Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4091 | 3 Armin Burgmeier, Opensuse, Oracle | 3 Net6, Opensuse, Solaris | 2025-04-11 | 5.0 MEDIUM | N/A |
| The libobby server in inc/server.hpp in libnet6 (aka net6) before 1.3.14 does not perform authentication before checking the user name, which allows remote attackers to obtain sensitive information such as server-usage patterns by a particular user and color preferences. | |||||
| CVE-2011-3372 | 1 Cyrus | 1 Imapd | 2025-04-11 | 7.5 HIGH | N/A |
| imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | |||||
| CVE-2011-2176 | 1 Gnome | 1 Networkmanager | 2025-04-11 | 2.1 LOW | N/A |
| GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. | |||||
| CVE-2013-6890 | 3 Debian, Fedoraproject, Phil Schwartz | 3 Debian Linux, Fedora, Denyhosts | 2025-04-11 | 5.0 MEDIUM | N/A |
| denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names. | |||||
| CVE-2011-1520 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | 7.2 HIGH | N/A |
| The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command. | |||||
| CVE-2013-0258 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 for Drupal, when multi-factor authentication is enabled, allows remote attackers to bypass authentication for accounts without an associated Google Authenticator token by logging in with the username. | |||||
| CVE-2009-4927 | 1 Webmobo | 1 Wbnews | 2025-04-11 | 7.5 HIGH | N/A |
| WB News 2.1.2 allows remote attackers to bypass authentication and gain administrative access via a modified WBNEWS cookie, as demonstrated by setting this cookie to 1. | |||||
| CVE-2011-1472 | 1 Nokia | 2 E75, E75 Firmware | 2025-04-11 | 7.2 HIGH | N/A |
| The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time. | |||||
| CVE-2010-4333 | 1 Pangramsoft | 1 Pointter Php Micro-blogging Social Network | 2025-04-11 | 7.5 HIGH | N/A |
| Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers to bypass authentication and obtain administrative privileges via arbitrary values of the auser and apass cookies. | |||||
| CVE-2013-4304 | 2 Brion Vibber, Mediawiki | 2 Centralauth Extension, Mediawiki | 2025-04-11 | 7.5 HIGH | N/A |
| The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password. | |||||
| CVE-2011-1674 | 1 Netgear | 2 Prosafe Wnap210, Prosafe Wnap210 Firmware | 2025-04-11 | 6.8 MEDIUM | N/A |
| The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php. | |||||
| CVE-2009-4830 | 1 Openx | 1 Openx | 2025-04-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files. | |||||
| CVE-2013-2993 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 5.8 MEDIUM | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | |||||
| CVE-2012-6066 | 1 Freesshd | 1 Freesshd | 2025-04-11 | 9.3 HIGH | N/A |
| freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c. | |||||
| CVE-2013-6828 | 1 Pineapp | 1 Mail-secure | 2025-04-11 | 6.4 MEDIUM | N/A |
| admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter. | |||||
| CVE-2011-0688 | 1 Symantec | 3 Antivirus, Antivirus Central Quarantine Server, System Center | 2025-04-11 | 9.3 HIGH | N/A |
| Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-0985 | 1 Apple | 1 Mac Os X | 2025-04-11 | 2.1 LOW | N/A |
| Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | |||||
| CVE-2010-3896 | 1 Ibm | 1 Omnifind | 2025-04-11 | 7.5 HIGH | N/A |
| The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | |||||
| CVE-2011-1409 | 1 Ulli Horlacher | 1 Fex | 2025-04-11 | 5.0 MEDIUM | N/A |
| Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID. | |||||
| CVE-2010-4573 | 1 Vmware | 1 Esxi | 2025-04-11 | 9.3 HIGH | N/A |
| The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password. | |||||