Total
4065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3372 | 1 Cyrus | 1 Imapd | 2025-04-11 | 7.5 HIGH | N/A |
|
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
|
|||||
| CVE-2013-1209 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710.
|
|||||
| CVE-2013-2102 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-11 | 3.3 LOW | N/A |
|
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics service with no authentication when a JGroups channel is started, which allows remote attackers to obtain sensitive information (diagnostics) by accessing the service.
|
|||||
| CVE-2009-5076 | 1 Creloaded | 1 Cre Loaded | 2025-04-11 | 7.5 HIGH | N/A |
|
CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, allows remote attackers to bypass authentication and gain administrator privileges via a request with (1) login.php or (2) password_forgotten.php appended as the PATH_INFO, which bypasses a check that uses PHP_SELF, which is not properly handled by (a) includes/application_top.php and (b) admin/includes/application_top.php, as exploited in the wild in 2009.
|
|||||
| CVE-2013-3586 | 1 Samsung | 2 Dvr, Smart Viewer | 2025-04-11 | 7.6 HIGH | N/A |
|
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.
|
|||||
| CVE-2013-4731 | 1 Choice-wireless | 1 Wixfmr-111 | 2025-04-11 | 9.3 HIGH | N/A |
|
ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than CVE-2013-3581.
|
|||||
| CVE-2010-0744 | 1 Alvaro | 1 Alvaros Messenger | 2025-04-11 | 5.8 MEDIUM | N/A |
|
aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via an arbitrary certificate.
|
|||||
| CVE-2012-0702 | 1 Ibm | 2 Infosphere Information Server, Infosphere Information Server Information Services Framework | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Information Services Framework (ISF) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly determine authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
|
|||||
| CVE-2010-1910 | 1 Consona | 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance | 2025-04-11 | 5.1 MEDIUM | N/A |
|
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.
|
|||||
| CVE-2011-5063 | 1 Apache | 1 Tomcat | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
|
|||||
| CVE-2010-4573 | 1 Vmware | 1 Esxi | 2025-04-11 | 9.3 HIGH | N/A |
|
The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password.
|
|||||
| CVE-2011-3463 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 7.2 HIGH | N/A |
|
WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory.
|
|||||
| CVE-2013-4784 | 1 Hp | 1 Integrated Lights-out Bmc | 2025-04-11 | 10.0 HIGH | N/A |
|
The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
|
|||||
| CVE-2012-5858 | 1 Samsung | 1 Kies Air | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.
|
|||||
| CVE-2013-4435 | 1 Saltstack | 1 Salt | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.
|
|||||
| CVE-2009-4675 | 1 Mole-group | 1 Gastro Portal \(restaurant Directory\) Script | 2025-04-11 | 7.5 HIGH | N/A |
|
admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission.
|
|||||
| CVE-2009-4657 | 1 Omidrouhani | 1 Xerver | 2025-04-11 | 7.5 HIGH | N/A |
|
The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1.
|
|||||
| CVE-2011-2176 | 1 Gnome | 1 Networkmanager | 2025-04-11 | 2.1 LOW | N/A |
|
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
|
|||||
| CVE-2013-1364 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.
|
|||||
| CVE-2012-4456 | 1 Openstack | 1 Keystone | 2025-04-11 | 7.5 HIGH | N/A |
|
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.
|
|||||
| CVE-2013-2059 | 1 Openstack | 1 Keystone | 2025-04-11 | 6.0 MEDIUM | N/A |
|
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
|
|||||
| CVE-2012-4021 | 1 Mosp | 1 Kintai Kanri | 2025-04-11 | 5.5 MEDIUM | N/A |
|
MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors.
|
|||||
| CVE-2012-3024 | 1 Tridium | 1 Niagara Ax | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack.
|
|||||
| CVE-2013-3473 | 1 Cisco | 1 Prime Central For Hosted Collaboration Solution Assurance | 2025-04-11 | 7.8 HIGH | N/A |
|
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance before 9.1.1 does not properly determine the existence of an authenticated session, which allows remote attackers to discover usernames and passwords via an HTTP request, aka Bug ID CSCud32600.
|
|||||
| CVE-2012-6603 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | 10.0 HIGH | N/A |
|
The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.
|
|||||
| CVE-2010-3739 | 1 Ibm | 1 Db2 Universal Database | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.
|
|||||
| CVE-2011-2733 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-11 | 7.5 HIGH | N/A |
|
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information.
|
|||||
| CVE-2013-4874 | 1 Verizon | 1 Wireless Network Extender | 2025-04-11 | 6.2 MEDIUM | N/A |
|
The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable.
|
|||||
| CVE-2013-3659 | 1 Nttdocomo | 1 Overseas Usage | 2025-04-11 | 3.3 LOW | N/A |
|
The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area.
|
|||||
| CVE-2012-6067 | 1 Freeftpd | 1 Freeftpd | 2025-04-11 | 10.0 HIGH | N/A |
|
freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
|
|||||
| CVE-2010-3905 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-11 | 7.5 HIGH | N/A |
|
The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users.
|
|||||
| CVE-2012-0335 | 1 Cisco | 2 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746.
|
|||||
| CVE-2010-2526 | 2 Heinz Mauelshagen, Redhat | 3 Lvm2, Cluster Suite, Enterprise Linux | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.
|
|||||
| CVE-2012-2606 | 1 Bradfordnetworks | 2 Network Sentry Appliance, Network Sentry Appliance Software | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The agent in Bradford Network Sentry before 5.3.3 does not require authentication for messages, which allows remote attackers to trigger the display of arbitrary text on a workstation via a crafted packet to UDP port 4567, as demonstrated by a replay attack.
|
|||||
| CVE-2013-3613 | 1 Dahuasecurity | 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more | 2025-04-11 | 7.8 HIGH | N/A |
|
Dahua DVR appliances do not properly restrict UPnP requests, which makes it easier for remote attackers to obtain access via vectors involving a replay attack against the TELNET port.
|
|||||
| CVE-2013-0258 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username.
|
|||||
| CVE-2012-1256 | 1 Easyvista | 1 Easyvista | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php.
|
|||||
| CVE-2010-1221 | 1 Ca | 3 Xosoft Content Distribution, Xosoft High Availability, Xosoft Replication | 2025-04-11 | 5.0 MEDIUM | N/A |
|
CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.
|
|||||
| CVE-2012-4614 | 1 Emc | 1 It Operations Intelligence | 2025-04-11 | 9.3 HIGH | N/A |
|
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session.
|
|||||
| CVE-2013-5009 | 1 Symantec | 1 Endpoint Protection | 2025-04-11 | 7.4 HIGH | N/A |
|
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.
|
|||||