Total
3293 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3277 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-09-07 | 4.0 MEDIUM | N/A |
| The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005. | |||||
| CVE-2016-1278 | 1 Juniper | 1 Junos | 2016-08-12 | 6.9 MEDIUM | 7.8 HIGH |
| Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging use of the "request system software" command with the "partition" option. | |||||
| CVE-2014-8764 | 2 Dokuwiki, Mageia Project | 2 Dokuwiki, Mageia | 2016-07-15 | 5.0 MEDIUM | N/A |
| DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind. | |||||
| CVE-2014-8763 | 2 Dokuwiki, Mageia Project | 2 Dokuwiki, Mageia | 2016-07-15 | 5.0 MEDIUM | N/A |
| DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind. | |||||
| CVE-2014-0973 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2016-07-13 | 7.2 HIGH | N/A |
| The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data. | |||||
| CVE-2014-2066 | 1 Jenkins | 1 Jenkins | 2016-06-13 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to hijack web sessions via vectors involving the "override" of Jenkins cookies. | |||||
| CVE-2014-2062 | 1 Jenkins | 1 Jenkins | 2016-06-13 | 6.5 MEDIUM | N/A |
| Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the API token when a user is deleted, which allows remote authenticated users to retain access via the token. | |||||
| CVE-2013-4580 | 1 Gitlab | 1 Gitlab | 2016-05-18 | 6.8 MEDIUM | N/A |
| GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. | |||||
| CVE-2016-2300 | 1 Ecava | 1 Integraxor | 2016-04-27 | 6.4 MEDIUM | 6.5 MEDIUM |
| Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors. | |||||
| CVE-2016-2245 | 1 Hp | 1 Support Assistant | 2016-03-22 | 10.0 HIGH | 9.8 CRITICAL |
| HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2015-8269 | 1 Fisher-price | 1 Smart Toy Bear | 2016-02-24 | 6.5 MEDIUM | 7.5 HIGH |
| The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number. | |||||
| CVE-2015-7938 | 1 Advantech | 4 Eki-1321, Eki-1321 Series Firmware, Eki-1322 and 1 more | 2016-01-18 | 10.0 HIGH | 9.8 CRITICAL |
| Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2015-6480 | 1 Moxa | 1 Oncell Central Manager | 2015-12-21 | 7.5 HIGH | 8.3 HIGH |
| The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrated by the addUserAndGroup action. | |||||
| CVE-2013-7183 | 1 Seowonintech | 1 Swc-9100 | 2015-12-18 | 7.8 HIGH | N/A |
| cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action. | |||||
| CVE-2015-7285 | 1 Csl Dualcom | 2 Gprs, Gprs Cs2300-r Firmware | 2015-11-25 | 5.8 MEDIUM | N/A |
| CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response. | |||||
| CVE-2014-2828 | 1 Openstack | 1 Keystone | 2015-11-04 | 7.8 HIGH | N/A |
| The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." | |||||
| CVE-2015-0670 | 1 Cisco | 15 Spa300 Firmware, Spa500 Firmware, Spa 301 1 Line Ip Phone and 12 more | 2015-10-22 | 6.4 MEDIUM | N/A |
| The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. | |||||
| CVE-2015-5649 | 1 Cybozu | 1 Garoon | 2015-10-09 | 7.0 HIGH | N/A |
| Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges. | |||||
| CVE-2015-5998 | 1 Impero | 1 Impero Education Pro | 2015-09-16 | 10.0 HIGH | N/A |
| Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command. | |||||
| CVE-2015-2978 | 1 Webservice-dic | 1 Yoyaku | 2015-07-29 | 5.0 MEDIUM | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation." | |||||