Export limit exceeded: 362599 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362599 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362599 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-6066 1 Freesshd 1 Freesshd 2025-04-11 N/A
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
CVE-2013-4874 1 Verizon 1 Wireless Network Extender 2025-04-11 N/A
The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable.
CVE-2013-4875 1 Verizon 1 Wireless Network Extender 2025-04-11 N/A
The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt.
CVE-2013-2059 1 Openstack 1 Keystone 2025-04-11 N/A
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
CVE-2012-4411 1 Xen 1 Xen 2025-04-11 N/A
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.
CVE-2013-2067 2 Apache, Redhat 5 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 2 more 2025-04-11 N/A
java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
CVE-2013-6979 1 Cisco 1 Ios Xe 2025-04-11 N/A
The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and 03.03.xxSE incorrectly relies on the Linux-IOS internal-network configuration, which allows remote attackers to bypass authentication by leveraging access to a 192.168.x.2 source IP address, aka Bug ID CSCuj90227.
CVE-2011-4022 1 Cisco 1 Intrusion Prevention System 2025-04-11 N/A
The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 allows remote attackers to cause a denial of service (file-handle exhaustion and mainApp hang) by making authentication attempts that exceed the configured limit, aka Bug ID CSCto51204.
CVE-2012-4418 1 Apache 1 Axis2 2025-04-11 N/A
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
CVE-2013-1241 1 Cisco 27 1921 Integrated Services Router, 1941 Integrated Services Router, 1941w Integrated Services Router and 24 more 2025-04-11 N/A
The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025.
CVE-2013-6828 1 Pineapp 1 Mail-secure 2025-04-11 N/A
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.
CVE-2011-4016 1 Cisco 1 Ios 2025-04-11 N/A
The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673.
CVE-2013-4001 1 Ibm 1 Cognos Command Center 2025-04-11 N/A
Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie.
CVE-2013-2157 2 Openstack, Redhat 2 Keystone, Openstack 2025-04-11 N/A
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
CVE-2013-2192 2 Apache, Redhat 4 Hadoop, Jboss Amq, Jboss Fuse and 1 more 2025-04-11 N/A
The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication.
CVE-2013-2310 2 Softbank, Willcom-inc 13 Android Smartphone, Disney Mobile Android Smartphone, Mobile Wi-fi Router and 10 more 2025-04-11 N/A
SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi routers, SoftBank Android smartphones with the Wi-Fi application before 1.7.1, SoftBank Windows Mobile smartphones with the WISPrClient application before 1.3.1, SoftBank Disney Mobile Android smartphones with the Wi-Fi application before 1.7.1, and WILLCOM Android smartphones with the Wi-Fi application before 1.7.1, does not properly connect to access points, which allows remote attackers to obtain sensitive information by leveraging access to an 802.11 network.
CVE-2013-2313 1 Lockon 1 Ec-cube 2025-04-11 N/A
Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2013-4061 1 Ibm 1 Rational Policy Tester 2025-04-11 N/A
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors.
CVE-2010-4211 2 Apple, Ebay 2 Iphone Os, Paypal 2025-04-11 N/A
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
CVE-2010-1910 1 Consona 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance 2025-04-11 N/A
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.