Total
4006 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0447 | 1 Hp | 1 Openview Performance Insight | 2026-04-29 | 10.0 HIGH | N/A |
| The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. | |||||
| CVE-2013-4784 | 1 Hp | 1 Integrated Lights-out Bmc | 2026-04-29 | 10.0 HIGH | N/A |
| The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. | |||||
| CVE-2012-0301 | 1 Symantec | 1 Message Filter | 2026-04-29 | 5.4 MEDIUM | N/A |
| Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2010-1838 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-29 | 4.4 MEDIUM | N/A |
| Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name. | |||||
| CVE-2009-4830 | 1 Openx | 1 Openx | 2026-04-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote attackers to bypass authentication and obtain access to an Administrator account via unknown vectors, possibly related to www/admin/install.php, www/admin/install-plugins.php, and other www/admin/ files. | |||||
| CVE-2012-3024 | 1 Tridium | 1 Niagara Ax | 2026-04-29 | 5.0 MEDIUM | N/A |
| Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. | |||||
| CVE-2014-0739 | 1 Cisco | 1 Adaptive Security Appliance Software | 2026-04-29 | 4.3 MEDIUM | N/A |
| Race condition in the Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass sec_db authentication and provide certain pass-through services to untrusted devices via a crafted configuration-file TFTP request, aka Bug ID CSCuj66766. | |||||
| CVE-2013-5511 | 1 Cisco | 1 Adaptive Security Appliance Software | 2026-04-29 | 10.0 HIGH | N/A |
| The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815. | |||||
| CVE-2013-4958 | 1 Puppet | 1 Puppet Enterprise | 2026-04-29 | 6.9 MEDIUM | N/A |
| Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation. | |||||
| CVE-2013-7183 | 1 Seowonintech | 1 Swc-9100 | 2026-04-29 | 7.8 HIGH | N/A |
| cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action. | |||||
| CVE-2012-3356 | 1 Viewvc | 1 Viewvc | 2026-04-29 | 5.0 MEDIUM | N/A |
| The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2012-6354 | 1 Ibm | 2 San Volume Controller Software, Storwize V7000 | 2026-04-29 | 7.5 HIGH | N/A |
| The management GUI on the IBM SAN Volume Controller and Storwize V7000 6.x before 6.4.1.3 allows remote attackers to bypass authentication and obtain superuser access via IP packets. | |||||
| CVE-2011-5054 | 1 Kde | 1 Kcheckpass | 2026-04-29 | 6.9 MEDIUM | N/A |
| kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched." | |||||
| CVE-2012-4604 | 1 Websense | 1 Websense Web Security | 2026-04-29 | 4.3 MEDIUM | N/A |
| The TRITON management console in Websense Web Security before 7.6 Hotfix 24 allows remote attackers to bypass authentication and read arbitrary reports via a crafted uid field, in conjunction with a crafted userRoles field, in a cookie, as demonstrated by a request to explorer_wse/favorites.exe. | |||||
| CVE-2013-2993 | 1 Ibm | 1 Websphere Commerce | 2026-04-29 | 5.8 MEDIUM | N/A |
| IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors. | |||||
| CVE-2014-0738 | 1 Cisco | 1 Adaptive Security Appliance Software | 2026-04-29 | 4.3 MEDIUM | N/A |
| The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66770. | |||||
| CVE-2011-1758 | 1 Fedoraproject | 1 Sssd | 2026-04-29 | 3.7 LOW | N/A |
| The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerberos authentication by listing the /tmp directory to obtain the pathname. | |||||
| CVE-2009-5116 | 1 Mcafee | 1 Linuxshield | 2026-04-29 | 6.5 MEDIUM | N/A |
| McAfee LinuxShield 1.5.1 and earlier does not properly implement client authentication, which allows remote authenticated users to obtain Admin access to the statistics server by leveraging a client account. | |||||
| CVE-2010-3896 | 1 Ibm | 1 Omnifind | 2026-04-29 | 7.5 HIGH | N/A |
| The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request to palette.do. | |||||
| CVE-2013-0282 | 1 Openstack | 1 Keystone | 2026-04-29 | 5.0 MEDIUM | N/A |
| OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. | |||||