Total
3419 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-4464 | 1 Kguardsecurity | 4 Kg-sha104, Kg-sha104 Firmware, Kg-sha108 and 1 more | 2018-10-09 | N/A |
Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. | ||||
CVE-2015-3442 | 1 Soreco | 1 Xpert.line | 2018-10-09 | N/A |
Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. | ||||
CVE-2014-7807 | 1 Apache | 1 Cloudstack | 2018-10-09 | N/A |
Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. | ||||
CVE-2014-6436 | 1 Aztech | 6 Adsl Dsl5018en \(1t1r\), Adsl Dsl5018en \(1t1r\) Firmware, Dsl705e and 3 more | 2018-10-09 | N/A |
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an existing web portal login. | ||||
CVE-2014-5385 | 1 Shopizer | 1 Shopizer | 2018-10-09 | N/A |
com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack. | ||||
CVE-2014-5300 | 1 Adaptivecomputing | 1 Moab | 2018-10-09 | N/A |
Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature. | ||||
CVE-2014-4631 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2018-10-09 | N/A |
RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. | ||||
CVE-2014-0138 | 2 Debian, Haxx | 3 Debian Linux, Curl, Libcurl | 2018-10-09 | N/A |
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. | ||||
CVE-2014-0015 | 1 Haxx | 2 Curl, Libcurl | 2018-10-09 | N/A |
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. | ||||
CVE-2011-2762 | 1 Lifesize | 2 Lifesize Room Appliance, Lifesize Room Appliance Software | 2018-10-09 | N/A |
The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) allows remote attackers to bypass authentication via unspecified data associated with a "true" authentication status, related to AMF data and the LSRoom_Remoting.authenticate function in gateway.php. | ||||
CVE-2011-2733 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2018-10-09 | N/A |
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not prevent reuse of authentication information during a session, which allows remote authenticated users to bypass intended access restrictions via vectors related to knowledge of the originally used authentication information and unspecified other session information. | ||||
CVE-2011-2701 | 1 Freeradius | 1 Freeradius | 2018-10-09 | N/A |
The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. | ||||
CVE-2011-1520 | 1 Ibm | 1 Lotus Domino | 2018-10-09 | N/A |
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command. | ||||
CVE-2011-1519 | 1 Ibm | 1 Lotus Domino | 2018-10-09 | N/A |
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920. | ||||
CVE-2018-7947 | 1 Huawei | 2 Emily-al00a, Emily-al00a Firmware | 2018-10-04 | N/A |
Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones. | ||||
CVE-2008-3905 | 1 Ruby-lang | 1 Ruby | 2018-10-03 | N/A |
resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||||
CVE-2018-11491 | 1 Asus | 2 Hg100, Hg100 Firmware | 2018-09-20 | N/A |
ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution. | ||||
CVE-2018-12804 | 1 Adobe | 1 Connect | 2018-09-17 | N/A |
Adobe Connect versions 9.7.5 and earlier have an Authentication Bypass vulnerability. Successful exploitation could lead to session hijacking. | ||||
CVE-2018-10576 | 1 Watchguard | 6 Ap100, Ap100 Firmware, Ap102 and 3 more | 2018-09-16 | N/A |
An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15. Improper authentication handling by the native Access Point web UI allows authentication using a local system account (instead of the dedicated web-only user). | ||||
CVE-2018-12575 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2018-09-04 | N/A |
On TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n devices, all actions in the web interface are affected by bypass of authentication via an HTTP request. |