Search Results (4525 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1307 2 Zyxel, Zzinc 2 Gs1900-10hp Firmware, Keymouse Firmware 2025-04-12 N/A
The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.
CVE-2014-8522 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 N/A
The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access.
CVE-2013-0191 1 Lucas Clemente Vella 1 Libpam-pgsql 2025-04-12 N/A
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.
CVE-2016-1279 1 Juniper 1 Junos 2025-04-12 N/A
J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before 12.1X47-D35, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D25, 13.3 before 13.3R10, 13.3R9 before 13.3R9-S1, 14.1 before 14.1R7, 14.1X53 before 14.1X53-D35, 14.2 before 14.2R6, 15.1 before 15.1A2 or 15.1F4, 15.1X49 before 15.1X49-D30, and 15.1R before 15.1R3 might allow remote attackers to obtain sensitive information and consequently gain administrative privileges via unspecified vectors.
CVE-2015-2823 1 Siemens 6 Simatic Hmi Basic Panels Generation 1, Simatic Hmi Basic Panels Generation 2, Simatic Hmi Comfort Panels and 3 more 2025-04-12 N/A
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.
CVE-2016-1278 1 Juniper 1 Junos 2025-04-12 N/A
Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option.
CVE-2014-9043 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind.
CVE-2015-2117 1 Hp 2 Tippingpoint Security Management System, Tippingpoint Virtual Security Management System 2025-04-12 N/A
HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading this code within an archive or (2) instantiating a class.
CVE-2014-9045 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password.
CVE-2014-9184 1 Zte 1 Zxdsl 2025-04-12 N/A
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.
CVE-2014-9278 2 Openbsd, Redhat 3 Openssh, Enterprise Linux, Fedora 2025-04-12 N/A
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
CVE-2016-4432 1 Apache 1 Qpid Broker-j 2025-04-12 9.1 Critical
The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication and consequently perform actions via vectors related to connection state logging.
CVE-2016-4953 5 Ntp, Opensuse, Oracle and 2 more 15 Ntp, Leap, Opensuse and 12 more 2025-04-12 7.5 High
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.
CVE-2015-0607 1 Cisco 1 Ios 2025-04-12 N/A
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.
CVE-2016-2944 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
IBM BigFix Remote Control before 9.1.3 does not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach.
CVE-2015-1330 2 Canonical, Debian 2 Ubuntu Linux, Unattended-upgrades 2025-04-12 N/A
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
CVE-2016-1000214 1 Ruckus 1 Wireless H500 2025-04-12 N/A
Ruckus Wireless H500 web management interface authentication bypass
CVE-2013-2756 2 Apache, Citrix 2 Cloudstack, Cloudplatform 2025-04-12 N/A
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
CVE-2015-6480 1 Moxa 1 Oncell Central Manager 2025-04-12 N/A
The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action.
CVE-2014-1982 1 Alliedtelesis 8 At-rg634a, At-rg634a Firmware, Img616lh and 5 more 2025-04-12 N/A
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.