Search Results (4273 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6148 1 Ibm 1 Tivoli Application Dependency Discovery Manager 2025-04-12 N/A
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL.
CVE-2014-6318 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2025-04-12 N/A
The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability."
CVE-2014-7807 1 Apache 1 Cloudstack 2025-04-12 N/A
Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.
CVE-2014-7879 1 Hp 1 Hp-ux 2025-04-12 N/A
HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.
CVE-2014-8763 2 Dokuwiki, Mageia Project 2 Dokuwiki, Mageia 2025-04-12 N/A
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
CVE-2014-8764 2 Dokuwiki, Mageia Project 2 Dokuwiki, Mageia 2025-04-12 N/A
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
CVE-2014-8896 1 Ibm 2 Infosphere Master Data Management Collaborative Server, Infosphere Master Data Management Server For Product Information Management 2025-04-12 N/A
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors.
CVE-2015-0607 1 Cisco 1 Ios 2025-04-12 N/A
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connection attempt with a blank password, aka Bug IDs CSCuo09400 and CSCun16016.
CVE-2015-1330 2 Canonical, Debian 2 Ubuntu Linux, Unattended-upgrades 2025-04-12 N/A
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
CVE-2015-2823 1 Siemens 6 Simatic Hmi Basic Panels Generation 1, Simatic Hmi Basic Panels Generation 2, Simatic Hmi Comfort Panels and 3 more 2025-04-12 N/A
Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC (TIA Portal) 13 SP1 Upd2, SIMATIC HMI Basic Panels 1st Generation (WinCC TIA Portal), SIMATIC HMI Mobile Panel 277 (WinCC TIA Portal), SIMATIC HMI Multi Panels (WinCC TIA Portal), and SIMATIC WinCC 7.x before 7.3 Upd4 allow remote attackers to complete authentication by leveraging knowledge of a password hash without knowledge of the associated password.
CVE-2015-2978 1 Webservice-dic 1 Yoyaku 2025-04-12 N/A
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."
CVE-2015-3775 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors.
CVE-2015-7285 1 Csl Dualcom 2 Gprs, Gprs Cs2300-r Firmware 2025-04-12 N/A
CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via a spoofed HSxx response.
CVE-2015-7361 1 Fortinet 1 Fortios 2025-04-12 N/A
FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain shell access via unspecified vectors.
CVE-2015-8269 1 Fisher-price 1 Smart Toy Bear 2025-04-12 N/A
The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.
CVE-2016-1000214 1 Ruckus 1 Wireless H500 2025-04-12 N/A
Ruckus Wireless H500 web management interface authentication bypass
CVE-2014-3053 1 Ibm 5 Security Access Manager For Mobile Appliance, Security Access Manager For Mobile Software, Security Access Manager For Web 8.0 Firmware and 2 more 2025-04-12 N/A
The Local Management Interface (LMI) in IBM Security Access Manager (ISAM) for Mobile 8.0 with firmware 8.0.0.0 through 8.0.0.3 and IBM Security Access Manager for Web 7.0, and 8.0 with firmware 8.0.0.2 and 8.0.0.3, allows remote attackers to bypass authentication via a login action with invalid credentials.
CVE-2016-2245 1 Hp 1 Support Assistant 2025-04-12 N/A
HP Support Assistant before 8.1.52.1 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2016-2286 1 Moxa 10 Miineport E1 4641, Miineport E1 4641 Firmware, Miineport E1 7080 and 7 more 2025-04-12 N/A
Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242 devices with firmware 1.1 Build 10080614, MiiNePort_E2_4561 devices with firmware 1.1 Build 10080614, and MiiNePort E3 devices with firmware 1.0 Build 11071409 have a blank default password, which allows remote attackers to obtain access via unspecified vectors.
CVE-2016-2300 1 Ecava 1 Integraxor 2025-04-12 N/A
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to bypass authentication and access unspecified web pages via unknown vectors.