Total
4018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2925 | 1 Redhat | 1 Enterprise Mrg | 2025-04-11 | 4.6 MEDIUM | N/A |
| Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker. | |||||
| CVE-2013-3431 | 1 Cisco | 1 Video Surveillance Manager | 2025-04-11 | 7.8 HIGH | N/A |
| Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require authentication for access to VSMC monitoring pages, which allows remote attackers to obtain sensitive configuration, archive, and log information via unspecified vectors, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv40169. | |||||
| CVE-2013-5119 | 1 Synacor | 1 Zimbra Collaboration Suite | 2025-04-11 | 6.8 MEDIUM | N/A |
| Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token. | |||||
| CVE-2011-0453 | 1 F-secure | 1 Internet Gatekeeper | 2025-04-11 | 5.0 MEDIUM | N/A |
| F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not require authentication for reading access logs, which allows remote attackers to obtain potentially sensitive information via a TCP session on the admin UI port. | |||||
| CVE-2013-6012 | 1 Juniper | 1 Junos | 2025-04-11 | 8.5 HIGH | N/A |
| Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2011-2361 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Basic Authentication dialog implementation in Google Chrome before 13.0.782.107 does not properly handle strings, which might make it easier for remote attackers to capture credentials via a crafted web site. | |||||
| CVE-2010-4121 | 1 Ibm | 1 Tivoli Provisioning Manager Os Deployment | 2025-04-11 | 7.5 HIGH | N/A |
| The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only. | |||||
| CVE-2013-2954 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2025-04-11 | 5.0 MEDIUM | N/A |
| The login page in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 does not limit the number of incorrect authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2013-3039 | 1 Ibm | 1 Rational Requirements Composer | 2025-04-11 | 5.4 MEDIUM | N/A |
| IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors. | |||||
| CVE-2011-3463 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 7.2 HIGH | N/A |
| WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. | |||||
| CVE-2023-37266 | 1 Icewhale | 1 Casaos | 2025-04-10 | N/A | 9.8 CRITICAL |
| CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly. | |||||
| CVE-2022-43528 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-04-10 | N/A | 4.8 MEDIUM |
| Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned. | |||||
| CVE-2025-30361 | 1 Wegia | 1 Wegia | 2025-04-10 | N/A | 9.8 CRITICAL |
| WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts. Version 3.2.6 fixes the issue. | |||||
| CVE-2024-41589 | 1 Draytek | 2 Vigor3910, Vigor3910 Firmware | 2025-04-10 | N/A | 8.8 HIGH |
| DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. | |||||
| CVE-2022-47976 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | N/A | 7.5 HIGH |
| The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections. | |||||
| CVE-2022-47974 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | N/A | 6.5 MEDIUM |
| The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart. | |||||
| CVE-2023-0105 | 1 Redhat | 2 Keycloak, Single Sign-on | 2025-04-09 | N/A | 6.5 MEDIUM |
| A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them. | |||||
| CVE-2008-4037 | 1 Microsoft | 4 Windows, Windows 2000, Windows Server 2008 and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834. | |||||
| CVE-2008-5721 | 1 Sapporoworks | 1 Blackjumbodog | 2025-04-09 | 5.0 MEDIUM | N/A |
| SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-2059 | 1 Opera | 1 Opera Browser | 2025-04-09 | 6.8 MEDIUM | N/A |
| Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | |||||