Total
4273 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8006 | 1 Cisco | 1 Isb8320-e High-definition Ip-only Dvr | 2025-04-12 | N/A |
| The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422. | ||||
| CVE-2014-7879 | 1 Hp | 1 Hp-ux | 2025-04-12 | N/A |
| HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors. | ||||
| CVE-2014-7807 | 1 Apache | 1 Cloudstack | 2025-04-12 | N/A |
| Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. | ||||
| CVE-2013-4552 | 1 Drupalauth Project | 1 Drupalauth | 2025-04-12 | N/A |
| lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie. | ||||
| CVE-2014-6387 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | N/A |
| gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind. | ||||
| CVE-2014-6148 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2025-04-12 | N/A |
| IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. | ||||
| CVE-2013-4471 | 1 Openstack | 1 Horizon | 2025-04-12 | N/A |
| The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user. | ||||
| CVE-2014-5385 | 1 Shopizer | 1 Shopizer | 2025-04-12 | N/A |
| com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess passwords via a brute force attack. | ||||
| CVE-2014-5300 | 1 Adaptivecomputing | 1 Moab | 2025-04-12 | N/A |
| Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature. | ||||
| CVE-2014-5175 | 1 Sap | 1 Solution Manager | 2025-04-12 | N/A |
| The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. | ||||
| CVE-2013-4966 | 1 Puppet | 1 Puppet Enterprise | 2025-04-12 | N/A |
| The master external node classification script in Puppet Enterprise before 3.2.0 does not verify the identity of consoles, which allows remote attackers to create arbitrary classifications on the master by spoofing a console. | ||||
| CVE-2014-4882 | 1 Aptexx | 1 Resident Anywhere | 2025-04-12 | N/A |
| Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request. | ||||
| CVE-2014-4831 | 1 Ibm | 2 Qradar Risk Manager, Qradar Vulnerability Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors. | ||||
| CVE-2014-4631 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-12 | N/A |
| RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone (Authentify) functionality, conducts permanent device binding even when authentication fails, which allows remote attackers to bypass authentication. | ||||
| CVE-2014-4444 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| SecurityAgent in Apple OS X before 10.10 does not ensure that a Kerberos ticket is in the cache for the correct user, which allows local users to gain privileges in opportunistic circumstances by leveraging a Fast User Switching login. | ||||
| CVE-2014-4425 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| CFPreferences in Apple OS X before 10.10 does not properly enforce the "require password after sleep or screen saver begins" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation. | ||||
| CVE-2014-4325 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2025-04-12 | N/A |
| The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image. | ||||
| CVE-2014-4168 | 1 Kryo | 1 Iodine | 2025-04-12 | N/A |
| (1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering. | ||||
| CVE-2014-3944 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors. | ||||
| CVE-2014-3781 | 1 Dotclear | 1 Dotclear | 2025-04-12 | N/A |
| The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request. | ||||