Total
3617 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9043 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. | |||||
| CVE-2014-1682 | 2 Fedoraproject, Zabbix | 2 Fedora, Zabbix | 2025-04-12 | 4.0 MEDIUM | N/A |
| The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request. | |||||
| CVE-2014-0188 | 1 Redhat | 1 Openshift | 2025-04-12 | 7.5 HIGH | N/A |
| The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to a passthrough trigger. | |||||
| CVE-2016-3085 | 1 Apache | 1 Cloudstack | 2025-04-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin. | |||||
| CVE-2015-6401 | 1 Cisco | 1 Epc3928 Docsis 3.0 8x4 Wireless Residential Gateway With Embedded Digital Voice Adapter | 2025-04-12 | 7.5 HIGH | N/A |
| Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941. | |||||
| CVE-2016-0883 | 1 Pivotal Software | 1 Operations Manager | 2025-04-12 | 5.0 MEDIUM | 9.8 CRITICAL |
| Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before 1.6.9 uses the same cookie-encryption key across different customers' installations, which allows remote attackers to bypass session authentication by leveraging knowledge of this key from another installation. | |||||
| CVE-2015-2047 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2025-04-12 | 2.6 LOW | N/A |
| The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authentication via a password that is casted to an empty value. | |||||
| CVE-2014-6116 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration. | |||||
| CVE-2014-9605 | 1 Netsweeper | 1 Netsweeper | 2025-04-12 | 9.4 HIGH | N/A |
| WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate. | |||||
| CVE-2014-8006 | 1 Cisco | 1 Isb8320-e High-definition Ip-only Dvr | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422. | |||||
| CVE-2016-7191 | 1 Microsoft | 1 Azure Active Directory Passport | 2025-04-12 | 4.3 MEDIUM | 8.1 HIGH |
| The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) library 1.x before 1.4.6 and 2.x before 2.0.1 for Node.js does not recognize the validateIssuer setting, which allows remote attackers to bypass authentication via a crafted token. | |||||
| CVE-2014-0353 | 1 Zyxel | 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware | 2025-04-12 | 6.1 MEDIUM | N/A |
| The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters. | |||||
| CVE-2014-9278 | 2 Openbsd, Redhat | 3 Openssh, Enterprise Linux, Fedora | 2025-04-12 | 4.0 MEDIUM | N/A |
| The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login. | |||||
| CVE-2014-0166 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 6.4 MEDIUM | N/A |
| The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie. | |||||
| CVE-2014-3945 | 1 Typo3 | 1 Typo3 | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash. | |||||
| CVE-2014-4882 | 1 Aptexx | 1 Resident Anywhere | 2025-04-12 | 7.5 HIGH | N/A |
| Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request. | |||||
| CVE-2012-6452 | 1 Axway | 2 Email Firewall, Secure Messenger | 2025-04-12 | 5.0 MEDIUM | N/A |
| Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. | |||||
| CVE-2013-7379 | 1 Ucdok | 1 Tomato | 2025-04-12 | 6.8 MEDIUM | N/A |
| The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key. | |||||
| CVE-2015-7521 | 1 Apache | 1 Hive | 2025-04-12 | 7.5 HIGH | 8.3 HIGH |
| The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations. | |||||
| CVE-2013-6766 | 1 Openvas | 1 Openvas Administrator | 2025-04-12 | 7.5 HIGH | N/A |
| OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version information, which causes the state to be set to CLIENT_AUTHENTIC. | |||||