Total
3369 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-1434 | 1 Pete Werner | 1 Login Ldap | 2024-11-20 | 6.8 MEDIUM | N/A |
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password. | |||||
CVE-2003-1433 | 1 Epic Games | 1 Unreal Engine | 2024-11-20 | 4.3 MEDIUM | N/A |
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times. | |||||
CVE-2003-1343 | 1 Trend Micro | 1 Scanmail | 2024-11-20 | 7.5 HIGH | N/A |
Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | |||||
CVE-2003-0216 | 1 Cisco | 1 Catos | 2024-11-20 | 9.3 HIGH | N/A |
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | |||||
CVE-2002-2438 | 1 Linux | 1 Linux Kernel | 2024-11-20 | 5.0 MEDIUM | 7.5 HIGH |
TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. | |||||
CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2024-11-20 | 5.0 MEDIUM | N/A |
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | |||||
CVE-2002-2417 | 1 Acftp | 1 Acftp | 2024-11-20 | 10.0 HIGH | N/A |
acFTP 1.4 does not properly handle when an invalid password is provided by the user during authentication, which allows remote attackers to hide or misrepresent certain activity from log files and possibly gain privileges. | |||||
CVE-2002-2397 | 1 Symantec | 1 Sygate Personal Firewall | 2024-11-20 | 10.0 HIGH | N/A |
Sygate personal firewall 5.0 could allow remote attackers to bypass firewall filters via spoofed (1) source IP address of 127.0.0.1 or (2) network address of 127.0.0.0. | |||||
CVE-2002-2279 | 1 Aldap | 1 Aldap | 2024-11-20 | 10.0 HIGH | N/A |
Unspecified vulnerability in the bind function in config.inc of aldap 0.09 allows remote attackers to authenticate with Manager permissions. | |||||
CVE-2002-0563 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-11-20 | 5.0 MEDIUM | N/A |
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. | |||||
CVE-2002-0507 | 2 Microsoft, Rsa | 2 Exchange Server, Securid | 2024-11-20 | 2.1 LOW | N/A |
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA. | |||||
CVE-2001-1585 | 1 Openbsd | 1 Openssh | 2024-11-20 | 6.8 MEDIUM | N/A |
SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | |||||
CVE-2001-0537 | 1 Cisco | 1 Ios | 2024-11-20 | 9.3 HIGH | N/A |
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. | |||||
CVE-1999-0987 | 1 Microsoft | 1 Windows Nt | 2024-11-20 | 10.0 HIGH | N/A |
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. | |||||
CVE-1999-0680 | 1 Microsoft | 1 Terminal Server | 2024-11-20 | 5.0 MEDIUM | N/A |
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service. | |||||
CVE-1999-0366 | 1 Microsoft | 1 Windows Nt | 2024-11-20 | 7.5 HIGH | N/A |
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. | |||||
CVE-2024-47533 | 2024-11-19 | N/A | 9.8 CRITICAL | ||
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue. | |||||
CVE-2024-11209 | 1 Apereo | 1 Central Authentication Service | 2024-11-19 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an unknown part of the file /login?service of the component 2FA. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-52518 | 2024-11-18 | N/A | 4.4 MEDIUM | ||
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2. | |||||
CVE-2024-51996 | 2024-11-15 | N/A | 7.5 HIGH | ||
Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8. |