Total
3234 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3780 | 1 Citrix | 1 Vdi-in-a-box | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. | |||||
CVE-2012-5032 | 1 Cisco | 1 Ios | 2023-12-10 | 6.4 MEDIUM | N/A |
The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation in Cisco IOS before 15.1(1)SY3 does not require authentication, which allows remote attackers to trigger the forwarding of VPN traffic to an attacker-controlled destination, or the discarding of this traffic, by arranging for an arbitrary device to become a cluster member, aka Bug ID CSCub93641. | |||||
CVE-2014-3895 | 1 Iodata | 12 Ts-ptcam\/poe Camera, Ts-ptcam\/poe Camera Firmware, Ts-ptcam Camera and 9 more | 2023-12-10 | 6.4 MEDIUM | N/A |
The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. | |||||
CVE-2013-6470 | 1 Redhat | 1 Openstack | 2023-12-10 | 5.0 MEDIUM | N/A |
The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. | |||||
CVE-2014-0643 | 1 Emc | 2 Rsa Netwitness, Rsa Security Analytics | 2023-12-10 | 7.6 HIGH | N/A |
EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name. | |||||
CVE-2013-4594 | 1 Payment For Webform Project | 1 Payment For Webform | 2023-12-10 | 4.3 MEDIUM | N/A |
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment. | |||||
CVE-2015-3457 | 1 Magento | 1 Magento | 2023-12-10 | 5.0 MEDIUM | N/A |
Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter. | |||||
CVE-2014-0138 | 2 Debian, Haxx | 3 Debian Linux, Curl, Libcurl | 2023-12-10 | 6.4 MEDIUM | N/A |
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. | |||||
CVE-2013-4580 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 6.8 MEDIUM | N/A |
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. | |||||
CVE-2014-4619 | 1 Emc | 1 Rsa Identity Management And Governance | 2023-12-10 | 9.3 HIGH | N/A |
EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid username. | |||||
CVE-2013-2756 | 2 Apache, Citrix | 2 Cloudstack, Cloudplatform | 2023-12-10 | 5.0 MEDIUM | N/A |
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. | |||||
CVE-2014-9045 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 5.0 MEDIUM | N/A |
The FTP backend in user_external in ownCloud Server before 5.0.18 and 6.x before 6.0.6 allows remote attackers to bypass intended authentication requirements via a crafted password. | |||||
CVE-2014-2047 | 1 Owncloud | 1 Owncloud | 2023-12-10 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2014-2341 | 1 Cubecart | 1 Cubecart | 2023-12-10 | 6.8 MEDIUM | N/A |
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter. | |||||
CVE-2015-2117 | 1 Hp | 2 Tippingpoint Security Management System, Tippingpoint Virtual Security Management System | 2023-12-10 | 7.5 HIGH | N/A |
HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI requests, which allows remote attackers to execute arbitrary code by (1) uploading this code within an archive or (2) instantiating a class. | |||||
CVE-2013-0191 | 1 Lucas Clemente Vella | 1 Libpam-pgsql | 2023-12-10 | 5.0 MEDIUM | N/A |
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password. | |||||
CVE-2014-8424 | 1 Arris | 1 Vap2500 Firmware | 2023-12-10 | 7.8 HIGH | N/A |
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | |||||
CVE-2012-0874 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2023-12-10 | 6.8 MEDIUM | N/A |
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer. | |||||
CVE-2012-5352 | 1 Josso | 1 Java Open Single Sign-on Project Home | 2023-12-10 | 5.8 MEDIUM | N/A |
Java Open Single Sign-On Project Home (JOSSO) allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack." | |||||
CVE-2013-3659 | 1 Nttdocomo | 1 Overseas Usage | 2023-12-10 | 3.3 LOW | N/A |
The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly connect to Wi-Fi access points, which allows remote attackers to obtain sensitive information by leveraging presence in an 802.11 network's coverage area. |