Total
4007 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4688 | 1 I-gen | 1 Oplynx | 2026-04-29 | 7.5 HIGH | N/A |
| The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support. | |||||
| CVE-2012-5940 | 1 Ibm | 1 Netezza | 2026-04-29 | 4.3 MEDIUM | N/A |
| The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process. | |||||
| CVE-2012-3885 | 1 Airdroid | 1 Airdroid | 2026-04-29 | 7.5 HIGH | N/A |
| The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2010-4591 | 1 Ibm | 1 Lotus Mobile Connect | 2026-04-29 | 4.4 MEDIUM | N/A |
| The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. | |||||
| CVE-2014-0737 | 1 Cisco | 1 Unified Ip Phone 7960g | 2026-04-29 | 4.3 MEDIUM | N/A |
| The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. | |||||
| CVE-2013-2059 | 1 Openstack | 1 Keystone | 2026-04-29 | 6.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. | |||||
| CVE-2012-2974 | 1 Smc | 1 Smc8024l2 Switch | 2026-04-29 | 10.0 HIGH | N/A |
| The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. | |||||
| CVE-2013-4877 | 1 Verizon | 1 Wireless Network Extender | 2026-04-29 | 2.6 LOW | N/A |
| The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. | |||||
| CVE-2013-3060 | 1 Apache | 1 Activemq | 2026-04-29 | 6.4 MEDIUM | N/A |
| The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. | |||||
| CVE-2013-1080 | 1 Novell | 1 Zenworks Configuration Management | 2026-04-29 | 10.0 HIGH | N/A |
| The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. | |||||
| CVE-2011-2956 | 1 Azeotech | 1 Daqfactory | 2026-04-29 | 7.8 HIGH | N/A |
| AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal. | |||||
| CVE-2011-3372 | 1 Cyrus | 1 Imapd | 2026-04-29 | 7.5 HIGH | N/A |
| imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | |||||
| CVE-2012-1100 | 1 Redhat | 1 Jboss Operations Network | 2026-04-29 | 5.8 MEDIUM | N/A |
| Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request. | |||||
| CVE-2013-6006 | 1 Cybozu | 1 Garoon | 2026-04-29 | 5.8 MEDIUM | N/A |
| Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | |||||
| CVE-2013-5163 | 1 Apple | 1 Mac Os X | 2026-04-29 | 6.6 MEDIUM | N/A |
| Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | |||||
| CVE-2010-1613 | 1 Moodle | 1 Moodle | 2026-04-29 | 6.8 MEDIUM | N/A |
| Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. | |||||
| CVE-2012-1145 | 1 Redhat | 2 Enterprise Linux, Satellite | 2026-04-29 | 5.0 MEDIUM | N/A |
| spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads. | |||||
| CVE-2012-2626 | 1 Sonicwall | 1 Scrutinizer | 2026-04-29 | 5.0 MEDIUM | N/A |
| cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action. | |||||
| CVE-2012-3408 | 2 Puppet, Puppetlabs | 2 Puppet Enterprise, Puppet | 2026-04-29 | 2.6 LOW | N/A |
| lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address. | |||||
| CVE-2011-5100 | 1 Mcafee | 1 Firewall Reporter | 2026-04-29 | 7.5 HIGH | N/A |
| The web interface in McAfee Firewall Reporter before 5.1.0.13 does not properly implement cookie authentication, which allows remote attackers to obtain access, and disable anti-virus functionality, via an HTTP request. | |||||