Total
4131 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8896 | 1 Ibm | 2 Infosphere Master Data Management Collaborative Server, Infosphere Master Data Management Server For Product Information Management | 2026-06-17 | 4.0 MEDIUM | N/A |
| The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors. | |||||
| CVE-2014-8764 | 2 Dokuwiki, Mageia Project | 2 Dokuwiki, Mageia | 2026-06-17 | 5.0 MEDIUM | N/A |
| DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. | |||||
| CVE-2014-8763 | 2 Dokuwiki, Mageia Project | 2 Dokuwiki, Mageia | 2026-06-17 | 5.0 MEDIUM | N/A |
| DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. | |||||
| CVE-2014-8650 | 2 Debian, Requests-kerberos Project | 2 Debian Linux, Requests-kerberos | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| python-requests-Kerberos through 0.5 does not handle mutual authentication | |||||
| CVE-2014-8522 | 1 Mcafee | 1 Network Data Loss Prevention | 2026-06-17 | 7.5 HIGH | N/A |
| The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access. | |||||
| CVE-2014-8472 | 1 Ca | 1 Cloud Service Management | 2026-06-17 | 6.8 MEDIUM | N/A |
| CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2014-8424 | 1 Arris | 1 Vap2500 Firmware | 2026-06-17 | 7.8 HIGH | N/A |
| ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | |||||
| CVE-2014-8347 | 1 Claris | 2 Filemaker Pro, Filemaker Pro Advanced | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges. | |||||
| CVE-2014-8329 | 1 Schrack | 2 Technik Microcontrol, Technik Microcontrol Firmware | 2026-06-17 | 10.0 HIGH | N/A |
| Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt. | |||||
| CVE-2014-8180 | 2 Mongodb, Redhat | 2 Mongodb, Satellite | 2026-06-17 | 2.1 LOW | 5.5 MEDIUM |
| MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service. | |||||
| CVE-2014-8088 | 1 Zend | 1 Zend Framework | 2026-06-17 | 5.0 MEDIUM | N/A |
| The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind. | |||||
| CVE-2014-8033 | 1 Cisco | 1 Webex Meetings Server | 2026-06-17 | 5.0 MEDIUM | N/A |
| The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421. | |||||
| CVE-2014-8006 | 1 Cisco | 1 Isb8320-e High-definition Ip-only Dvr | 2026-06-17 | 4.3 MEDIUM | N/A |
| The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422. | |||||
| CVE-2014-7879 | 1 Hp | 1 Hp-ux | 2026-06-17 | 8.5 HIGH | N/A |
| HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors. | |||||
| CVE-2014-7860 | 2 D-link, Dlink | 4 Dns-320l Firmware, Dns-327l Firmware, Dns-320l and 1 more | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web/web_file/fb_publish.php script in D-Link DNS-320L before 1.04b12 and DNS-327L before 1.03b04 Build0119 does not authenticate requests, which allows remote attackers to obtain arbitrary photos and publish them to an arbitrary Facebook profile via a target album_id and access_token. | |||||
| CVE-2014-7858 | 2 D-link, Dlink | 2 Dnr-326 Firmware, Dnr-326 | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string. | |||||
| CVE-2014-7857 | 2 D-link, Dlink | 14 Dnr-326 Firmware, Dns-320b Firmware, Dns-320l Firmware and 11 more | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build0119, DNR-326 1.40b03, DNS-320B 1.02b01, DNS-345 1.03b06, DNS-325 1.05b03, and DNS-322L 2.00b07 allow remote attackers to bypass authentication and log in with administrator permissions by passing the cgi_set_wto command in the cmd parameter, and setting the spawned session's cookie to username=admin. | |||||
| CVE-2014-7807 | 1 Apache | 1 Cloudstack | 2026-06-17 | 5.0 MEDIUM | N/A |
| Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. | |||||
| CVE-2014-6632 | 1 Joomla | 1 Joomla\! | 2026-06-17 | 7.5 HIGH | N/A |
| Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication. | |||||
| CVE-2014-6436 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | |||||