWE-2872019

CVE-2020-3944

HIGH
CVSS:8.6(High)

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker w...

CWE-2872020