Total
3743 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4581 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2025-04-11 | 6.8 MEDIUM | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions by capturing a session cookie and then modifying the response to a login attempt, related to a "Logout Failure" issue. | |||||
| CVE-2010-3905 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-11 | 7.5 HIGH | N/A |
| The password reset feature in the administrator interface for Eucalyptus 2.0.0 and 2.0.1 does not perform authentication, which allows remote attackers to gain privileges by sending password reset requests for other users. | |||||
| CVE-2013-3039 | 1 Ibm | 1 Rational Requirements Composer | 2025-04-11 | 5.4 MEDIUM | N/A |
| IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | |||||
| CVE-2012-0931 | 1 Schneider-electric | 1 Modicon Quantum Plc | 2025-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| Schneider Electric Modicon Quantum PLC does not perform authentication between the Unity software and PLC, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2155 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 7.5 HIGH | N/A |
| Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. | |||||
| CVE-2014-0722 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| The log4jinit web application in Cisco Unified Communications Manager (UCM) does not properly validate authentication, which allows remote attackers to cause a denial of service (performance degradation) via unspecified use of this application, aka Bug ID CSCum05347. | |||||
| CVE-2012-3315 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request. | |||||
| CVE-2012-5940 | 1 Ibm | 1 Netezza | 2025-04-11 | 4.3 MEDIUM | N/A |
| The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza, when SSL is not enabled, allows remote attackers to discover credentials by sniffing the network during the authentication process. | |||||
| CVE-2012-3885 | 1 Airdroid | 1 Airdroid | 2025-04-11 | 7.5 HIGH | N/A |
| The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2010-4591 | 1 Ibm | 1 Lotus Mobile Connect | 2025-04-11 | 4.4 MEDIUM | N/A |
| The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. | |||||
| CVE-2014-0737 | 1 Cisco | 1 Unified Ip Phone 7960g | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795. | |||||
| CVE-2013-2059 | 1 Openstack | 1 Keystone | 2025-04-11 | 6.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. | |||||
| CVE-2012-2974 | 1 Smc | 1 Smc8024l2 Switch | 2025-04-11 | 10.0 HIGH | N/A |
| The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. | |||||
| CVE-2013-4877 | 1 Verizon | 1 Wireless Network Extender | 2025-04-11 | 2.6 LOW | N/A |
| The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets. | |||||
| CVE-2013-3060 | 1 Apache | 1 Activemq | 2025-04-11 | 6.4 MEDIUM | N/A |
| The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. | |||||
| CVE-2013-1080 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | 10.0 HIGH | N/A |
| The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload and execute arbitrary programs, via a request to TCP port 443. | |||||
| CVE-2011-2956 | 1 Azeotech | 1 Daqfactory | 2025-04-11 | 7.8 HIGH | N/A |
| AzeoTech DAQFactory before 5.85 (Build 1842) does not perform authentication for certain signals, which allows remote attackers to cause a denial of service (system reboot or shutdown) via a signal. | |||||
| CVE-2011-3372 | 1 Cyrus | 1 Imapd | 2025-04-11 | 7.5 HIGH | N/A |
| imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | |||||
| CVE-2012-1100 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | 5.8 MEDIUM | N/A |
| Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request. | |||||
| CVE-2013-6006 | 1 Cybozu | 1 Garoon | 2025-04-11 | 5.8 MEDIUM | N/A |
| Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. | |||||