Export limit exceeded: 352232 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4352 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6451 | 1 Lorextechnology | 4 Lnc104, Lnc104 Firmware, Lnc116 and 1 more | 2024-11-21 | 9.8 Critical |
| Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability | ||||
| CVE-2012-6340 | 1 Netgear | 4 Wgr614v7, Wgr614v7 Firmware, Wgr614v9 and 1 more | 2024-11-21 | 4.6 Medium |
| An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002. | ||||
| CVE-2012-3824 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization. | ||||
| CVE-2012-3462 | 1 Fedoraproject | 1 Sssd | 2024-11-21 | 8.8 High |
| A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context. | ||||
| CVE-2012-2714 | 1 Browserid Project | 1 Browserid | 2024-11-21 | 9.8 Critical |
| The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier. | ||||
| CVE-2012-1258 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2024-11-21 | 6.5 Medium |
| cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters. | ||||
| CVE-2012-10001 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2024-11-21 | 9.8 Critical |
| The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a lockout, which might make it easier for remote attackers to conduct brute-force authentication attempts. | ||||
| CVE-2011-4973 | 2 Mod Nss Project, Redhat | 2 Mod Nss, Enterprise Linux | 2024-11-21 | N/A |
| Authentication bypass vulnerability in mod_nss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password. | ||||
| CVE-2011-4628 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 9.8 Critical |
| TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request. | ||||
| CVE-2011-4338 | 1 Shaman Project | 1 Shaman | 2024-11-21 | 7.8 High |
| Shaman 1.0.9: Users can add the line askforpwd=false to his shaman.conf file, without entering the root password in shaman. The next time shaman is run, root privileges are granted despite the fact that the user never entered the root password. | ||||
| CVE-2011-4068 | 1 Packetfence | 1 Packetfence | 2024-11-21 | N/A |
| The check_password function in html/admin/login.php in PacketFence before 3.0.2 allows remote attackers to bypass authentication via an empty password. | ||||
| CVE-2011-2054 | 1 Cisco | 24 Asa 5500, Asa 5500 Firmware, Asa 5510 and 21 more | 2024-11-21 | 4.3 Medium |
| A vulnerability in the Cisco ASA that could allow a remote attacker to successfully authenticate using the Cisco AnyConnect VPN client if the Secondary Authentication type is LDAP and the password is left blank, providing the primary credentials are correct. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker must have the correct primary credentials in order to successfully exploit this vulnerability. | ||||
| CVE-2010-2496 | 1 Clusterlabs | 2 Cluster Glue, Pacemaker | 2024-11-21 | 5.5 Medium |
| stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. | ||||
| CVE-2002-2438 | 1 Linux | 1 Linux Kernel | 2024-11-20 | 7.5 High |
| TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. | ||||
| CVE-2024-11209 | 1 Apereo | 2 Cas Server, Central Authentication Service | 2024-11-19 | 6.3 Medium |
| A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-49376 | 1 Autolabproject | 1 Autolab | 2024-11-14 | 8.8 High |
| Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist. | ||||
| CVE-2024-47768 | 1 Lifplatforms | 1 Lif Authentication Server | 2024-11-13 | 8.1 High |
| Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3. | ||||
| CVE-2023-29117 | 2 Enel X, Enelx | 3 Juicebox Pro3.0 22kw Cellular, Waybox Pro, Waybox Pro Firmware | 2024-11-08 | 8.8 High |
| Waybox Enel X web management API authentication could be bypassed and provide administrator’s privileges over the Waybox system. | ||||
| CVE-2024-31800 | 1 Gncchome | 2 Gncc C2, Gncc C2 Firmware | 2024-10-30 | 6.8 Medium |
| Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. | ||||
| CVE-2024-7763 | 1 Progress | 1 Whatsup Gold | 2024-10-30 | 9.8 Critical |
| In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | ||||