Export limit exceeded: 366897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12838 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6035 6 Gatehouse, Harris, Hughes Network Systems and 3 more 9 Gatehouse, Bgan, 9201 and 6 more 2025-04-11 N/A
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat; Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals does not require authentication for sessions on TCP port 1827, which allows remote attackers to execute arbitrary code via unspecified protocol operations.
CVE-2013-6012 1 Juniper 1 Junos 2025-04-11 N/A
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors.
CVE-2013-6006 1 Cybozu 1 Garoon 2025-04-11 N/A
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
CVE-2013-5944 1 Siemens 3 Scalance X-200, Scalance X-200 Series Firmware, Scalance X-200irt 2025-04-11 N/A
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which allows remote attackers to perform administrative actions via requests to the management interface.
CVE-2013-5163 1 Apple 1 Mac Os X 2025-04-11 N/A
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.
CVE-2013-5119 1 Synacor 1 Zimbra Collaboration Suite 2025-04-11 N/A
Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
CVE-2013-5038 1 Hot 2 Hotbox Router, Hotbox Router Firmware 2025-04-11 N/A
The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.
CVE-2013-5009 1 Symantec 1 Endpoint Protection 2025-04-11 N/A
The Management Console in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly perform authentication, which allows remote authenticated users to gain privileges by leveraging access to a limited-admin account.
CVE-2013-4965 1 Puppet 1 Puppet Enterprise 2025-04-11 N/A
Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.
CVE-2013-4877 1 Verizon 1 Wireless Network Extender 2025-04-11 N/A
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication, which makes it easier for remote attackers to obtain ESN and MIN values from arbitrary phones, and conduct cloning attacks, by sniffing the network for registration packets.
CVE-2013-4875 1 Verizon 1 Wireless Network Extender 2025-04-11 N/A
The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 allows physically proximate attackers to bypass the intended boot process and obtain a login prompt by connecting a crafted HDMI cable and sending a SysReq interrupt.
CVE-2013-4874 1 Verizon 1 Wireless Network Extender 2025-04-11 N/A
The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable.
CVE-2013-4304 2 Brion Vibber, Mediawiki 2 Centralauth Extension, Mediawiki 2025-04-11 N/A
The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote attackers to bypass authentication without a password.
CVE-2013-4213 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform 2025-04-11 N/A
Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.
CVE-2013-4061 1 Ibm 1 Rational Policy Tester 2025-04-11 N/A
IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check authorization for changes to the set of authentication hosts, which allows remote authenticated users to perform spoofing attacks involving an HTTP redirect via unspecified vectors.
CVE-2011-1898 2 Citrix, Redhat 3 Xen, Enterprise Linux, Rhel Eus 2025-04-11 N/A
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
CVE-2011-1901 1 Proofpoint 2 Messaging Security Gateway, Protection Server 2025-04-11 N/A
The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors.
CVE-2013-3060 2 Apache, Redhat 3 Activemq, Fuse Message Broker, Fuse Mq Enterprise 2025-04-11 N/A
The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
CVE-2013-3039 1 Ibm 1 Rational Requirements Composer 2025-04-11 N/A
IBM Rational Requirements Composer before 4.0.4 does not properly perform authentication, which has unspecified impact and remote attack vectors.
CVE-2013-2993 1 Ibm 1 Websphere Commerce 2025-04-11 N/A
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 does not properly perform authentication for unspecified web services, which allows remote attackers to issue requests in the context of an arbitrary user's active session via unknown vectors.